From owner-freebsd-hardware Sat Aug 1 01:45:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA20127 for freebsd-hardware-outgoing; Sat, 1 Aug 1998 01:45:51 -0700 (PDT) (envelope-from owner-freebsd-hardware@FreeBSD.ORG) Received: from super-g.inch.com (super-g.com [207.240.140.161]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA20121 for ; Sat, 1 Aug 1998 01:45:49 -0700 (PDT) (envelope-from spork@super-g.com) Received: from localhost (localhost [127.0.0.1]) by super-g.inch.com (8.8.8/8.8.5) with SMTP id EAA11814; Sat, 1 Aug 1998 04:45:29 -0400 (EDT) Date: Sat, 1 Aug 1998 04:45:29 -0400 (EDT) From: spork X-Sender: spork@super-g.inch.com To: "Roberts, Patrick S" cc: "'Richard Archer'" , freebsd-hardware@FreeBSD.ORG Subject: RE: Support for passive backplane chassis? In-Reply-To: <199807311935.NAA24184@stortek.stortek.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hardware@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The problem with most of the switches is that it seems you lose some security. I mean they "route", but they don't quite route. The goal is to let no traffic of any sort pass from customer A to customer B. Does the RSM give you control over that? Is it just a VLAN issue? How about IP theft within the building? Charles On Fri, 31 Jul 1998, Roberts, Patrick S wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The Cisco Cat-5000 will work great in that capacity.... have used the > a great deal and have found them to be exxellent in the areas of > scalabilty.... as for your security problem, with a good switch, that > has hardware routing capabilities, there is not much worries..... > > - -- > Patrick S. Roberts > StorageTek - Systems Engineer > OpenSystemsSupport > > - -----Original Message----- > From: Richard Archer [SMTP:rha@interdomain.net.au] > Sent: Friday, July 31, 1998 2:00 AM > To: freebsd-hardware@FreeBSD.ORG > Subject: Re: Support for passive backplane chassis? > > At 15:51 +1000 31/7/1998, C. Stephen Gunn wrote: > > >In message , Richard Archer > writes: > > > >>I am thinking of using a passive backplane system with 16 PCI slots. > >>This would allow each router to handle up to 64 ethernet segments. > >>But I can't find much information about how these interact with > FreeBSD. > > > > This would scare the heck out of me. I use a FreeBSD box at my > >day job to route between 5 Ethernet Interfaces. While it's a fast > >box, and it all works fine, I don't want to think about the bandwidth > >aggregation problems you might have with 64 ethernet cards on one > >machine. At that level you're not looking for a CPU to make > decisions > >on the packets. You want a Switch. > > Hi Steve, > > Well, that's certainly a heads-up! > > The problem with the switches I've seen are that they don't offer the > security of a router. I really want a solution that operates as a > firewall > between the LANs. From what I've seen, products like the Bay Networks > Accelar 1200 finish up costing over $1000 per port (that's the price > in > local currency here in Australia). > > I've costed out a solution using FreeBSD boxes (either 4 16-slot > backplane > boxes or 16 4-slot motherboard solutions) and either way it works out > to > about $500 per port. > > But of course $500 per port works out being very expensive if the > solution > does not work! > > > > I would check out Lucent's Cajun Switch, or some of the nicer > Cisco > >10/100 switches that can take a route processor. The Lucent one > claims > >to be 10/100 on lots of ports (140 or so) and provide Layer-3 > switching > >(basically routing) in hardware, at wire speed. While you're looking > >at $25K or so, racks of BSD machines aren't free either. > > $25K (double that in Australia) would actually work out being a > comparable > price to the FreeBSD-based system. I'll certainly follow that up. Also > the > Cisco Catalyst 5000 series with the 48-port 10baseT ports might work > out > being a reasonable price. > > > > Don't get me wrong here, FreeBSD is great, but PCI isn't going to > >handle what you want. At least not at high saturation levels for > >each subnet. Just wondering, how does this building hook to the rest > >of the universe? > > At the moment the building is still a shell :) > > I was going to use a Cisco 3260 with a 2E2W card with each WAN port > connecting to a different upstream. (Actually one upstream and one to > a local peering point.) > > > Thank you for the advice! > > ...Richard. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hardware" in the body of the message > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 5.5.5 for non-commercial use > Comment: Internet Security Consultant > > iQA/AwUBNcIcvro11bxpeVfFEQI4KwCg1Ig8Ffkia7Krz+XMdRxZs3YjM94AnRa8 > d5+KE/zP5j9bVA7nodyPa42L > =Wd1e > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hardware" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hardware" in the body of the message