Date: Sat, 1 Aug 1998 04:45:29 -0400 (EDT) From: spork <spork@super-g.com> To: "Roberts, Patrick S" <RoberPS@LOUISVILLE.STORTEK.COM> Cc: "'Richard Archer'" <rha@interdomain.net.au>, freebsd-hardware@FreeBSD.ORG Subject: RE: Support for passive backplane chassis? Message-ID: <Pine.BSF.4.00.9808010442070.28996-100000@super-g.inch.com> In-Reply-To: <199807311935.NAA24184@stortek.stortek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The problem with most of the switches is that it seems you lose some security. I mean they "route", but they don't quite route. The goal is to let no traffic of any sort pass from customer A to customer B. Does the RSM give you control over that? Is it just a VLAN issue? How about IP theft within the building? Charles On Fri, 31 Jul 1998, Roberts, Patrick S wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The Cisco Cat-5000 will work great in that capacity.... have used the > a great deal and have found them to be exxellent in the areas of > scalabilty.... as for your security problem, with a good switch, that > has hardware routing capabilities, there is not much worries..... > > - -- > Patrick S. Roberts > StorageTek - Systems Engineer > OpenSystemsSupport > > - -----Original Message----- > From: Richard Archer [SMTP:rha@interdomain.net.au] > Sent: Friday, July 31, 1998 2:00 AM > To: freebsd-hardware@FreeBSD.ORG > Subject: Re: Support for passive backplane chassis? > > At 15:51 +1000 31/7/1998, C. Stephen Gunn wrote: > > >In message <l03130318b1e6eae3d5e0@[203.17.167.127]>, Richard Archer > writes: > > > >>I am thinking of using a passive backplane system with 16 PCI slots. > >>This would allow each router to handle up to 64 ethernet segments. > >>But I can't find much information about how these interact with > FreeBSD. > > > > This would scare the heck out of me. I use a FreeBSD box at my > >day job to route between 5 Ethernet Interfaces. While it's a fast > >box, and it all works fine, I don't want to think about the bandwidth > >aggregation problems you might have with 64 ethernet cards on one > >machine. At that level you're not looking for a CPU to make > decisions > >on the packets. You want a Switch. > > Hi Steve, > > Well, that's certainly a heads-up! > > The problem with the switches I've seen are that they don't offer the > security of a router. I really want a solution that operates as a > firewall > between the LANs. From what I've seen, products like the Bay Networks > Accelar 1200 finish up costing over $1000 per port (that's the price > in > local currency here in Australia). > > I've costed out a solution using FreeBSD boxes (either 4 16-slot > backplane > boxes or 16 4-slot motherboard solutions) and either way it works out > to > about $500 per port. > > But of course $500 per port works out being very expensive if the > solution > does not work! > > > > I would check out Lucent's Cajun Switch, or some of the nicer > Cisco > >10/100 switches that can take a route processor. The Lucent one > claims > >to be 10/100 on lots of ports (140 or so) and provide Layer-3 > switching > >(basically routing) in hardware, at wire speed. While you're looking > >at $25K or so, racks of BSD machines aren't free either. > > $25K (double that in Australia) would actually work out being a > comparable > price to the FreeBSD-based system. I'll certainly follow that up. Also > the > Cisco Catalyst 5000 series with the 48-port 10baseT ports might work > out > being a reasonable price. > > > > Don't get me wrong here, FreeBSD is great, but PCI isn't going to > >handle what you want. At least not at high saturation levels for > >each subnet. Just wondering, how does this building hook to the rest > >of the universe? > > At the moment the building is still a shell :) > > I was going to use a Cisco 3260 with a 2E2W card with each WAN port > connecting to a different upstream. (Actually one upstream and one to > a local peering point.) > > > Thank you for the advice! > > ...Richard. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hardware" in the body of the message > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 5.5.5 for non-commercial use <http://www.nai.com>; > Comment: Internet Security Consultant > > iQA/AwUBNcIcvro11bxpeVfFEQI4KwCg1Ig8Ffkia7Krz+XMdRxZs3YjM94AnRa8 > d5+KE/zP5j9bVA7nodyPa42L > =Wd1e > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hardware" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hardware" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.00.9808010442070.28996-100000>