1) no. The switch sends traffic directly to the port that it's destined for 2) You probably won't notice any real slowdowns unless you're sniffing the traffic as it's coming across. If there is a bottleneck, it won't be in the CPU of the firewall box, but in the PCI bus. I wouldn't worry about it, unless you absolutely need wirespeed. For 5 or fewer machines, I can't see you needing to spend the money on the kind of hardware you'd need to achieve this.
On Tue, 2004-09-07 at 09:10, James Kuhns wrote: > I'm hoping somone on here could answer a few questions for me concerning > gigabit networking with a firewall. > > I'm about to upgrade my home network to gigabit. I currently have a > firewall with 3 interfaces - lan, dmz and internet. The lan interface goes > to a 10/100 switch with 4 wired ports and is also a wireless point (3 > machines wired and 2 laptops on the wireless), the dmz goes to a 5 port > 10/100 switch (1 machine right now), and the internet goes straight to my > cable modem. > > What I'm thinking of doing is: > 1) replacing two of the 10/100 nics in the firewall with 10/100/1000 nics > (for lan and dmz) > 2) replacing the 10/100 nics in the other machines with 10/100/1000 nics > 3) replacing the lan switch with an 8 port 10/100/1000 switch > 4) hanging the old lan switch off one of the ports on the new switch (to use > strictly for wireless) > 5) replacing the dmz switch with a 5 port 10/100/1000 switch > > I see this having 4 bottlenecks: > 1) firewall <-> cable modem (I'll leave a 10/100 nic in the firewall for the > internet interface - the modem will only connect to the firewall at 10 half > duplex anyway) > 2) cable modem <-> COX > 3) machines in the lan <-> machines in the dmz (the firewall that connects > the two nets is a pretty low powered machine right now - AMD K6 2 350, so I > don't see it being able to keep the pipes full) > 4) wireless access point <-> lan switch (doesn't matter since the only > machines on this leg are wireless). > > The main benefit I'm looking for is the ability to move huge (3-10 GB) files > (vmware sessions, install cd/dvd isos, etc.) around on the lan machines > (excluding the wireless laptops of course). I'm going ahead and uping the > dmz switch and machines right now so that when I replace the firewall with a > beefier machine the lan <-> dmz bottleneck should open up. Bottlenecks 1, 2, > and 4 are inherent in the equipment/technology so I'm not worried about > them. > > The questions I have are: > 1) Will traffic between lan machines have to go through the firewall > (creating a bottleneck I didn't forsee)? > 2) Will upgrading the firewall machine later open up the lan <-> dmz > bottleneck like I think? > > If its relevant, the different net settings are: > The lan and dmz are different networks (192.168.0.x and 192.168.1.x), all > machines have a netmask of 255.255.255.0 and a default gateway of their > respective interface on the firewall (192.168.0.1 or 192.168.1.1). > > Thanks > James > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net
