TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
You are mixing terminology here. Ethernet? Token Ring? or any other? A Hub
(what speed) is not "faster" than a Switch (what speed), unless the hub is
100 and has only one device connected to the backbone, and the switch is a
10bT device.
Jim
-----Original Message-----
From: Luff, Darryl [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 06, 1999 10:58 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Switched network
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
A hub isn't necessarily bad, it depends where the traffic's going. The hub
actually forwards packets faster than a switch (less latency). The switch
gets it's performance by allowing multiple conversations to carry on in
parallel.
If you're monitoring a point-to-point link between a firewall and a switch,
inserting a hub wont make much difference to performance. The traffic is the
same (barring traffic generated by the monitor itself, which is hopefully
fairly light).
Even on something like a DMZ with multiple servers, where practically all
traffic is between the firewall port and one or the other of the servers, a
switch doesn't help performance much because all traffic is still queued up
for the single port the firewall is connected to. In this case replacing the
switch with a hub shouldn't make much difference - only one machine can talk
to the firewall at a time anyway.
Where switches do work well is on segments with multiple hosts, where
traffic flows in a mesh between many pairs of hosts. Here the switch is
providing a big performance improvement by isolating conversations between
different pairs of hosts. Replacing this switch with a hub would increase
the utilisation on the segment, and so probably cause increased collisions
and poor performance.
Darryl
> -----Original Message-----
> From: Ray Honeycutt (HCS) [SMTP:[EMAIL PROTECTED]]
> Sent: Saturday, December 04, 1999 8:47 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: Switched network
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
> --
>
> I assume you would not recommend using a hub for performance reasons?? If
> we use the
> network tap approach, do you know of particular hardware vendors that are
> recommended?
>
> Brian Laing wrote:
>
> >
> > Istvan,
> >
> > To implement IDS into a switched environment careful attention
> needs to be
> > spent examining the flow of traffic, and once that is known more time
> spent
> > on how much of that traffic you wish to see. Once you know that where
> to
> > place the IDS is much simpler.
> > The main targets points for monitoring in a switched
> environment,
> are
> > between switches, routers and individual machines. You can use any of
> the
> > following methods to monitor these connections. If your switch supports
> > mirroring or spanning of ports you can copy the traffic from the target
> port
> > to your IDS on another port. Another solution is the use of network
> taps.
> > A tap is a hardware device that can be inserted between two connections,
> and
> > copy the traffic off to your IDS. You could also use a Hub instead of a
> tap
> > in some solutions but I would not recommend it.
> >
> > Brian
>
> --------------------------------------------------------
> Ray Honeycutt 919.779.3055 Voice
> President 919.779.3464 Fax
> HCS Systems Inc. www.hcssystems.com
> 4470 Zacks Mill Rd. [EMAIL PROTECTED]
> Angier NC 27501, USA
>
