Thanks Tim! Guess I know what my project is for next weekend :-)
James > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tim Fournet > Sent: Tuesday, September 07, 2004 9:22 AM > To: [email protected] > Subject: Re: [brlug-general] networking ignorance > > 1) no. The switch sends traffic directly to the port that > it's destined for > 2) You probably won't notice any real slowdowns unless you're > sniffing the traffic as it's coming across. If there is a > bottleneck, it won't be in the CPU of the firewall box, but > in the PCI bus. I wouldn't worry about it, unless you > absolutely need wirespeed. For 5 or fewer machines, I can't > see you needing to spend the money on the kind of hardware > you'd need to achieve this. > > > On Tue, 2004-09-07 at 09:10, James Kuhns wrote: > > I'm hoping somone on here could answer a few questions for me > > concerning gigabit networking with a firewall. > > > > I'm about to upgrade my home network to gigabit. I > currently have a > > firewall with 3 interfaces - lan, dmz and internet. The > lan interface > > goes to a 10/100 switch with 4 wired ports and is also a wireless > > point (3 machines wired and 2 laptops on the wireless), the > dmz goes > > to a 5 port 10/100 switch (1 machine right now), and the > internet goes > > straight to my cable modem. > > > > What I'm thinking of doing is: > > 1) replacing two of the 10/100 nics in the firewall with > 10/100/1000 > > nics (for lan and dmz) > > 2) replacing the 10/100 nics in the other machines with 10/100/1000 > > nics > > 3) replacing the lan switch with an 8 port 10/100/1000 switch > > 4) hanging the old lan switch off one of the ports on the > new switch > > (to use strictly for wireless) > > 5) replacing the dmz switch with a 5 port 10/100/1000 switch > > > > I see this having 4 bottlenecks: > > 1) firewall <-> cable modem (I'll leave a 10/100 nic in the > firewall > > for the internet interface - the modem will only connect to the > > firewall at 10 half duplex anyway) > > 2) cable modem <-> COX > > 3) machines in the lan <-> machines in the dmz (the firewall that > > connects the two nets is a pretty low powered machine right > now - AMD > > K6 2 350, so I don't see it being able to keep the pipes full) > > 4) wireless access point <-> lan switch (doesn't matter > since the only > > machines on this leg are wireless). > > > > The main benefit I'm looking for is the ability to move > huge (3-10 GB) > > files (vmware sessions, install cd/dvd isos, etc.) around > on the lan > > machines (excluding the wireless laptops of course). I'm > going ahead > > and uping the dmz switch and machines right now so that > when I replace > > the firewall with a beefier machine the lan <-> dmz > bottleneck should > > open up. Bottlenecks 1, 2, and 4 are inherent in the > > equipment/technology so I'm not worried about them. > > > > The questions I have are: > > 1) Will traffic between lan machines have to go through the > firewall > > (creating a bottleneck I didn't forsee)? > > 2) Will upgrading the firewall machine later open up the > lan <-> dmz > > bottleneck like I think? > > > > If its relevant, the different net settings are: > > The lan and dmz are different networks (192.168.0.x and > 192.168.1.x), > > all machines have a netmask of 255.255.255.0 and a default > gateway of > > their respective interface on the firewall (192.168.0.1 or > 192.168.1.1). > > > > Thanks > > James > > > > > > _______________________________________________ > > General mailing list > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlug.net > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net >
