On 10 Sep 2001, at 17:10, Paul Robertson wrote:
> I'm a huge fan of buying more small routers and dumb hubs if
> possible rather than switches, because I really, really, really
> like layer 3 seperation- I think it provides significant
> protection, which is why you'll often see me ranting about things
> like VLANs being bad.
Now *that* brings up an interesting point.
Hubs scale linearly (within cetain limits) -- add more hubs, you
have more ports onto the smae collision domain.
Switches don't. Each switch has its own ARP tables and switch
fabric and adds its own latency, and there is no way you can
duplicate the precise behaviour of a big switch with a bunch of
little switches.
So: when I first looked at VLANs, my obvious question was "Why do
I want my big switch to emulate a bunch of smaller switches? If I
needed smaller broadcast domains, it would have been much cheaper to
buy smaller switches!"
There are two other pieces of the VLAN puzzle which help answer
that question. One is trunking -- the ability to distribute a bunch
of logical layer-3 domains over a completely different layer-2
topology. (This seems to sound cooler in theory than I've seen it
used so far in practice, but in general eliminating dependencies
between layers *should* be a good thing.)
The other is that a routing blade in a switch, routing between the
VLANs, seems to be a whole lot more cost effective (and easier to
manage centrally) than a whole bunch of small routers.
I *like* the idea of small routers -- whether the segments use
small hubs or small switches -- but I think that battle may already
be lost to the "VLANS + routing engine" alternative.
Dave Gillett
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
