On Thu, 2006-01-05 at 23:06 -0500, Alain Reguera wrote:
Thanks for replay Bryan. Excuse me for my low knowledge level. I'll try to explain it.
I just didn't know what you meant by your terms. Now I see you mean the subnet.
Imagine you need to give service(mail, web, browsing etc.) to different institutions. Some institution connect using commuted lines and others directly through the main ISP router. The location of the node where all the servers and the main local router are, is inside one of these institutions. In this moment, the network of the node have a subneted C class range and the local institution (where is the node place) is connected using a PC with 2 interfaces that connects both networks. At this time all is working, but new workstations are planed to arrive and we need to increase the number of stations in the local institution, so 254 PCs actually are not enough. So we are looking a way to extend or increase the number of possibles workstation.
You _could_ "supernet" Class Cs and increase your subnet mask. E.g. /23 (255.255.254.0) will give you 510 usable addresses, /22 (255.255.252.0) will give you 1022 usable, etc...
I proposed the idea of create various networks and separate the local institutional services from the node, to make them independent one of another. So, connected to the main local router will be a switch, this will be the top level local switch where the node and the local institution will be.
If you want to segment, that will give you separate broadcast domains. If you do that, you either want to have a very fast router on a GbE port, or a layer-3 switch that does direct port-to-port after the IP route has been established between 2 nodes (as well as offering a dynamic routing protocol such as RIPv2 or OSPF).
The best, entry-level layer-3 switch I've seen is the Netgear FSM7328S: http://www.netgear.com/products/details/FSM7328S.php
4xGbE, 24xFE for about $400 list. They have a 52-port version (4xGbE, 48xFE) in the FSM7352S as well, but at that point ($800), you'd probably want to look to a GSM7312 (12xGbE) instead for about the same cost ($900).
The node is formed by various servers that will be connected directly to the switch. The main objective of the node is to administer mail accounts and RADIUS service (don't know it at all) and control browsing for the users connected. The institution is formed by a PC with various eth interfaces, one to connect to the router, and a serie of 192.168.1-2-3-...n.0 that permit us to connect 254 workstation for each one. Maybe will be needed more than 1 box here, think that the number of eth interfaces in a PC is limited. The main objective here are browsing, mail and web publishing.
You really want to _avoid_ using a PC as a router at wire-speeds. It's going to be very slow, unless you spend a _lot_ of money on a powerful system, PCI-X/PCIe cards/channels, etc...
You're far better off going with a dedicated piece of equipment. Not just a router, but a layer-3 switch, which does direct layer-2 switching at the MAC level after routes have been established between two ports.
If you still want to use a PC as a router, be sure to build your kernel so it is optimized as a router (this is a selection in the networking subsystem), and not as a host (which is going to be the default of any kernel build).
But I really would recommend _against_ that, _unless_ you can guarantee that 95% of the traffic is local to the subnet.
[ For the naysayers that might say that several layer-3 switches use Linux, remember that these layer-3 switches have ASIC hardware that is driven by the Linux OS. A PC does _not_. A PC can_not_ do what a layer-3 switch can anywhere near as fast. ]
That's it, don't know if I explain my self. Don't know if my idea is correct, just an idea of what I've been reading on Douglas E. Comer TCP/IP (my first reading about networks). Again, thanks Bryan for replaying. Any suggestion or idea of how make this will be strongly appreciated.
1) Unless 95% of the traffic stays local to the same subnet, I would _not_ use a PC as a router.
2) If you don't need segmentation, then "supernet." _All_ systems can keep the same IP addresses, just their subnet masks need to change.
3) If you want segmentation, but more than 5% of your traffic crosses subnets, get a Layer-3 switch.