On Mon, 24 Jan 2000, David Lang wrote:
> On a switched network your firewall will only see traffic headed for the
> outside world. so if you have fewer then 2 T-1 lines (3Mb full duplex) you
> could probably get away with 10Mb ethernet, with 100Mb full duplex your
> connection to the outside would would need to be ~ 90Mb (2* T-3) before
> the ethernet becomes a problem (giving you some room to deal with
> broadcast traffic)
Once again, it's *not* a bandwidth issue, all the machines will be trying
to talk at once to the same switch port and by extension the same Ethernet
card. That produces latency and timing issues that will show up as either
buffered packets on the switch or collisions on that port. It's the same
reason that 10baseT scales to about 100-120 machines before you start
having problems. Even a wire prototcol like Token Ring hits around the
same scale point with a single gateway and everyone talking out of a
single link *despite* having ~85% of 16Mb/s instead of the shared "rest"
of 10Mb/s after collisions (typically 6.4Mb/s in the real world cases I've
measured.) Switching *doesn't solve this problem*. Switch *buffering*
helps it, but with added latency, and that's an effect of the buffering,
not of the switching.
Once again, if you have a slow Internet connection, your firewall will be
buffering all those fast outbound packets and it's worse than if you have
a faster connection out.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
