[120685] in North American Network Operators' Group
Re: Consumer-grade dual-homed connectivity options?
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Wed Dec 30 20:08:44 2009
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <4B3BE0EE.7090007@bogus.com>
Date: Wed, 30 Dec 2009 20:07:50 -0500
To: Joel Jaeggli <joelja@bogus.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>,
Paul Bennett <paul.w.bennett@gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 30, 2009, at 6:23 PM, Joel Jaeggli wrote:
>=20
>=20
> Brett Frankenberger wrote:
>> On Wed, Dec 30, 2009 at 11:13:24AM -0500, Steven Bellovin wrote:
>>> I know nothing of how to do this on a Catalyst; for PCs, my own =
guess
>>> is that you're looking far too high-end. If the issue is relaying =
to
>>> the outside, I suspect that a small, dedicated Soekris or the like
>>> will do all you need -- there's no point in switching traffic faster
>>> than your DSL lines can run. I'm not doing load-balancing, but all
>>> traffic from my house to the outside world (I have a cable modem)
>>> goes through a Soekris 4801, and I can download large files from my
>>> office at 12-13M bps. Further, since the Soekris is bridging some
>>> networks, its interfaces are in promiscuous mode, so the box is
>>> seeing every packet on my home LAN.=20
>>=20
>> Really? If it's connected to a switch, I'd expect it to only see
>> broadcast/multicast/unknown destination MACs, as well as traffic
>> actually flowing through the Soekris.
>=20
> I believe he's refering to the situation where the soekris is doing =
the
> bridging, since the soekris only has 4 ethernet ports and two pci =
slots
> max it's likely that if you need greater than quantity 3 plus wireless
> internal interfaces that you'll need a switch. given the performance
> limits of even a 5501 I tend to disagree that the switching traffic
> internally in software bridge at less than line rate at 100Mb/s is a
> great trade-off vs say using a cheapo gig-e switch.
Correct, except that my Soekris has only 3 100Mbps ports.
My house is wired with COTS GigE switches. Outbound traffic passes =
through the Soekris, which bridges to an older 100M bps switch. That, =
in turn, is connected to the cable modem and a few older devices that =
don't need much bandwidth and only have 100baseT ports themselves, like =
a wireless access point and a printer. =20
I have that setup for several reasons. First, I want a point from which =
I can monitor outbound traffic -- home "routers" and switches don't have =
monitoring ports. I wanted a DHCP server that supported static =
allocations. I contemplated (but never implemented) putting an IPsec =
gateway there; I still may do that. I'm about to move my IPv6 tunnel =
endpoint to the Soekris. I have contemplated multihoming my house, =
though I might conclude that that would incur too many spousal points. =
Finally, at one point I had a more complex topology for my home network =
-- certain locations in the house were separated, to permit imposition =
of restrictions for, shall we say, violations of the house AUP...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
