Date: Sat, 21 Aug 1999 00:18:23 -0600 From: Wes Peters <wes@softweyr.com> To: Cliff Skolnick <cliff@steam.com> Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, jay d <service_account@yahoo.com>, Evren Yurtesen <yurtesen@ispro.net.tr>, freebsd-security@FreeBSD.ORG Subject: Re: multiple machines in the same network Message-ID: <37BE44AF.67A392E6@softweyr.com> References: <Pine.BSF.4.10.9908202231130.68821-100000@lazlo.internal.steam.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cliff Skolnick wrote:
>
> On Fri, 20 Aug 1999, Wes Peters wrote:
>
> > Ah hell, just buy a switch/router and get the whole mess in one box. If you
> > buy the RIGHT one, you can get your wide area/internet link AND your firewall
> > all in the same box. Anyone who thinks a router provides more security than
> > a VLAN switch doesn't understand how VLANs work.
>
> With a nice router I can almost always set up filtering and policys on how
> ports exchange traffic. It's really hard to create a good packet filter on
> a layer 2 device,
Who said anything about layer 2 devices? Both the switches I referred to
are layer 3 devices with a wide range of network services available. The
Xylan box offers Checkpoint FW-1 firewall and advanced routing if you want
to get really involved, though you'll need a model with more RAM and Flash.
> 4 Port Ethernet cards are less than $500 now so you
> can build the box with a really low per-port cost. The box costs $2000 for
> 8 ports at about $250/port.
You obviously didn't follow the links. The HP ProCurve I mentioned is $1880
for 40 switched 10/100 ports with layer 3 functionality and VLAN support.
That's $47 port port, much lower than your $250/port, with a LOT more performance
also. The Tolly Group recently tested it and found it capable of sustaining
full wire speed on all 40 ports. I'll just be your PCI-bus box isn't going
to hit 4 Gbps throughput.
> Sure there are some switches that do provide extensive filtering and even
> load balancing, but those are a usually a bit more than $250/port.
Not anymore.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://softweyr.com/ wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37BE44AF.67A392E6>