Hello Michiel, Wow! I guess you were serious about helping. I really appreciate the time and thought you have put into this, Michiel. I'm curious why you have not been cc'ing the LEAF list. This information might be helpful to someone else like me. If you would prefer I leave the list off my replies please let me know. I'm not sure if all my replies are making it to the list either. I just got a message that my last post was sent to the moderator awaiting approval due to "suspicious header". I suspect you may be in the same boat.
My in-line comments are inserted below. Thanks! --Cal Webster On Mon, 2004-03-22 at 19:37, michiel wrote: > Dear calvin > > Not all 3C905 cart are the same. > I got one with a lucent chip that don't works with linux. > Most of them do work with linux best sugestion try it first. The bug is > verrie enoing becouse dhcp and some other things work but not havie > loads like ftp. (espacialy lage packeges (mtu).) > It cost me 3 days to find that out. Trying to prevent it for you. Thanks for the warning. Fortunately, I haven't encountered those problems. > DOC sockets? > You can also use a ide port with a doc. > Take a look at this one. > http://www.routerboard.com/parts.html#cf_ide > Just works like a harddisk. (have not tried it jet) That was an option when I specified the SBC, but the performance specifications in the Cyber Research catalog appeared better for the DOC sockets. I've bookmarked that site, though. I'm always looking for new sources for non-standard hardware. > 128 MB RAM? > Even with squid proxie caching is way to mutch. > 32 mb is mostly oke. > 768 MB RAM? > There is no use for it. Atleast not with leaf. RAM is relatively cheap. Better to have more than less, especially without hard drives. > Pci bridge. > All pci briges can only do a 133 mbps. > Then there will be a problem to use 2X 100mbps wireless link. > (not sure witch wireless system you are using?) > I am using a 54g wireless network that doesn't mean that there is a 54 > mbps speed just 22.5 mbps max. > Intel has mainboards with a separate brige for network ( 1 gbps) that > can give some space, but expensive. > Otherwise there is not mutch need for faster systems as a pentium. > Pci express is going to chainge that I hope. We're using RadioLAN RMG503's. I may substitute a free-space optical bridge for one of the links. With Ethernet overhead and encryption from VPN tunneling, we're getting more like 30-40 Mbps of the 100 Mbps advertised. I'd be interested in looking at any SBC with separate bridge for networking to use with the 3rd router and possible upgrades for the others. Is there a separate block of PCI slots for NICs? As I indicated in one of my previous posts, I intend to eventually upgrade the existing NICs with multi-port Ethernet cards. These typically have their own PCI-to-PCI bridge anyway. Such is the case with the "4-port Ethernet Card RouterBoard 44" at the site you listed above. > Layout: > This wil be my solution. > At least just my few cents. > > Building D firewall 4. > Not realy intereting just a simple bering + ipsec. A 486DX-33. pci will > do, but isa is fine to. (maybe if the plan1/2 are big go for pci) > Bit more pc is always nice. So use a pentium. > No routing protocols nessesary so I will scratch him out the scemetic. I don't want to have to manage static routes. As I indicated in my original specification, all other Private LANs (PLANs) must be able to send and receive traffic to/from all other PLANs without restriction. I neglected to mention however, that at least one PLAN in each building will also need Internet access and access to the corporate intranet. > To Firewall or to (ipsec)route > That's the diferents. > Routers 1/2/3 use ospf/bgp/.... routing over ipsec. > firewals 1/2/3 use a simple switching software between dsl and router. I'm not sure what you mean by "switching software between dsl and router". Are you implying that the ospf/bgp daemons are not to be aware of the DSL links? Without the routing protocols, how will automatic fail-over occur when a link goes down? > Most dsl providers requier that they are your defauld gatway. > And you want that to be router 2 at building B. We own our own DSL equipment including the chassis and line cards at the corporate telephone office/network operation center. However, it is aging and will soon be unsupportable. I haven't gotten approval for replacement yet, but hope to tap existing fiber links. We have a default gateway on the corporate network for access to the corporate network and their severely restricted Internet connection. We will normally only use corporate network to access corporate resources. However, if the main cable ISP link at our site goes down or is somehow unavailable, each of the buildings should fail-over to use the corporate Internet access through the DSL link. > [Remote User] > [firewall 1] [firewall 2] | > | | | > | | [Internet] > | | | > Building A Building B | > [Router 1]<-------------[RF1]------------->[router 2]<--->[ISP] > ^ ^ > \ / > \ / > \ / > \ / > \ / > \ / > \ / > \ / > [RF1] [RF1] > \ / > \ / > \ / > \ / > \ / > \ / > \ / > \ / > Building C > [router 3]-----------firewall 3 > ^ > | > | > [RF2] > > > > > > [PLAN2] [PLAN2] > | | > [PLAN1] | [PLAN1] | > | | | | > | | | | > Building A ---- [router 1] Building B ---- [router 2] > [Firewall 1] [Firewall 2] > \ / > \ / > [DSL] [DSL] > \ / > \ [Internet] / > \ | / > \ | / > \ | / > \ | / > \ | / > [Corp Network] > ^ > | > | > [DSL] > | > | > | > Building C > [Firewall 3]---[PLAN1] > | \ > | \--[PLAN2] > [router 3] > > > The BGP daemon can do a lot of nice things but if youre dsl provider has > a total shutdown then all dsl connections are gone. > Then it is posible that router sent a packege to the next one and he to > the next one. That can bring all youre routers down with a ddos attack > that you start youre self. > Don't forget to test a total dsl failer. Is this what you meant when you talked about "doubling routers" before, separating the routing and firewall functions on the same machine and removing DSL from BGP awareness? I'm still not clear on what you meant there. It does seem like you have a good handle on what I'm trying to do here. Thank you again for your comments and suggestions. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
