On Thu, 2006-01-05 at 23:06 -0500, Alain Reguera wrote: > Thanks for replay Bryan. Excuse me for my low knowledge level. I'll > try to explain it. I just didn't know what you meant by your terms. Now I see you mean the subnet. > Imagine you need to give service(mail, web, browsing etc.) to > different institutions. Some institution connect using commuted lines > and others directly through the main ISP router. The location of the > node where all the servers and the main local router are, is inside > one of these institutions. In this moment, the network of the node > have a subneted C class range and the local institution (where is the > node place) is connected using a PC with 2 interfaces that connects > both networks. > At this time all is working, but new workstations are planed to arrive > and we need to increase the number of stations in the local > institution, so 254 PCs actually are not enough. So we are looking a > way to extend or increase the number of possibles workstation. You _could_ "supernet" Class Cs and increase your subnet mask. E.g. /23 (255.255.254.0) will give you 510 usable addresses, /22 (255.255.252.0) will give you 1022 usable, etc... > I proposed the idea of create various networks and separate the local > institutional services from the node, to make them independent one of > another. So, connected to the main local router will be a switch, this > will be the top level local switch where the node and the local > institution will be. If you want to segment, that will give you separate broadcast domains. If you do that, you either want to have a very fast router on a GbE port, or a layer-3 switch that does direct port-to-port after the IP route has been established between 2 nodes (as well as offering a dynamic routing protocol such as RIPv2 or OSPF). The best, entry-level layer-3 switch I've seen is the Netgear FSM7328S: http://www.netgear.com/products/details/FSM7328S.php 4xGbE, 24xFE for about $400 list. They have a 52-port version (4xGbE, 48xFE) in the FSM7352S as well, but at that point ($800), you'd probably want to look to a GSM7312 (12xGbE) instead for about the same cost ($900). > The node is formed by various servers that will be connected directly > to the switch. The main objective of the node is to administer mail > accounts and RADIUS service (don't know it at all) and control > browsing for the users connected. > The institution is formed by a PC with various eth interfaces, one to > connect to the router, and a serie of 192.168.1-2-3-...n.0 that permit > us to connect 254 workstation for each one. Maybe will be needed more > than 1 box here, think that the number of eth interfaces in a PC is > limited. The main objective here are browsing, mail and web > publishing. You really want to _avoid_ using a PC as a router at wire-speeds. It's going to be very slow, unless you spend a _lot_ of money on a powerful system, PCI-X/PCIe cards/channels, etc... You're far better off going with a dedicated piece of equipment. Not just a router, but a layer-3 switch, which does direct layer-2 switching at the MAC level after routes have been established between two ports. If you still want to use a PC as a router, be sure to build your kernel so it is optimized as a router (this is a selection in the networking subsystem), and not as a host (which is going to be the default of any kernel build). But I really would recommend _against_ that, _unless_ you can guarantee that 95% of the traffic is local to the subnet. [ For the naysayers that might say that several layer-3 switches use Linux, remember that these layer-3 switches have ASIC hardware that is driven by the Linux OS. A PC does _not_. A PC can_not_ do what a layer-3 switch can anywhere near as fast. ] > That's it, don't know if I explain my self. Don't know if my idea is > correct, just an idea of what I've been reading on Douglas E. Comer > TCP/IP (my first reading about networks). > Again, thanks Bryan for replaying. > Any suggestion or idea of how make this will be strongly appreciated. 1) Unless 95% of the traffic stays local to the same subnet, I would _not_ use a PC as a router. 2) If you don't need segmentation, then "supernet." _All_ systems can keep the same IP addresses, just their subnet masks need to change. 3) If you want segmentation, but more than 5% of your traffic crosses subnets, get a Layer-3 switch. -- Bryan J. Smith mailto:b.j.smith at ieee.org http://thebs413.blogspot.com ------------------------------------------ Some things (or athletes) money can't buy. For everything else there's "ManningCard."