On Thu, 31 Jan 2002, Robert Sprockeels wrote:
> >
> >
> >>I can confirm that. I have two systems running at a customer location
> >>with dual ethernet (Intel) on the motherboard and two DFE-570TX's
> >>totalling 10 ethernet ports per system, running Dachstein. No problem
> >>whatsoever
> >>
> >What on earth do you use 10 interfaces for?
> >And what does your routing table and ruleset look like ?!?
> >I could guess, but I'll wait for an answer :)
> >Matt
> >
> Hi Matt,
>
> You're right, it *is* a rather complicated-looking config (does this
> sound like an understatement?). The routing table is not too
> complicated, but the ruleset now has 250+ rules in it (and counting).
> There still is no performance problem. Of course, we used a P3 1GHz for
> it... :-) Oh, and I forgot to mention a 2-cpu Sangoma WAN card with 3
> out of 4 ports used for leased lines... relax, just 128k ones ;-)
>
> The two systems are configured in a fail-over setup to provide high
> availability, and are housed in 19" 4U cabinets with an extremely nice
> feature: the bracket area is on the front side...
>
> There is one external segment, one for DMZ, one for internal servers, a
> couple for customers connecting through their lines or needing direct
> access to their database servers, the leased lines are SMS feeds from
> our local mobile phone operators, there are a bunch of internal segments
> and some VPN tunnels.
>
> Quite some population... But - that's why I like LEAF - it WORKS!!! Just
> *TRY* to do the same with Cisco and a limited budget...
>
> Robert
>
>
Well, I love a challenge and a laugh, so I just fired up Cisco's
configurator to see what a comparable setup would look like. To be fair,
your PIII would chew through IPSec like it was oatmeal, so we'd better
add an AIM VPN accelerator to the Cisco... also, I went ahead and
notched up the DRAM and flash selections one option at a time instead of
specifying the most it will hold like I normally would. I selected
Enterprise IOS since LRP can speak nearly any protocol known to man, but
did not use the Cisco FW set since that includes a stateful inspection
engine. I'm assuming you're on site and will get new parts to
the router within 1 day, and I'll give you a 20% discount from
list. Drumroll please:
Product # Description Quantity Price Lead Time
CISCO2650 10/100 Modular Router 1 2,636.00 5 days
CAB-AC Power Cord,110V 1 0.00
S26AK9-12202XT IOS ENT+ IPSEC 3DES 1 1,440.00
MEM2650-32U64D 32 TO 64MB DRAM Upg 1 1,520.00
MEM2600-8U16FS 8 to 16 MB Flash Upg 1 560.00
NM-16ESW 16p EtherSwitch NM 1 1,196.00 13 days
WIC-1DSU-T1 T1/FracT1 DSU/CSU WIC 2 1,600.00
AIM-VPN/EP DES/3DES VPN Module 1 1,600.00 15 days
CON-OS-26XX SMARTnet Onsite8x5xNBD 1 392.00
--------------------------------------------------------------------
Total Lead Time: 15 days Total Price: 10,944.00
X 2
---------
21,888.00
This is 18 Ethernet ports, but once you get past the backplane blocking
speed it really doesn't matter how many physical interfaces you hook up.
Hope that was fun for you too.
--
Jack Coates
Monkeynoodle: A Scientific Venture...
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
