DSL Hardware for Wiring Condos?

Condo-Netwerk asks: "I'm trying to prepare a proposal for my condo building to be our own DSL provider. With 160 units, we should be able to get a T1 and keep the price fairly low. But what's the up-front cost? Which hardware should we use? What do we need to know about Copper Mountain, Avidia, etc. to do our due diligence prior to selecting hardware? I'm also helping a friend spec cabling for a new 30-unit condo building he's putting up; he wants to pull cat5 and split a DSL line from the phone room to each unit. Caveats? Experiences? Is it better to use cat6 or fiber?"

My advice

[wowbagger]

Here's my advice, for what it is worth:

1) Don't put DSL to each unit - pull CAT-5 and run Ethernet. Your residents will have a much easier time getting hardware than with DSL, and your costs will be less.
2) Pull the wire to a common router closet.
3) One port per unit
4) Lock down the ports that aren't being used.
5) Use DHCP to assign addresses.
6) Set up your own caching server. I would recommend using Squid.
7) Force all outbound port 25 (SMTP) through your mail server.
8) Run a virus scanner on your mail server. Scan all incoming AND outgoing mail.
9) Don't route the Microsoft file sharing ports or Apple Rendezvous ports between units.
10) Insist customers keep their machines virus free. Disconnect any who don't IMMEDIATELY.
11) Write into your rental contracts that you ARE NOT RESPONSIBLE for maintaining your customer's machines or security - if they are scared let them run their own firewall.
12) Offer your own space, accessible to your users, with virus scanner updates, MS patches, and so on. Encourage them to use that to save bandwidth.
13) Routinely sniff around for WAPs. Handle them as you see fit - disconnect, or verify they are set up sanely. Don't ignore them.

Many will disagree with some of my points (esp. 7 and 9). Ask yourself this: do I enjoy being blacklisted for spamming?

Re:Why DSL?

[raider_red]

I'd agree with this comment. With DSL, you'd basically need to set up a telephone switching office on sight. As an alternative, you can set up an all ethernet system where everything is connected via router to the T1 line, or you can set up several wireless access points and hook them up to the same router, and save a lot of trouble running a CAT5 cable to every unit.

Wiring for Ether Expensive

[shylock0]

If I understand the original post, wiring for ethernet, at least in his 160 condo set-up, would be extremely expensive: depending on the geographical distribution of the condos, installing Ethernet could be on the scale of hundreds of thousands of dollars. I recently helped consult with a University who wanted to upgrade all two dorms from 10bT to 100bT, and rewire with Cat5e. Just rewiring -- conduits already dug and easily accessible, mind you -- was going to cost them $50,000-$80,000 for two hundred dorm rooms.

Anyway, the advantages of DSL should be obvious: no new cable needs to be laid. You can just install the DSL equipment at the central phone switch of the condos, and then give each resident a DSL modem. Much simpler, much cheaper.

But I agree -- a T1 isn't going to cut it for 160 heavy users. If you only expect moderate use, you might be able to squeak by. I'd combine multiple T1s (better redundency) or spring for a T3 (nominally cheaper per megabit). The choice is yours.

-Shylock

too tight, ditch the extra M$ work.

[twitter]

Cat 5 is a good idea, but you might provide your neighbors with more than DHCP if you can. The single port - non routable address thing would suck for anyone who wants to use more than a single computer or serve content. "locking down unused ports" and forcing all outbound SMTP though your own mail server is equally obnoxious. What you would be providing is a faster browsing experience for a single user in each place rather than Internet Service. That's a terrible waste of a T1 or whatever your upstream service is.

It's amazing how far out of their way people will go to support Microsoft's crap. More than half of your list is Microsoft specific. Realize also that #10, " Insist customers keep their machines virus free. Disconnect any who don't IMMEDIATELY." eliminates the need for most of the other M$ virus precations, especially the silly M$ patch server which could get you a BSA visit. Why bother when you could recomend Linux or a Mac?

All small ISPs are going to be blacklisted by AOL/MSNBC regardless of how well or poorly you treat your users.

Re:too tight, ditch the extra M$ work.

[freeweed]

It's amazing how far out of their way people will go to support Microsoft's crap. More than half of your list is Microsoft specific.

How'd you come up with this? Only one thing even mentioned Microsoft, and also mentioned Apple in the same breath. Let's see:

1) Don't put DSL to each unit - pull CAT-5 and run Ethernet. Your residents will have a much easier time getting hardware than with DSL, and your costs will be less.

OS independant.

2) Pull the wire to a common router closet.

OS independant.

3) One port per unit

OS independant.

4) Lock down the ports that aren't being used.

OS independant.

5) Use DHCP to assign addresses.

OS independant.

6) Set up your own caching server. I would recommend using Squid.

OS independant.

7) Force all outbound port 25 (SMTP) through your mail server.

OS independant.

8) Run a virus scanner on your mail server. Scan all incoming AND outgoing mail.

Ok, *most* viruses are Windows-based. Most != all, however.

9) Don't route the Microsoft file sharing ports or Apple Rendezvous ports between units.

Again, mostly a Microsoft issue.

10) Insist customers keep their machines virus free. Disconnect any who don't IMMEDIATELY.

Remember, there are viruses for every platform out there.

11) Write into your rental contracts that you ARE NOT RESPONSIBLE for maintaining your customer's machines or security - if they are scared let them run their own firewall.

OS independant.

12) Offer your own space, accessible to your users, with virus scanner updates, MS patches, and so on. Encourage them to use that to save bandwidth.

There have been an order of magnitude more patches for my RedHat box this past month than for all versions of Windows combined. And most Windows patches have little to do with viruses, although many of these vulnerabilities do end up being exploited by worms at some point.

13) Routinely sniff around for WAPs. Handle them as you see fit - disconnect, or verify they are set up sanely. Don't ignore them.

Has nothing to do with what OS people run.

Of course, this doesn't even touch on the fact that the reason people spend so much time supporting Microsoft products is that Windows/Office/etc are 90%+ of their respective markets. Duh, you kind of have to. It's all fine and dandy to be an OSS zealot, but when you're trying to provide a service to people, it's rather impractical to just say 'run what I tell you to run'. That sort of thinking is why we hate Microsoft in the first place, remember? :)

Re:too tight, ditch the extra M$ work.

[Zathrus]

but you might provide your neighbors with more than DHCP if you can

Why? They can use NAT. You probably are... or are you actually going to get a class C subnet for your condo association? I wouldn't bother - it's not worth the time and money.

It does screw anyone trying to serve content, but I'm not sure that I'd care that much.

More than half of your list is Microsoft specific.

Uh... no it wasn't. There were 3 points that could be considered MS specific (8, 10, 12), and I'd dispute #8. There are Mac and Linux viruses out there. If either becomes a significant user base then there will be far, far more.

No, 7, 9, and 11 are not MS related. Number 7 deals specifically with spam. Number 9 is basic security and privacy. Number 11 is true regardless of OS -- or have you never heard of script kiddies and rootkits?

The patch server wouldn't get them a BSA visit either, you're allowed to redistribute patches.

In any case, welcome to the Real World, where 95% of all systems will be Windows. If you don't take precautions against that then you're just an idiot.

Less zealotry, more reality.

My Apartment

[Globe199]

My apartment complex is its own ISP. They installed ethernet in their buildings in 1996, starting with two T-1 lines.

With approximately 1000 total residents for all the buildings, this setup worked fairly well at first because not very many people had computers that were network-ready.

Around late 1999, the network began slowing down. A year later, streaming video was impossible, and by late 2001, I was better off using a dialup. It was BAD.

About a year ago, they added two more T-1s, and it's been smooth sailing since. There are about 400 people in my building, maybe 500 in the next, and 100 or so in the other places. The network is almost always fast. Obviously this is due to adding the extra bandwidth. One can assume that the user-base has reached its saturation by now (almost everyone has a computer with a NIC, since it's a student-oriented place), so they probably won't have any more speed problems.

They banned Kazaa and Morpheus, and apparently that helped. They don't give you an e-mail address or server space. They simply provide network connectivity. It's actually not a bad deal -- at $100/year, it's as fast an any cable modem or DSL connection.

I think two T-1s would probably be alright for only 160 units. And I might recommend Cat-5E wiring. We just rewired my work's building with about 500 data ports, using 5E. Everything is gigabit ready. Sure, 100-base-T is fast, but are you gonna want to rewire the whole damn place in five years when you want gig? Probably not. It cost us $120,000 for those 500 data ports and about 300 voice ports. Plan ahead!

Globe199

Combo 10/100/1000 + fiber

[Charcharodon]

Check out Dlink's site. You can wire the individual buildings with 10/100 and then use fiber to connect them to a central router for the T1. The prices are down in the range of reasonable for the switch that have 10/100 and a pair of fiber ports. You'd have plenty of speed and distance wouldn't be much of an issue.

DSLAMs are cheap and plentiful!

[isdnip]

First off, I do this type of thing for a living, as a consultant to the CLEC and ISP trades, so I know a thing or two about the DSL market. Please, please, ignore the consensus of the Slashdot crowd who want you to pull Ethernet! They imagine that they'd want the better speed, but as a provider, you have to face reality. DSL has real advantages:

1) It lets you control the top speed. I suggest that the top speed to a user be less than half of your feed speed. A company I work very closely with has almost 200 DSL lines in a luxury condominium. They feed it with only two T1s. That's quite adequate! They have to pay for that bandwidth -- backbone ISP service isn't cheap, and the T1 loops into the condo aren't free either. Of course they only provide 700 kbps service. Sure, people might like more, but the competition is dial-up, and price matters.

2) DSL tolerates long wire. It can go a few miles, after all -- even a sprawling condo complex is a short hop for DSL. Ethernet tends to be pickier.

3) ADSL can share wire with telephone. You might be able to piggyback onto the phone wire. (A CLEC can; whether you can is a different issue.)

4) DSL is cheap! Lots of providers tanked, leaving good working gear on the secondary market. A 500-line Lucent Stinger can be had for $12k; a 200-line ADSL DSLAM is maybe half that. SDSL needs its own wire pair (can't share phone like ADSL) but the DSLAMs are a glut on the market, much cheaper than even that. Check eBay, telephone.com, etc.

I'd be happy to talk more about this offline (isdnip at netscape dot net)....

Support, NAT and the Future

[AndyBarrow]

Here are my 2 cents worth. I've been in and around this stuff for 26 years (and yes, I do have, what used to be prematurely, grey hair):

1. Put in CAT5, or even CAT6 if you can afford it. Put in twice as much as you think is reasonable. Get it certified and tested. Next time you think you need just those couple of extra pair, you won't regret it. The big hit in any infrastructure installation is labor - you are going to spend about as much for labor to have two CAT6 cables pulled in to a jack as you would pay to have one CAT5.

2. NAT would be a pain in the ass for your users if they want to do anything more complex than web browsing and mail. This sounds like a multi-year project - what do you think people are going to be doing with the Internet in two years? Doing SIP telephony, H.323 multimedia, etc. etc. through a NAT connection borders on impossible for an average user.

3. No matter what you think the skill level is of your users, cut it in half. People seem to get dumber than dirt when they get home at night. I have personal experience - I'm living in a residential compound in Kazakhstan right now. I spend my days working for the Man, nights dealing with residents who stuck floppy disks to their fridges with magnets.

4. All the cool stuff like web cache, proxy servers, even community web sites are very nice. With every single item, just think about who is going to support those things after you make your fortune and move to a grass hut in Tonga? KISS in all things.

5. On the subject of support - residents are 24/7/365. When the Smith family can't have that video conference with Grandma on Christmas morning, who they gonna call? Set up a well understood service level agreement that every resident signs. Make it simple, but clear. The rule of thumb is that if it can be explained in an elevator between floors, it's about right.

6. Fiber isn't that expensive, and there are some cool devices available now for doing lots of fun things with it. Investigate using it for house distribution. In 5 years when those 2mb DSL connections become passe', and folks start wanting those 10-20mb connections, they will look at your portrait on their mantle and smile.

7. Here's a turnaround for you: Have you thought about cable modems? Not only can you do a few channels for high speed data, you can also do digital TV distribution, and telephone distribution. What if the folks had a TV channel for the community front gate, so they could see when the mother-in-law is coming?

Have fun - this if obviously a passion for you. On those all-nighters when you are trying to solve some stupid routing problem, remember it was YOUR idea.

Andy