Overclock.net banner

Dataparty with 100-120 participants

1K views 31 replies 9 participants last post by  michael_sj123 
#1 ·
Good morning,

We are going to arrange a dataparty for the second time in March, and we'd like to do something way better network-side than we did last time. Last time we used a bunch of "10/100/1000 PRO NETWORK 019191" switches which didn't give us much control over the network. We also used a pfSense firewall which worked quite nice.

This time we are going to do something much better network-side, so we have decided to purchase the following for the network:
- 1x Cisco SB 200 16 x Gigabit + 2 SFP as the coreswitch
- 1x HP ProCurve Switch 1810-24G as the switch that connects everything to the core
- undecided amount of HP ProCurve Switch 1410G-16s as edge/tableswitches

We will use a pfSense firewall this time aswell, but I have a few questions regarding monitoring and setup of everything here, just so we get everything straight.

First off, we are going to run some sort of network overview/monitoring so we can see what's actually happening, the core and the switch that connects everything has SNMP afaik, so we will be using something like Cacti or PRTG to monitor - do you know of any other programs that we can use (preferably with auto-discovery) to monitor the network?

I am also quite worried about skiddies screwing around with sniffers and whatnot, maybe even pull off a DoS against our equipment - how would we detect/block this kind of stuff? I know that we can setup a port to mirror everything on, then run Snort on one of our servers to detect it - the problem is that the amount of pps is probably going to be huge, and I doubt the hardware we have at hand will be capable of handling it, ideas?

Last but not least, how would you go on blocking/restricting p2p? We have been thinking of going the approach of setting up queues in pfSense, finding the ports for the most played games (or every game..) and placing them in the Premium queue, then we set up web and everything else in the Prioritized queue, and then we send all other (unknown) traffic to the Other queue where it would get limited to 300 - 400 Kbit/s. Is there any other way of doing this?

So basically, any ideas/programs or anything really is really appriciated.
 
See less See more
#2 ·
Sounds like you have a good grasp on it.

I personally use Cacti at home and I find it's confusing at first. But it's a very powerful tool to monitor your systems. Your idea for pfSense is great. Using the queues and placing the games that are in demand ontop. You can also set speed limits too, so if you find you want to block youtube lets say, just set the speed limit to 1k/sec.

You could also place an Untagle box after your pfSense machine. Use this to filter traffic. So no porn or such.

Good luck!
 
#3 ·
Just my two cents, but I think the SB200 is a little low end for 100-120 participants. For what you're doing, that's a lot of workload on that switch. I've seen the SB200 pass a lot of data and literally shutdown due to overheating. I'd go with a heavier duty Cisco Catalyst Gigabit for your core.

Otherwise, I agree with your methodology. For network scanners or any internal DDOS attack, with good switches, you can shut that down on the switch level using BPDU Guard where they surpass a threshold and their port goes into error-disable. And when they say their internet doesn't work, you know where to look for the perp.
 
#4 ·
Quote:
Originally Posted by wgman003 View Post

Just my two cents, but I think the SB200 is a little low end for 100-120 participants. For what you're doing, that's a lot of workload on that switch. I've seen the SB200 pass a lot of data and literally shutdown due to overheating. I'd go with a heavier duty Cisco Catalyst Gigabit for your core.
Otherwise, I agree with your methodology. For network scanners or any internal DDOS attack, with good switches, you can shut that down on the switch level using BPDU Guard where they surpass a threshold and their port goes into error-disable. And when they say their internet doesn't work, you know where to look for the perp.
Any other switches you can recommend as the core except of the Catalysts?
 
#6 ·
Quote:
Originally Posted by wgman003 View Post

I my main experience is with Cisco but comparable models (from white sheets I've read)
Juniper EX 2200 series and up - http://www.newegg.com/Product/Product.aspx?Item=N82E16833272091&Tpk=Juniper%20EX%202200
HP Procurve 2500 series - http://www.newegg.com/Product/Product.aspx?Item=N82E16833316154
Dell - Not sure off the top of my head.
Do you know if the "HP ProCurve Switch 2510G-24" is easy to configure & setup? I mean, is it just connect the console cable > set ip on switch > connect other cables > good to go?
 
#7 ·
You can get older 10/100 catalyst switches that are 48 port on the cheap. They are nothing extraordinarily speedy, but are reliable. Also getting a used 4006 chassis + couple of 48 port modules would be perfect for this. Heck Id give you one of my spares if it weren't for shipping
biggrin.gif
 
#13 ·
Quote:
Originally Posted by ipv89 View Post

but what do you do at one
Play games...

@OP - If you want to block P2P why not just use layer 7 filtering for the protocols, your solution with ques is elegant but to me seems more complicated than it needs to be...
 
#15 ·
I don't get it... Why are you making a core , distribution , and access layer for 120 machines? You are not going to get any benefit either out of the distribution or core switch. You also realize since this is only going to be around 120 devices, this means one /24 subnet. That means there will not be any traffic going up to the layer three switch. Everything will be switched at layer 2.

I am also trying to figure out where the PFSense firewall is going to come in. The only thing I can see it used for is internet traffic. Remember the firewall would be the gateway or just another all zeros hop for the switches. No game play would make it to the firewall either.

I think we need more explanation on how exactly you want to set this up.

+1 to cacti...
 
#16 ·
With 100-120 clients on a single network, on those types of switches, and the data they'll be pushing. The network broadcasts get would loud. I'd subnet it out if I could, maybe /26. It'd reduce the chances of any dos attack that would take out the entire network. And in that case if an outage takes place, it's makes it easier to locate

I'd personally do a /26 and organize 4 rooms with ~ 30 people per room. This allows extra space for a person to have 2 IP addresses.. Computer/Laptop or File Server.
 
#17 ·
Quote:
Originally Posted by wgman003 View Post

The network broadcasts get would loud. I'd subnet it out if I could, maybe /26.
There will always be broadcasts though. I work with /22 client networks on a daily basis without issue. The only thing I would suggest to protect the internet and your servers is to probably just make a /24 for your clients (10.10.10.0/24) and then something small like a /28 for the servers, and put the PFsense as your gateway between the 2 subnets, forcing all traffic to travers the firewall. Just need to make sure the firewall is ready for Gbit+ speeds..
 
#18 ·
@Thorn-Blade: Basically we are going to have the switches in that order because it will be mostly internet play, we will only be hosting the composervers locally. The coreswitch we chose was chosen because of it's good reviews and it's stability it seeing as the Cisco we originally planned on using might overheat (and because it's Linksys rebranded.....). The pfSense will only be there to route traffic in/out of the premises during the event, and to act as a firewall to stop torrenting (as I expressed concerns about in the OP). The switches was also chosen because I have good experience with HP, they make good switches with good stability.

@wgman300: I am afraid I do not know how to subnet this. The ISP will (most likely) be giving us one /24 block of public IP's, nothing more and nothing less, this is what they have always done and it's been working quite good in the past (and on our previous events).

@herkalurk: The firewall (pfSense in this case) will be equipped with good quality Intel gigabit cards, might also purchase two more of them and trunk them together for 2Gbit and run load balancing over them to the core if needed.

As I said, I honestly have no idea how to subnet this stuff, any help will be appriciated, for instance, would this require change in our equipment (ordering of more switches), changing of the firewalls placement, the ISP's routing? The plan on the network is this:

ISP ---> Cisco switch (not ours) ---> pfSense ---> Core ---> Distribution-hall ---> edgeswitches on tables
 
#20 ·
- No need to break this up for broadcast storms. We use /24s in our enterprise data centers as do most large companies.

- As far as DOS attack goes... If it comes in from the outside, it will take down the entire thing no matter what you do on the inside. Do you really have an issue with someone on the inside kicking one of these off? I would think you would kinda know the people you invite or is this something open to the public?

You still have not explained enough to warrant a core and distribution switch..... In you diagram below, what "EXACTLY" is the Core switch there for?

ISP ---> Cisco switch (not ours) ---> pfSense ---> Core ---> Distribution-hall ---> edgeswitches on tables

You only need a collapsed core which combines the functions of a core and distribution switch. The only time you need a dedicated core switch is if you have multiple distribution blocks.

Proposed: ISP ---> Cisco switch (not ours) ---> pfSense ---> disto ---> edgeswitches on tables

You said you wanted something more complex from last time... Do you know what type of switching you are going to be doing at each layer? (Layer 2, Layer 3, or Layer 2/3?)
 
#21 ·
The coreswitch is there because we need something to link together all our "areas" with, the distribution switch is only there because we'd rather not chain the switches (Switch1 -> switch2 etc etc). We have three "areas" which needs to be connected, the staff area, participant area, server area and the wireless AP. We also chose to have a core so that we don't have to make a lot of long cabling to go to <-> edgeswitches
 
#23 ·
Quote:
Originally Posted by michael_sj123 View Post

The coreswitch is there because we need something to link together all our "areas" with, the distribution switch is only there because we'd rather not chain the switches (Switch1 -> switch2 etc etc). We have three "areas" which needs to be connected, the staff area, participant area, server area and the wireless AP. We also chose to have a core so that we don't have to make a lot of long cabling to go to <-> edgeswitches
ok.... i assumed your "Distribution-hall" switch is where all your edge switches were going to be tied back to...
 
#25 ·
It makes sense what you're doing with core and edge switches, not sure why people are objecting.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top