You're just not grasping this concept very well, are you? Let me spell it out to you very slowly: the limiting rate here is his T3 connection! No matter what these 3000+ users are doing, they cannot generate more than 45Mbit/sec of traffic because that's the max the T3 will handle (actually it's slightly less than even that due to overhead).
*Sigh* I grasp that concept very nicely, my point is being misunderstood. Not all traffic is going out the T3. Yes I'm aware that you will never go above the 45MB. But, You can easily get beyond that traversing from one internal network to another internal network. It _almost_ happens here where I work all the time. A couple of users from our ad design department will download something from our FTP server, and the bandwidth MRTG reports is around 80Mb/s. A few more of those and you'd start to notice sever lag on an older system with 32bit PCI. That is the entirety of my point. The T3, has never been a limiting factor in my argument.
4x100Mbit is 4x100MBit.. what in gods name does the number of users have to do with it? If you have 400Mbit/s, is that 400MBit/s "bigger" in some way because its generated by 3000 users instead of, eg, 1000 or 500 or even just 1? It isnt.
true...sort of. if those 3000 users aren't doing much other than checking email and browsing the web. If they are doing some serious stuff; which they may not be who knows?; then chances are good that 3000 users means a heck of a lot of traffic. For example, I have an FTP server that you can get a good 20MB sustained (through a gateway), if there was just 4 people downloading at that rate then that's 80M that doesn't leave a lot of room for the other 3 networks that I have connected to that same router. 5 users downloading at that rate? oh, well that the entire PCI bus that's flooded, unless you have 64bit PCI. _MY_ router is OpenBSD and I do have 64 bit PCI, but the asker is saying he wants to do this with a PII.
Also, how will GigE make their T3 any faster? Yay - i've got GigE connectivity to my 43MB/s internet connection.
it won't, but chances are good that he needs to route between the interfaces to the other networks. He did say _4_ interfaces remember. In my example above, if there's an FTP server on network 1, and 5 users on network 2 downloading from that server, ALL of the other interfaces will notice severe lag (it will stil work because the packets will get queued but it would be sloooooow), even if their traffic has nothing in the world to do with the interfaces that are bogged down.
If you do decide to do this with a PC, make sure it has a MINIMUM of a 64 bit PCI (507MB theoretical IIRC) and 100baseT (the norm these days) 1000baseT is even better as the cards have a bigger buffer that will help you even if you aren't routing at that speed. Use OpenBSD (if you can) the altq functionality of PF will help you to eleviate many of the bandwidth problems, so that none of the other interfaces can completely wipe another off the map if a few people are using some big time bandwidth.
you're talking max bandwidth there. Would you actually try to route 3000+ users through that?
That's just the max that is _theoretically possible. The PCI bus (32 bit) is capable of a (again) _theoretical 127MB. Would you stake your job on those numbers? I sure as hell wouldn't. I'd divide all numbers by 5 and you will see a more likely transfer rate plus have room to grow a little. The asker didn't say what type of business it is, but I'd bet at 3000 users a lot of those are transferring some big files. Does this company have it's own advertising department? If so, they'd be spiking the T3 by themselves all day long.
You _could_ set it up, and it _would_ work, but you'd be the guy that gets blamed for making a a crappy router (even if it's the best thing since RAID 5). You're better off going with gigabit and a cisco router.
It doesn't matter what sort of PC you are using...you simply cannot pump that much through a standard PC. 3000+ users? forget it. You are going to need a cisco my man. Unless anyone knows if those quad cards can route between connectors at faster (much much muuuuuch faster) than the PCI bus will allow.
Re:The Shields Up! Test
Re:The Shields Up! Test (Score:1)
by Micro$will (592938) on Wednesday March 10, @08:54PM (#8529083)
(http://www.vixenny.com/)
I'm not sure about the DI-604, but I had an old DI-704 that would stealth 113 given the proper tweaks. I'm also surprised the 604 didn't show up to ICMP scans since I had to manually set mine to not reply.
The Zone Alarm results are confusing too. I just installed the free version on a friends machine, but had to disable it temporarily because it blocked the outbound request to access my file server. I assume there are many options you can configure to secure any hardware or software firewall, but you need to have the knowledge and patience to sit down for a day, preferably within a protected network, set them up and hammer on them with nmap.
I have zone alarm running on my wifes windoze box (only one in my house) and I set the preferences to prompt whenever something new requests a connection to the internet. Then when something hasn't been used before you get a popup asking for permission. I've caught spyware this way and simply denied it access and the pop-ups went away. I don't think it's a substitute for gateway firewalls, but they are very useful for situations like this.
Actually most home cable/DSL routers run a small embedded Linux distro
Linux isn't bad because the OS can't handle the job, but rather because they just don't have the really wide backplane like the Cisco's have. If you were able to get a linux box with a backplane like what cisco uses linux would be jsut as effective, albeit perhaps not as robust as IOS.
Hardware firewalls are not meant for exquisite filtering or heavy duty VPN. What does make firewalls nice is that they have multiple ports (hence a router) and have a FULL bandwidth between any 2 channels.
I agree with you, to a point. For a medium sized network like mine, where there are _no_ hubs except for the one at the firewall (so the snort box can listen) the switches will take care of keeping the bandwidth that the firewall actually hears to a minimum. The PCI bus can handle 127-ish MB/s nad 64 bit PCI can handle 508-ish. So unless you have a really high traffic system[1] this setup is not even noticable between a Cisco, or other heavy duty router.
[1] I have a really high traffic FTP server on my DMZ that is accessed a lot from systems on one of my NAT's and from the internet. What I did was move this system (OBSD) in _front_ of the firewall, enable PF on the FTP server to firewall it. Then I added a 2nd NIC to the FTP server so it plugs directly into the LAN. This makes sure that almost _no_ traffic from that system actaully hits the firewall. If I didn't do this, the PCI bus, like you say, would slow things to a crawl.
Same here. Most of my company firewalls are running OpenBSD with PF. There's 1 linux box that is getting replaced very soon. Typical setup is 4 or 5 nics, multiple NAT's yadda yadda. plus now that OpenBSD is giong to have CARP in 3.5, you will have an auto-failover with a maintained state to another machine. This plus transparent squid caching, allows us to have about 100 users per T-1 with no complaints.
While I like the size of the A button I agree, the z button has to be the most horribly placed button in the universe. The only way to really be able to use in in a hurry is to hit it with the middle part of your pointer finger (the middle being that part between the 2nd and third knuckles, if we number the knuckles starting with #1 being the one connected to your palm). The controller would be better off without that button at all.
It is rediculous. I've had my gamecube since christmas, and I've read on almost all documentation that some things may cause seizures even if you have never had them before... I've read in on at least 2 of my 3 games (the 2 made by nintendo, and the gamecube doc's itself. This I would conclude...is frivelous.
and more recently, Delorean of the 70's. Of course John was still an idiot for putting his hands on the cocaine even if it was for the company. He just should have known better.
which one has a higher penalty? That's the one I vote for. Maybe this should be a slashdot poll.
Makes me wonder if maybe SCO is playing their legal strategy with one of those "magic 8 balls".
Darl: Does linux contain SCO code? *shakes 8 ball*
M8B: You may rely on it
Darl: Should we sue a linux user today? *shakes 8 ball*
M8B: Result hazy try again later
Darl: Should we sue a linux user today? *shakes 8 ball*
M8B: Without a doubt
Don't forget 7-11. They have Pepsi cups for their fountain drinks. I'm a coke drinker, but I use the 32 oz pepsi cup and still get the free songs from pepsi, all whilst drinking my coke:-D
Did you watch the video? The guys daughter told the cops they had gotten into an argument (the one named mimi at the end). They had their guy, this was not mistaken identity. I counted 3 times in the transcript where the cop said "I'm doing an investigation" and "I'm jsut trying to see what we've got here". If his daughter was being spanked for being bad, so be it. But if it was bad enough for some bystander to call the police, then maybe the police should not have just left so easily. Maybe from a distance it looked worse than it was, who knows, I didn't see it.
What difference does that make? How many people in jail right now gave a cop a fake name when they were busted? The cowboy just needed to take a chill pill, listen to what the officer was saying. He kept saying "I'm cooperating I'm cooperating", but he wasn't even listening. He was making a big deal out of his parking job. The man fit the description of the man they were looking for. It's like the guy didn't understand english. "Am I parked illegally?" NO! for the hundreth time, I'm investigating an assault and I need to know who you are! The cop used those exact words. "I jsut need to know who you are" the cowboy could have said then "my name is such and such" but chose instead to stick his hands out and say arrest me. Are you saying the rules should be this
Office asks name
Officer asks if they did anything wrong
If the suspect gives name and says they didn't do anything, the officer should just move along?
but the thing is, there was a crime that was commited. There was a report of a fight started by someone on the side of the road with a truck. The officer stated "I'm investigating a fight, and I just need to know who you are". The idiot cowboy kept going back to "i'm not illegally parked am i?" and refusing to provide ID. The officer was in the right here. I think it would be a worse precident to set that someone can just refuse to show id and then the cop has to leave them alone.
Isn't this the reason people switched to X to start? I am having trouble remembering now, but didn't X replace motif because of license issues? Maybe it's time to do that again?
Slashdot Mirror
too bad I'm in seattle and couldn't see it. I hope I won :-)
YOu never tried sourceforge did you? ;-)
I found this, I don't know it it's _exactlt_ what you are looking for but there's others.
phprpg
You're just not grasping this concept very well, are you? Let me spell it out to you very slowly: the limiting rate here is his T3 connection! No matter what these 3000+ users are doing, they cannot generate more than 45Mbit/sec of traffic because that's the max the T3 will handle (actually it's slightly less than even that due to overhead).
*Sigh* I grasp that concept very nicely, my point is being misunderstood. Not all traffic is going out the T3. Yes I'm aware that you will never go above the 45MB. But, You can easily get beyond that traversing from one internal network to another internal network. It _almost_ happens here where I work all the time. A couple of users from our ad design department will download something from our FTP server, and the bandwidth MRTG reports is around 80Mb/s. A few more of those and you'd start to notice sever lag on an older system with 32bit PCI. That is the entirety of my point. The T3, has never been a limiting factor in my argument.
4x100Mbit is 4x100MBit.. what in gods name does the number of users have to do with it? If you have 400Mbit/s, is that 400MBit/s "bigger" in some way because its generated by 3000 users instead of, eg, 1000 or 500 or even just 1? It isnt.
true...sort of. if those 3000 users aren't doing much other than checking email and browsing the web. If they are doing some serious stuff; which they may not be who knows?; then chances are good that 3000 users means a heck of a lot of traffic. For example, I have an FTP server that you can get a good 20MB sustained (through a gateway), if there was just 4 people downloading at that rate then that's 80M that doesn't leave a lot of room for the other 3 networks that I have connected to that same router. 5 users downloading at that rate? oh, well that the entire PCI bus that's flooded, unless you have 64bit PCI. _MY_ router is OpenBSD and I do have 64 bit PCI, but the asker is saying he wants to do this with a PII.
Also, how will GigE make their T3 any faster? Yay - i've got GigE connectivity to my 43MB/s internet connection.
it won't, but chances are good that he needs to route between the interfaces to the other networks. He did say _4_ interfaces remember. In my example above, if there's an FTP server on network 1, and 5 users on network 2 downloading from that server, ALL of the other interfaces will notice severe lag (it will stil work because the packets will get queued but it would be sloooooow), even if their traffic has nothing in the world to do with the interfaces that are bogged down.
If you do decide to do this with a PC, make sure it has a MINIMUM of a 64 bit PCI (507MB theoretical IIRC) and 100baseT (the norm these days) 1000baseT is even better as the cards have a bigger buffer that will help you even if you aren't routing at that speed. Use OpenBSD (if you can) the altq functionality of PF will help you to eleviate many of the bandwidth problems, so that none of the other interfaces can completely wipe another off the map if a few people are using some big time bandwidth.
you're talking max bandwidth there. Would you actually try to route 3000+ users through that?
That's just the max that is _theoretically possible. The PCI bus (32 bit) is capable of a (again) _theoretical 127MB. Would you stake your job on those numbers? I sure as hell wouldn't. I'd divide all numbers by 5 and you will see a more likely transfer rate plus have room to grow a little. The asker didn't say what type of business it is, but I'd bet at 3000 users a lot of those are transferring some big files. Does this company have it's own advertising department? If so, they'd be spiking the T3 by themselves all day long.
You _could_ set it up, and it _would_ work, but you'd be the guy that gets blamed for making a a crappy router (even if it's the best thing since RAID 5). You're better off going with gigabit and a cisco router.
It doesn't matter what sort of PC you are using...you simply cannot pump that much through a standard PC. 3000+ users? forget it. You are going to need a cisco my man. Unless anyone knows if those quad cards can route between connectors at faster (much much muuuuuch faster) than the PCI bus will allow.
Anyone know if Wil Weaton got the part?
Re:The Shields Up! Test Re:The Shields Up! Test (Score:1) by Micro$will (592938) on Wednesday March 10, @08:54PM (#8529083) (http://www.vixenny.com/) I'm not sure about the DI-604, but I had an old DI-704 that would stealth 113 given the proper tweaks. I'm also surprised the 604 didn't show up to ICMP scans since I had to manually set mine to not reply. The Zone Alarm results are confusing too. I just installed the free version on a friends machine, but had to disable it temporarily because it blocked the outbound request to access my file server. I assume there are many options you can configure to secure any hardware or software firewall, but you need to have the knowledge and patience to sit down for a day, preferably within a protected network, set them up and hammer on them with nmap.
I have zone alarm running on my wifes windoze box (only one in my house) and I set the preferences to prompt whenever something new requests a connection to the internet. Then when something hasn't been used before you get a popup asking for permission. I've caught spyware this way and simply denied it access and the pop-ups went away. I don't think it's a substitute for gateway firewalls, but they are very useful for situations like this.
Actually most home cable/DSL routers run a small embedded Linux distro
Linux isn't bad because the OS can't handle the job, but rather because they just don't have the really wide backplane like the Cisco's have. If you were able to get a linux box with a backplane like what cisco uses linux would be jsut as effective, albeit perhaps not as robust as IOS.
Hardware firewalls are not meant for exquisite filtering or heavy duty VPN. What does make firewalls nice is that they have multiple ports (hence a router) and have a FULL bandwidth between any 2 channels.
I agree with you, to a point. For a medium sized network like mine, where there are _no_ hubs except for the one at the firewall (so the snort box can listen) the switches will take care of keeping the bandwidth that the firewall actually hears to a minimum. The PCI bus can handle 127-ish MB/s nad 64 bit PCI can handle 508-ish. So unless you have a really high traffic system[1] this setup is not even noticable between a Cisco, or other heavy duty router.
[1] I have a really high traffic FTP server on my DMZ that is accessed a lot from systems on one of my NAT's and from the internet. What I did was move this system (OBSD) in _front_ of the firewall, enable PF on the FTP server to firewall it. Then I added a 2nd NIC to the FTP server so it plugs directly into the LAN. This makes sure that almost _no_ traffic from that system actaully hits the firewall. If I didn't do this, the PCI bus, like you say, would slow things to a crawl.
Same here. Most of my company firewalls are running OpenBSD with PF. There's 1 linux box that is getting replaced very soon. Typical setup is 4 or 5 nics, multiple NAT's yadda yadda. plus now that OpenBSD is giong to have CARP in 3.5, you will have an auto-failover with a maintained state to another machine. This plus transparent squid caching, allows us to have about 100 users per T-1 with no complaints.
Could you use an american proxy server to make your connection appear to come from here?
x y/proxy-list/
http://www.atomintersoft.com/products/alive-pro
While I like the size of the A button I agree, the z button has to be the most horribly placed button in the universe. The only way to really be able to use in in a hurry is to hit it with the middle part of your pointer finger (the middle being that part between the 2nd and third knuckles, if we number the knuckles starting with #1 being the one connected to your palm). The controller would be better off without that button at all.
It is rediculous. I've had my gamecube since christmas, and I've read on almost all documentation that some things may cause seizures even if you have never had them before... I've read in on at least 2 of my 3 games (the 2 made by nintendo, and the gamecube doc's itself. This I would conclude...is frivelous.
and more recently, Delorean of the 70's. Of course John was still an idiot for putting his hands on the cocaine even if it was for the company. He just should have known better.
There's like 3 guys in the bleachers. :-) I wonder how many of them are judges?
Would this qualify as extortion or racketeering?
which one has a higher penalty? That's the one I vote for. Maybe this should be a slashdot poll.
Makes me wonder if maybe SCO is playing their legal strategy with one of those "magic 8 balls".
Darl: Does linux contain SCO code? *shakes 8 ball*
M8B: You may rely on it
Darl: Should we sue a linux user today? *shakes 8 ball*
M8B: Result hazy try again later
Darl: Should we sue a linux user today? *shakes 8 ball*
M8B: Without a doubt
First linux now Ma' mopar?? They must die!
They all should have done as gmhowell and asked for paper. 'course that was troublesome in and of itself. At least Joe got some cookies :-)
Don't forget 7-11. They have Pepsi cups for their fountain drinks. I'm a coke drinker, but I use the 32 oz pepsi cup and still get the free songs from pepsi, all whilst drinking my coke :-D
like computer monitors? oh crap....
Did you watch the video? The guys daughter told the cops they had gotten into an argument (the one named mimi at the end). They had their guy, this was not mistaken identity. I counted 3 times in the transcript where the cop said "I'm doing an investigation" and "I'm jsut trying to see what we've got here". If his daughter was being spanked for being bad, so be it. But if it was bad enough for some bystander to call the police, then maybe the police should not have just left so easily. Maybe from a distance it looked worse than it was, who knows, I didn't see it.
actually I remember this one episode where a cop goofed and blew down the wrong door of a suspected drug house.
If the suspect gives name and says they didn't do anything, the officer should just move along?
but the thing is, there was a crime that was commited. There was a report of a fight started by someone on the side of the road with a truck. The officer stated "I'm investigating a fight, and I just need to know who you are". The idiot cowboy kept going back to "i'm not illegally parked am i?" and refusing to provide ID. The officer was in the right here. I think it would be a worse precident to set that someone can just refuse to show id and then the cop has to leave them alone.
Isn't this the reason people switched to X to start? I am having trouble remembering now, but didn't X replace motif because of license issues? Maybe it's time to do that again?