A Switch Even a Penguin Can Love: QoS, User Management and More
Last week we took a look at the advantages of managed Ethernet switches over dumb switches. Today we are going to run through a batch of networking chores that become easier when they're handled by a smart switch: controlling bad users, QoS, and link aggregation for fat bandwidth on the cheap. I'm using the low-cost, good-quality Netgear ProSafe GS108T 8-port smart switch as my spokesmodel. It's not Cisco, but for $100 it's a great bargain. If you're using a different switch it won't have exactly the same configuration interface, but the various switches aren't all that different, so once you learn one you pretty much know all of them.
I'm using the terms "smart" and "managed" switch interchangeably. In general a smart switch has fewer features and is less expensive than a managed switch, but since they're fuzzy marketing terms I don't worry about being precise.
Cut 'em Off Fast
There may come a time when you have to kick a user off the network right now. Maybe their PC has become assimilated into the World Wide Botnet, or they're spending all of their time playing World of WarCraft, or they're fulfilling a grand ambition of becoming a warez mogul. Whatever they're doing, you want them off and you want to keep them off. You could use cutter or tcpkill. But these won't keep a user from getting back on the network. You could write some iptables rules. But there is a lot to be said for having a physical plug to pull, so one way is to unplug them at the switch. (You did label your cables, didn't you?) The other way is to enter the switch's Web control panel and turn off their port. Easy as pie, and the user can't do a thing about it. For our Netgear GS108T, it looks like Figure 1.
Notice how you can change the port description to anything you want, such as this-usr-is-trouble.
QoS the Easy Way. Maybe.
Ethernet switches pass your bits through according to FIFO— first in, first out. For some services you want to give some bits priority and let them cut to the head of the line; for better VoIP call quality, streaming media, or anything that requires low latency. Historically Linux admins have had to struggle with some powerful but rather difficult tools: tc and iptables. There are some tc-based scripts such as CBQ-init and Wondershaper that make it easier. But having the right switch gives you all kinds of control without having to spend days in deep study. Though it may take some deep study just to figure out which checkboxes to use in your switch control panel; I haven't seen one yet that comes with a decent manual. You'll get a nice big manual, usually over a hundred pages, but they like to describe the switches and levers, rather than describing how to accomplish tasks.
On our example Netgear switch, refer again to Figure 1. You'll use each port's configuration page to set its default priority, from 0-7. These are from the IEEE 802.1p standard, which is the LAN Layer 2 QoS/CoS (Quality of Service/Class of Service) Protocol for Traffic Prioritization. This only works on packets without priority tags; if they already have priority tags, the switch will use those. This table describes the different priorities:
This is an extremely simple form of QoS, because everything that passes through the port is assigned the same queuing priority. You cannot assign different priorities to different services or protocols, but it's not a bad deal for a small network. As you move up the price ladder, you get more flexibility and control, and can tailor your QoS for specific services and protocols.
802.1p is a LAN-only standard- the 802.1p priority tags are lost when LAN frames are converted for transmission over a WAN. WAN QoS is a Layer 3 function. Yes, sometimes knowing the OSI network layer model is actually useful, though I think the five-step version models modern networking more accurately. WAN, which for most of us means Internet, QoS is a bit of a joke with IPv4 anyway, because v4 QoS is not implemented in any kind of standard way, so most routers ignore the QoS flag. If you need QoS over your own WAN or the Internet, talk to your service provider and see what they can do for you.
Just to add a spicy dollop of pointless confusion, the QoS menu on the Netgear control panel does not let you configure per-port QoS or anything useful like that, but rather it maps the 802.1p priority tags to the switch's four internal hardware priority queues, which are High, Normal, Low, and Lowest. I can't think of any reason to change the defaults, but it's there if you want to.
Link Aggregation, or, Bundling Skinny Pipes to Make Fat Pipes
Link aggregation means bundling Ethernet links together to get more bandwidth, and for failover. Suppose you have a busy LAN server that's so busy the choke point is the network, which not an uncommon scenario in this happy era of 3 gigabits-per-second SATA drives. You could install a two-port Ethernet adapter on it, which typically includes link aggregation and automatic failover, aggregate the corresponding two ports on your sleek smart switch, and voila! Twice the bandwidth instantly. Well, not exactly, because you'll have all the usual networking overhead. But it's an easy way to build fatter pipes, and you can scale up as you need. The Linux kernel supports bonding Ethernet interfaces, so you could also bond ordinary inexpensive single-port NICs.
First let's look at how to aggregate switch ports. On the Netgear it's a Fun Challenge because the Web interface hides the port numbers, as Figure 2 shows.
They are numbered 01-08 from the top down. Select whatever ports you want to aggregate, and then turn on LACP, which is the Link Aggregation Control Protocol. If you get mixed up, just delete it and start over.
Now you need to bond your corresponding Ethernet interfaces. These must all support the same speeds and type of duplexing, but they don't have to be the same brands. I already wrote a detailed howto on this, and miraculously it's still relevant and not outdated by some fancy new kernel release, so there you go. The cool part is if you purchase a smart switch that has 802.3ad support, which is virtually all of them, you won't have to hassle with balance-alb mode, but can do it the right way.
That wraps up our introduction to smart switches for the masses. Next week we'll start in on how to set up VLANs, which are very cool but a bit mind-bending to configure the first time. But after you've done it once, you'll never go back to boring, inflexible old physical subnetting.