Re: High end network routing,

[keith morse <kgmorse mpcu com>]

Comments below


Brian D. McGrew wrote:
> A couple of quick questions and a sanity check ... I have a very large 
> network that i need to subnet and seperate out into VLANS and I want to 
> use Linux.
>
> Right now, what I have are three Cisco Catalyst WS3548-XL switches.  I 
> need to create four VLANS, Admin/Sales, Engineering, Software and 
> Manufacturing.  I have a Cisco 2610 behind a Checkpoint firewall, load 
> balancing two T1's out to the world.
>
> What I'm thinking about doing is setting up a Linux box (Fedora Core 2) 
> with five ethernet interfaces in it.  The existing switches will not do 
> Layer 3 routing but they will share the VLAN segments.

I wouldn't use FC but rather one of the RHEL variants like White Box 
Enterprise Linux due to the longer life of the OS.


> So, if I were to have the four VLANS, set the Linux box as the router 
> for all four and then make the fifth interface in the box my connection 
> to the outside world, would this work?  How would I go about configuring 
> routing on the Linux host so that all the networks can talk?  And 
> lastly, assuming that I'm going to be using a 100MB connections between 
> everything (as opposed to gig), what kind of speed constraints am I 
> looking at?  A consultant trying to sell me a $17k Foundry switch is 
> telling me that the new switch will route at 'wire' speed but I was 
> under the impression that a Linux box would do the same thing?

routing would be extremely simple and I would only use static routes. 
No need for dynamic routing protocols based on your description above.

Speed would be at 100MB.  That's theoretical of course as ethernet tops 
out at about 70 - 80 % of max.  When used strictly as a router the cpu 
won't even be breathing hard if all interfaces are fully utilized.
A P-III 500Mhz cpu would be overkill for your application.

> Any help would be great here, I really don't have the luxury of spending 
> $17k on a new switch right now but I need to revive a failing network.

I wouldn't hesitate to use a linux box in this situation.  There are two 
things I would recommend.  Take a look a www.mikrotik.com.  There you'll 
find a 4 port 10/100MB card for a quite reasonable price.  In fact they 
even produce a linux os of their own to perform as a router.  Using that 
os would negate my next suggestion.

Which is to use ntop on the router.  It's quite a nice tool to see how 
your network is being utilized.