Ok, now I understand what you are talking about. You are concerned at the
latency caused by the buffering in the switch and/or the firewall. This
was not even on my radar screen.
If the firewall is between two LANs then I would possibly worry about it,
but when the firewall is connecting to the internet consider wht sort of
latencies you will see from your switch or firewall compared to the time
needed to get across the internet. If you are lucky and both you and your
destination are on good connections you should see internet latencies in
the range of 40-100ms modem users survive with latencies starting at
~200-300ms and I am not aware of much (other then game stuff) where
latencies start to be a real problem before they get over ~500ms (please
correct me if you have other info)
what sort of latencies are you expecting to see from the switch or
firewall?
Also I would expect that any firewall should have packet defragmenting
turned on to protect the internal machines, even though this costs more
CPU/memory on the firewall and does add some latency as the packet cannot
be re-transmitted until it is fully received.
David Lang
On Mon, 24 Jan 2000, Paul D. Robertson wrote:
> On Mon, 24 Jan 2000, David Lang wrote:
>
> > On a switched network your firewall will only see traffic headed for the
> > outside world. so if you have fewer then 2 T-1 lines (3Mb full duplex) you
> > could probably get away with 10Mb ethernet, with 100Mb full duplex your
> > connection to the outside would would need to be ~ 90Mb (2* T-3) before
> > the ethernet becomes a problem (giving you some room to deal with
> > broadcast traffic)
>
> Once again, it's *not* a bandwidth issue, all the machines will be trying
> to talk at once to the same switch port and by extension the same Ethernet
> card. That produces latency and timing issues that will show up as either
> buffered packets on the switch or collisions on that port. It's the same
> reason that 10baseT scales to about 100-120 machines before you start
> having problems. Even a wire prototcol like Token Ring hits around the
> same scale point with a single gateway and everyone talking out of a
> single link *despite* having ~85% of 16Mb/s instead of the shared "rest"
> of 10Mb/s after collisions (typically 6.4Mb/s in the real world cases I've
> measured.) Switching *doesn't solve this problem*. Switch *buffering*
> helps it, but with added latency, and that's an effect of the buffering,
> not of the switching.
>
> Once again, if you have a slow Internet connection, your firewall will be
> buffering all those fast outbound packets and it's worse than if you have
> a faster connection out.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
> PSB#9280
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
