Can FreeBSD withstand this kind of network load??

Erik Nørgaard norgaard at locolomo.org
Thu Apr 21 03:15:17 PDT 2005 

Mark Jayson Alvarez wrote:
> The setup looks like this.
> There are three /24 networks, A, B, C
> All of these networks are private lan. However,
> Network A contains their servers, one of which is
> their internet proxy server. That proxy server is dual
> homed, one private, one public, which is also their
> passage way to the Internet.
> 
> Now, the IT guy asked me if he can use a pc router so
> that network B and C can see network A, and make their
> way to the internet through the proxy server sitting
> on network A.
> 
> I told him yes. I'm thinking of three posibilities,
> bridging, ip forwarding, and NAT. In his sketch, PC
> router has 3 interfaces, 1 facing network A, and two
> each facing network B and C. With this setup, since A
> already have a route to the Internet, we don't have to
> use NAT, ip forwarding will do the job. We will simply
> forward the request coming from each interface
> connected to network B and C to the interface
> connected to network A and then they can already see
> the proxy. However, he told me that network B and C in
> his sketch is not really their set up. It could extend
> to even few more networks(D, E, F, G, H).

If internet access is proxied you don't need to do NAT either. You just 
need to tell the proxy server about routes for networks B, C, ... ie. 
point it to your FBSD gateway network A interface.

> 
> Qestion:
> 
> Instead of using 6 to 8 interface cards in his pc
> router,(which I don't think is a good idea) can we
> just alias that interface, let's say it has an ip for
> networks B, C, D, E, F, G, H, I and then all the
> traffic from B-I network will pass through this
> interface through some sort of cascading switches and
> then routed will forward this to the second interface
> facing the A network and then every body will be
> happy? Or is it not feasible considering that all the
> traffic from 6-8 networks will only pass through a
> single interface considering that each network will at
> least have 30-50 hosts?

There is no problem in having n NIC's. In your suggested setup you have 
two problems:

1) You may want to keep traffic completly separate so that hosts on B 
can't sniff on the rest of the networks. This is a risk if you have them 
all on the same wire, but can be mitigated with switches.

2) You may want B to be able to communicate with the rest of the 
networks, this requires traffic to be "reflected" on that one network 
card. It is nasty to get working and it may be dificult to filter.

> What's even funny about this is that he brought that
> pc he will turn into a router in our office so that we
> can install freebsd-4.11 with this specs:

You should recommend 5.4, 4.11 is legacy. If a minimal 5.4 is too heavy, 
try OpenBSD.

> pentium III - 500 Mhz
> memory  64 MB.
> HD      4 GB
> 
> I haven't really encountered this kind of setup yet,
> that's why I told him I will do a research on this
> setup. I've heard that freebsd can be configured as a
> web server with this specs serving hundreds of clients
> with just few tweekings.. 
> What do you think with his scenario?

I have setup a OpenBSD based router with similar specs and load: Three 
NIC's, 1 for client network with more than 100 hosts, one for server 
network and one for internet.

What you want to invest in is good NIC's. Also, you get a natural limit 
by how thick your wire is: These specs are fine for up to 10Mbit.

Cheers, Erik

-- 
Ph: +34.666334818                           web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2

More information about the freebsd-questions mailing list