>> How about sites having one link to the outside world have the Cisco
>> do the routing and put a dual-homed PC between the Cisco and the outside
>> world? Recently there have been announcment of pretty nice PC-based
>> routers which should be able to do this work without affecting the
>> throughput too much.
If the connection to the outside world is at T1 speed or less, this shouldn't
be much of a problem. You could have an ethernet interface on the Cisco
attached to a "border" subnet and on that subnet you could have a PC-based
router with two ethernet cards (one on the "border" net; one on an "internal"
net). Since ethernet is 10MB/s and T1 is 1.54MB/s you shouldn't have any
performance problems on the PC-based screening router.
If your link to the Internet is 10MB/s or greater, then you may have some
throughput issues with a PC-based screening router w/ ether cards. In this
case, if higher speed cards are available for the PC you could potentially
use those. Or, you could use a workstation with two ethernet interfaces (or
higher speed interfaces, if available).
Once you get above 10MB/s there are fewer options that fit this model and
they will depend on the structure of your internal network at the "connection
point" to the Internet.
>> This solution would be hard to implement for sites like us where we have
>> about 4 links to outside the campus.
Well, maybe not. Can you have those four links connect to the same
"border" net? If so, the model I described above would still work.
Tim
References:
|
|
