I initially posted this over on networking@lemmy.ml, but that community is more dead than some of the animals in my freezer. So you may have seen it over there in the last few hours.

TLDR: While I know that the following will work, I’m looking for feedback on my proposed solution in regards to best practices and possibly an idea about establishing logging. If you think I’m way off target, then by all means tell me so and what you propose instead.

With all that said, I present you with the following wall of text, read at your own peril but thanks if you lend me the time to answer my post :-)

I have a classroom that doubles as a lab for my soon to be IT-supporters, devops, and operations specialist apprentices. My main subject is CCNA introduction to networking and some Windows Server configuration. And while I’ve been teaching for 10 years, I fear my real world IT experience has slipped.

The classroom is equipped with about 16 tables, and preferably a single student pr table – depending on the number of applications, some tables can host 2 students for the first month or two. So, the infrastructure must fit at least 32 students and a teacher.

Currently the setup is an extremely old cisco 1812 router running a NAT, and routing between the school’s network, and an internal classroom LAN. Each student has a /24 scope on a /16 net and is instructed to create their own LANs using SoHo-equipment. There’s no routing setup internally in the classroom, other than the students individual SoHo router/switch/AP.

It really is just a 1812 with a single fastethernet connection to a 24port 2950 (yes, that was a 5 not a 6 in there) and some extra switches daisy chained together to reach a row of tables going down the middle of the room.

We have a literal van-load of ancient cisco gear for use in our labs. This is also the gear we’re using for the current classroom infrastructure. It works, not great, but it gets the job done.

What is changing? We have arranged to have a public IPv4 routed to a gigabitethernet port in the classroom. That port will be the only wired link out of the room. There will be no change in the service on the school administered WLANs. They are still usable for staff and students, both with school administered equipment and BYOD.

While we do have a lot of gear, the newest bit of kit is some 1941 routers, that we got at auction and don’t have any service agreements on, so no updates for them – and we’re not switching to newer cisco gear for obvious reasons that rhyme with money, DNAC and supply chain woes. I don’t know about you, but I don’t really feel like exposing the existing equipment to the wild west of a the internet.

All this boils down to the following conclusions:

  • I have to build something new and
  • Most likely make a purchase recommendation for my admin.

Requirements:

  1. 33 clients must be able to connect to the internet.
  2. 33 clients must be able to connect to each other.
  3. All traffic going to and from the internet must be filtered.
  4. Filtering must be relatively simple to configure.
  5. Filtering must be able to stop the most common p2p-protocols and workarounds. I want to teach, not have to deal with DMCA letters all the time.
  6. Both external and internal traffic should be monitored and logged to help hunt down individuals that somehow bypass the filtering. Speed degradation is not too much of a concern – We can live with 100Mbps or less, if we can have metadata logged, but faster would be nice.
  7. Silent equipment would be nice to have, as it will most likely be positioned about a meter from my ear when sitting at the desk in the classroom, on account of the internet-connected port.

What I’m considering presently is a MikroTik solution consisting of

  • 1x CCR2004-16G-2S+PC, running individual networks for 12 students and the teacher, as well as being the gateway out.
  • 1x CRS326-24G-2S+IN, a managed L3 switch, which will route the remaining 20 student networks and connect to the CCR2004 with a 10G fiber.
  • 2x S+85DLC03D, one in each of the above, and a bit of multimode LC-LC fiber.

All in all I’ve sourced this from a single vendor for about 700USD with a week’s lead time. But I’ve got nothing in regard to logging.

  • vettnerk
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 年前

    I was following you until the question about specific hardware arose. There I am pretty much in the same boat as you.

    The general setup is sound enough, although I am saddened to see that old cisco stuff go.

    As for logging, it seems that the mikrotik hardware you specified supports logging via rsyslog. Is that a viable option for you?

    • I_teach_networkOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 年前

      Oh, but the old cisco stuff isn’t leaving the premises. We’re only pulling it from active duty so to speak. It’ll go back into the lab equipment pool. And the other stuff is staying as well. I mean the 2950 switch and 1800 series routers are fine for our labs - it’s basic configuration, we don’t even do VLANs at this level. And the 2950 will even slap the students with a ruler if they mess up their cable types, as it doesn’t support automdix.

      Rsyslog actually seems to be just the thing. I’ll just find some suitable hardware for a silent mySQL server, connect it directly to the router, and have the router throw select metadata at the server. That could work.

      I hope someone has an idea about how much storage I’ll need. If I had to back of the envelope this calculation, then this is my thought process. If the students are going full throttle on the 1gig connection, then they’re pulling 125MB each second, if that’s all 1518B frames, then I need to store 82400 data points each second and if it’s 64B frames then just short of 2 million. Hopefully it will be large frames mostly. But let’s assume a mix and 100k packets will need to exit the network each second for 6 hours each day. That’s 8.64x10^9 data points each day. The students are there 5 days a week and then it’s 43.2x10^9 data points. Assuming no compression and juat a 32bit time field, src and dst IPv4 address and ports, that’s 128bit per data point or 644GB each week. I’ll probably want to be able to go back a month at least. So I’ll need 3 TB fast storage, 32GB RAM, maybe 128GB because then writes at peak usage can be cached, and 4 or 8 CPU cores, in a silent package. This is starting to sound like the most expensive part by far.

      • vettnerk
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 年前

        Do you need to log every packet, though? Plus, I’m sure log rotation will let you save on a lot by discarding older stuff.

        • I_teach_networkOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 年前

          You know those moments where your own ignorance amazes you? That just happened to me. Of course, you’re right. I don’t care about individual packets, I care about logging connections. If I can show connections by each user coupled with some metadata like port numbers and dst IP address, then I will be able to investigate any complaints.

          That may just have reduced the requirements of the rsyslog server, enough for shaving 30 or 50% off the cost of that machine.