Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 22 Aug 1999 00:13:25 -0700 (PDT)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc:        cdillon@wolves.k12.mo.us (Chris Dillon), wes@softweyr.com (Wes Peters), cliff@steam.com (Cliff Skolnick), service_account@yahoo.com (jay d), yurtesen@ispro.net.tr (Evren Yurtesen), freebsd-security@FreeBSD.ORG
Subject:   Re: multiple machines in the same network
Message-ID:  <199908220713.AAA76633@apollo.backplane.com>
References:   <199908220649.XAA31700@gndrsh.dnsmgr.net>

next in thread | previous in thread | raw e-mail | index | archive | help
:> I noticed the only "L3 support" from the spec sheets of the 4000M and
:> 8000M is IGMP snooping to control multicast traffic, and "protocol
:> filtering" only on the 8000M.  Nothing close to IP routing, however
:...
:> with only a 3.8Gbit backplane, unless local switching occurs on each
:> of the port modules, and even then the "throughput test" would have to
:...
:
:...
:4Gbit/sec of backplane to do this.  Thats 4G bytes of data in, 4G
:accross the backplane, and 4G back out of the box.
:
:...
:As you can see the Fabric only has to handle 40 x 100Mb/s to
:keep all 40 ports busy at full duplex.
:
:The 3.8 Gb/s spec comes up a little short, but only buy 2 ports...
:and it had better be darned efficent as far as overhead goes...
:-- 
:Rod Grimes - KD7CAX - (RWG25)                    rgrimes@gndrsh.dnsmgr.net

    One thing I've learned about switches:  By the time you actually use up
    the backplane bandwidth of a cheapish switch you are already spending so
    much money on the hardware connected to the thing that the cost of 
    upgrading the switch itself is in the noise.

    The second thing I've learned:  Unless your needs are highly specialized,
    you aren't going to even come close to the potential aggregate bandwidth
    of N ports.  At BEST we had several catalysts - 150+ ports on each one,
    for customer colo and for all of our web servers & shell machines.
    I don't think any of those babies ever used more then 500 MBits of
    aggregate bandwidth across the fabric.

    In regards to all the discussions about security and so forth... well, all
    I can say to that is that it's easy for one to get worked up into a 
    frenzy over network security.  You have much less stress when you simply
    assume that the network is always compromised.  Then you can concentrate
    your time securing the machines and using only encrypted network links,
    which is what you should have been doing in the first place.  

    Any hacker who can bypass a simple switch also has a fairly good
    chance of working around a more sophisticated one, even if you nail
    the MAC addresses down and take every precaution you can think of.  
    To my mind that means that it makes sense to take basic precautions 
    (e.g. use a switch instead of a hub), but if you get too far beyond that
    you start to waste money on tiny incremental improvements.  Some people
    might get some peace of mind by throwing lots of money into hardware,
    but it gives a false sense of security.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908220713.AAA76633>