From owner-freebsd-questions Sat Nov 17 0:41:55 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 40EE637B405 for ; Sat, 17 Nov 2001 00:41:48 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id fAH8fYR08929; Sat, 17 Nov 2001 00:41:34 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Anthony Atkielski" , "Andrew C. Hornback" , "FreeBSD Questions" Subject: RE: DSL PPPoE with 2 NICs Date: Sat, 17 Nov 2001 00:41:19 -0800 Message-ID: <000c01c16f43$a08a6180$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <001c01c16e99$3ba2a110$0a00000a@atkielski.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: Anthony Atkielski [mailto:anthony@atkielski.com] >Sent: Friday, November 16, 2001 4:21 AM >To: Ted Mittelstaedt; Andrew C. Hornback; FreeBSD Questions >Subject: Re: DSL PPPoE with 2 NICs > > > >If you have only one LAN, or only a few in physical proximity, it >seems entirely >practical to me. You don't need to update firmware very often (if ever), >anyway. > Usually businesses with one lan are smaller, and it's not uncommon for the smaller businesses to have no IT person on staff, and contract all IT work out. It's much cheaper for them when the contractor can remotely admin their router and servers. This is actually one strong reason to use FreeBSD servers in the first place - superior remote administration. >> For a REAL router like a Cisco 1605-R, firmware >> updates can be done remotely quite easily. But the >> cost is much higher for the device. > >Unless there is a desperate need to perform such updates remotely, >there is no >point in spending the extra money for a fancier router. > Well, I don't know about most ISP's or consultants, but at our ISP this is how it is. About half our switched line customers (ptp, frame, etc) use Cisco devices that are run-from-ram routers. I update those periodically without charge. (since I'm regularly doing our own internal routers, it's no trouble to add the customer routers that can be remotely upgraded into the update list) So the upshot is that those customers of ours that spent the money for decent routers in the beginning now get updates without charge and without even being aware that they are being done. The rest of the crowd that think like you have to tough it out by themselves. Funny but on average they have more problems keeping their circuits up. >> For starters you can terminate remote VPN links >> on a FreeBSD system, how many $100 routers can >> you do that on? > >The one I use does exactly that. It can and does maintain a remote VPN link >with the DSL modem. That is one of its selling points, and that is >one reason >why I bought it (it is much easier to have the router handle this >than to try to >get it to work on FreeBSD). And, how many simultaneous VPN links can it run reliably? > >> You can also run a proxy server on your FreeBSD >> system, and force all your inside clients to use >> that, so you can spy on where they are surfing. > >If you don't need a proxy and you don't wish to spy, this is irrelevant. > Correct - but as I said, not everyone is lucky enough to be network admin at a company that has mature adults as employes. >> You can set your router up as a network monitoring >> device and if the link to the Internet goes down >> your BSD system can send you a page. > >The cheapo router can send a message to syslog on the machine of your choice, >which can then alert anyone. > Except now you just have to have 2 boxes, the router and the syslogger, to do the work a single BSD box can. > >What is the minimum size of a network that may legally quality as "IT >infrastructure"? > It's as much as how the enterprise is run as it's physical size. I think that you would find that any organization that has an IT department in which the CIO is autonomous can be considered an Enterprise. You will know the difference because in an IT Enterprise, non-IT employees are not allowed to tell the IT department what solutions to employ, they are only permitted to present the problems to IT and their suggestions, and IT makes the determination of what products and services the organization will purchase and use to solve those problems. Such organizations also have a formal budgeting process in place. >In any case, any network as large as you imply isn't going to be >relying on PCs >running an unsupported, free OS to replace real routers, either--not >if they can >afford Cisco. > Actually, the most common configuration I've seen is use of Cisco devices as WAN routers, and use of servers with multiple NIC's as LAN routers. Typically they use the same OS for the server routers as for their file and print servers. Cisco routers that have many multiple Ethernet ports are extremely expensive and not common. For example, a 7206 which is about a $50K router, can only handle a total of 3 high-speed ports. (ie: 3 100BaseT cards, or 2 100BaseT and 1 ATM DS3, you get the idea) Also, many large Cisco shops use FreeBSD servers as support servers for the routers. You cannot manage a lot of Cisco routers without servers. Like you pointed out in your syslogger example, hardware routers don't have local storage. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message