Re: [leaf-user] multiple static ip address router/firewall

[tom . erjavec]

 Andrew Nance wrote:

 | It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total
 | bandwidth.

 Almost anything fairly modern (ie: Pentium-class PCI based system) 
 should be
 able to handle this kind of bandwidth.  Even 486 based systems with EISA
 cards (should you actually be able to find one) could probably move this
 much data around.
 - --
 Charles Steinkuehler

On a Soekris net4801 with Bering 1.2 using a 100Mb/s switch and a 
8Mb/s cable modem I calculated almost 5Mb/s throughput on FTP. 
That is: 720MB CD transferred in 20 minutes == 36 MB in a minute 
== 0.6 MB in a second == 4.8 Mb/s. I guess a WRAP should 
behave close to this.

Not that this below is a very relevant piece of information since the 
packets were very big and packet count was low, but:

on the same Soekris wired with cross eth cables to one workstation 
on each side (no public connection) with 100Mb/s cards I fed the 
Soekris from one workstation with ping packets of 64Kbytes per 
second by increasing the number of simultaneous ping processes. 
On the target workstation I was observing the received throughput. I 
kept loading the Soekris/Bering with up to 42 streams, which makes 
roughly 42 Mb/s of bidirectional traffic. (1 packet sent per second; 
packet size 64KB * 8 = 512Kb; ping reply makes 2 x 512 Kb/s == 1 
Mb/s; 42 processes == 42 Mb/s).

More than 42 Mb/s produced a non-linear graph of the received 
traffic on the target workstation. 

Doing the same test on a commercial SOHO ethernet firewall/router 
caused the commercial router to colaps with overload at 4Mb/s, that 
is after the fourth simultaneous 64KB ping.

Tom


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] multiple static ip address router/firewall

[Andrew Nance]

It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total
bandwidth.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Arne Bernin
Sent: Wednesday, July 13, 2005 11:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [leaf-user] multiple static ip address router/firewall

On Wed, 2005-07-13 at 10:06 -0500, Andrew Nance wrote:
 I plan on having multiple video streams going through this router/firewall
 nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I
 need the extra cpu of a regular computer or will the wrap be able to
handle
 it?
 

Can you estimate how much bandwidth you use (average/peek) ?

 Thanks,
 Andrew

--arne

-- 
Arne Bernin [EMAIL PROTECTED]

http://www.ucBering.de





---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] multiple static ip address router/firewall

[Jaime Nebrera]

El jue, 14-07-2005 a las 11:18 -0500, Andrew Nance escribió:
 It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total
 bandwidth.

  From the graph, you see WRAP box is capable of sustaining around 4Mbps
for 50 firewall rules (1500PPS and 350bytes/package). I think you could
live with it :)

-- 
Jaime Nebrera - [EMAIL PROTECTED]
Consultor TI - ENEO Tecnologia SL
Telf.- 95 455 40 62 - 619 04 55 18



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] multiple static ip address router/firewall

[Charles Steinkuehler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andrew Nance wrote:

| It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total
| bandwidth.

Almost anything fairly modern (ie: Pentium-class PCI based system) should be
able to handle this kind of bandwidth.  Even 486 based systems with EISA
cards (should you actually be able to find one) could probably move this
much data around.  Most of those 'black-box' routers from Linksys, D-Link,
et-al. will typically handle 3-5 MBits/s or more fairly easily (remember,
they're engineered to hook to cable modems, and would look bad if they were
a bottleneck).

- --
Charles Steinkuehler
[EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFC1p1ULywbqEHdNFwRAv4pAKDDh3VsCG0Y68eFGuxtiY1ANXwAUgCghNWj
N6PvPaR+7jTqTpYJIfgrET4=
=DB3b
-END PGP SIGNATURE-


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] multiple static ip address router/firewall

[Marko Nurmenniemi]

Charles Steinkuehler wrote:


Andrew Nance wrote:

| It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total
| bandwidth.

Almost anything fairly modern (ie: Pentium-class PCI based system) 
should be

able to handle this kind of bandwidth.  Even 486 based systems with EISA
cards (should you actually be able to find one) could probably move this
much data around.
- --
Charles Steinkuehler


Testing my brand new set-up couple of years ago I got 700Kbps FTP 
transmissions with two SMC (ISA 10Mbps cards) in our company intranet. 
PC was a 486/50MHz with Bering 1.x from a floppy. It should be 
reasonable close to a ISA maximum?

Processor load was somewhere 20-30% if I remember correctly.

I have had the same machine running next to my ADSL for four years 
now...hey it's only 15 years old, it is supposed to work for another 10 
years atleast!


-M


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] multiple static ip address router/firewall

[Peter Mueller]

 Andrew Nance wrote:
 | It is hard to estimate but somewhere around 750 Kbps to 1.5 
 Mbps total 
 | bandwidth.
 
 Almost anything fairly modern (ie: Pentium-class PCI based 
 system) should be able to handle this kind of bandwidth.  
 Even 486 based systems with EISA cards (should you actually 
 be able to find one) could probably move this much data 
 around.  Most of those 'black-box' routers from Linksys, 
 D-Link, et-al. will typically handle 3-5 MBits/s or more 
 fairly easily (remember, they're engineered to hook to cable 
 modems, and would look bad if they were a bottleneck).

A 486 can handle a T1 (1.5mbps) or E1 (2mbps) while encrypting with 3DES and
IPSEC.  A pentium-75mhz can encrypt ~10mpbs.  Both of these rates assume
decent NICs.  Most statistics for bandwidth include packets per second (PPS)
and the # of bits or bytes in those packets.

I think a WRAP can handle your load easily unless you are running some huge
amount of firewall rules and QOS.  In fact, I know so :) even though I don't
own one :(.  TomsHardware has a nice review :
http://www.tomsnetworking.com/Reviews-169-ProdID-WRAP1D2-3.php.   As you can
see 266mhz WRAP can do ~40mbps NAT, or ~3.5mpbs Ipsec/3DES.  This means it is
somewhere between a fast 486 and a pentium 75mhz in speed for encryption.  If
I remember correctly a Pentium 75mhz can only do 20-30mpbs NAT so apparently
the WRAP is faster for this kind of thing.

Regards,

P


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] multiple static ip address router/firewall

[George Metz]

None of the over-the-counter router-in-a-boxes are going to be able to 
handle multiple static IPs, with the possible exception of a Linksys 
that's had it's firmware replaced with a Linux-based one from the 
hardware hacking groups.


An entry level Cisco is hideously expensive; I found two on Pricewatch 
for $389 USD from a retailer with truly bad reviews. Last time I looked 
for one (which, admittedly, was a couple of years ago) the same model 
was going for $1500 USD refurbished.


I adore Cisco equipment and the IOS, but it is way too pricey if you're 
not running a major site - and even then, it's questionable. You're 
going to be far better off with Bering uClibc and any kind of hardware 
than you are spending the money a Cisco will cost, especially since most 
of them you'll need to buy a second ethernet card for your external 
interface and actually get a license for IOS.


George


Andrew Nance wrote:

Hi group,
I have been using Bering uClibc for a couple of years now.  It has been rock
solid and great.  My thanks go out to everyone.
I currently use my leaf box with 5 static ip's without any major problems.

But my question to you guys and gals is do you know of an over the counter
firewall/router (like Linksys, D-Link, or Netgear) that can route multiple
public static IP's for a single cable or dsl connection?
If there are no cheaper solutions, what would an entry level cisco model
be? 
How would these solutions compare price wise to a WRAP running uClibc?



Thanks in advance,
Andrew



---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] multiple static ip address router/firewall

[Andrew Nance]

Thanks George,

That's what I was afraid of.  It looks like my options now are to build (or
buy cheep dell ($300 w/ no OS)) computer to handle firewall/routing or go
with the wrap or soekris.
I plan on having multiple video streams going through this router/firewall
nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I
need the extra cpu of a regular computer or will the wrap be able to handle
it?

Thanks,
Andrew

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of George Metz
Sent: Wednesday, July 13, 2005 5:27 AM
To: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] multiple static ip address router/firewall

None of the over-the-counter router-in-a-boxes are going to be able to 
handle multiple static IPs, with the possible exception of a Linksys 
that's had it's firmware replaced with a Linux-based one from the 
hardware hacking groups.

An entry level Cisco is hideously expensive; I found two on Pricewatch 
for $389 USD from a retailer with truly bad reviews. Last time I looked 
for one (which, admittedly, was a couple of years ago) the same model 
was going for $1500 USD refurbished.

I adore Cisco equipment and the IOS, but it is way too pricey if you're 
not running a major site - and even then, it's questionable. You're 
going to be far better off with Bering uClibc and any kind of hardware 
than you are spending the money a Cisco will cost, especially since most 
of them you'll need to buy a second ethernet card for your external 
interface and actually get a license for IOS.

George


Andrew Nance wrote:
 Hi group,
 I have been using Bering uClibc for a couple of years now.  It has been
rock
 solid and great.  My thanks go out to everyone.
 I currently use my leaf box with 5 static ip's without any major problems.
 
 But my question to you guys and gals is do you know of an over the counter
 firewall/router (like Linksys, D-Link, or Netgear) that can route multiple
 public static IP's for a single cable or dsl connection?
 If there are no cheaper solutions, what would an entry level cisco model
 be? 
 How would these solutions compare price wise to a WRAP running uClibc?
 
 
 Thanks in advance,
 Andrew
 
 
 
 ---
 This SF.Net email is sponsored by the 'Do More With Dual!' webinar
happening
 July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
 core and dual graphics technology at this free one hour event hosted by
HP,
 AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 


---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] multiple static ip address router/firewall

[George Metz]

Honestly, I'm not up on the specs for the WRAP or Soekris boards, but 
I'd be fairly surprised if they wouldn't serve admirably. I'm currently 
using, of all things, a Microsoft wireless router that normally just 
serves as my AP point (we just moved, and I have to rebuild my LEAF box 
now that I have a connection the old ISA 3Com cards would throttle) and 
I've had a radio stream, 2 connections to World of Warcraft, and about 5 
threads downloading large files without a real problem. Given that the 
thing is probably the most underpowered router-in-a-box I've seen, just 
about anything should work fine for you.


Andrew Nance wrote:

Thanks George,

That's what I was afraid of.  It looks like my options now are to build (or
buy cheep dell ($300 w/ no OS)) computer to handle firewall/routing or go
with the wrap or soekris.
I plan on having multiple video streams going through this router/firewall
nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I
need the extra cpu of a regular computer or will the wrap be able to handle
it?

Thanks,
Andrew

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of George Metz
Sent: Wednesday, July 13, 2005 5:27 AM
To: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] multiple static ip address router/firewall

None of the over-the-counter router-in-a-boxes are going to be able to 
handle multiple static IPs, with the possible exception of a Linksys 
that's had it's firmware replaced with a Linux-based one from the 
hardware hacking groups.


An entry level Cisco is hideously expensive; I found two on Pricewatch 
for $389 USD from a retailer with truly bad reviews. Last time I looked 
for one (which, admittedly, was a couple of years ago) the same model 
was going for $1500 USD refurbished.


I adore Cisco equipment and the IOS, but it is way too pricey if you're 
not running a major site - and even then, it's questionable. You're 
going to be far better off with Bering uClibc and any kind of hardware 
than you are spending the money a Cisco will cost, especially since most 
of them you'll need to buy a second ethernet card for your external 
interface and actually get a license for IOS.


George


Andrew Nance wrote:


Hi group,
I have been using Bering uClibc for a couple of years now.  It has been


rock


solid and great.  My thanks go out to everyone.
I currently use my leaf box with 5 static ip's without any major problems.

But my question to you guys and gals is do you know of an over the counter
firewall/router (like Linksys, D-Link, or Netgear) that can route multiple
public static IP's for a single cable or dsl connection?
If there are no cheaper solutions, what would an entry level cisco model
be? 
How would these solutions compare price wise to a WRAP running uClibc?



Thanks in advance,
Andrew



---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar


happening


July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by


HP,


AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/





---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

RE: [leaf-user] multiple static ip address router/firewall

[Arne Bernin]

On Wed, 2005-07-13 at 10:06 -0500, Andrew Nance wrote:
 I plan on having multiple video streams going through this router/firewall
 nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I
 need the extra cpu of a regular computer or will the wrap be able to handle
 it?
 

Can you estimate how much bandwidth you use (average/peek) ?

 Thanks,
 Andrew

--arne

-- 
Arne Bernin [EMAIL PROTECTED]

http://www.ucBering.de





---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/