On Mon, 24 Jan 2000, Paul D. Robertson wrote:
> On Mon, 24 Jan 2000, David Lang wrote:
>
> > wait a min, unless you have more then 2 T-3 lines 100Mb full duplex
> > ethernet will not be your limit. with a switched network your firewall
>
> The point wasn't throughput, it was collissions on the NIC and buffering.
>
> > will only see the trafic destined for the outside world plus broadcast
> > traffic. It does you no good to put in a firewall/router capabile of
> > Gb/sec performance if you hook it to a 1.5Mb T-1.
>
> With ~300 machines at 100Mb/s, you'll get buffering and collision issues
> when all of them try to go out that single 100Mb/s port. I doubt that a
> school dorm has too much internal-only traffic. Make the link outside
> slow, and those packets will have to queue even more trying to leave.
>
On a switched network your firewall will only see traffic headed for the
outside world. so if you have fewer then 2 T-1 lines (3Mb full duplex) you
could probably get away with 10Mb ethernet, with 100Mb full duplex your
connection to the outside would would need to be ~ 90Mb (2* T-3) before
the ethernet becomes a problem (giving you some room to deal with
broadcast traffic)
If you can afford that much bandwidth then you can afford to make the
connection into your firewall 1000Mb ethernet full duplex, and at that
point the firewall definantly becomes a bottleneck, but at the same time
you are talking about some _really_ serious internet connectivity bills.
David Lang
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
