Re: Consumer-grade dual-homed connectivity options?

[Steven Bellovin <smb () cs columbia edu>]

On Dec 30, 2009, at 6:23 PM, Joel Jaeggli wrote:

> Brett Frankenberger wrote:
> > On Wed, Dec 30, 2009 at 11:13:24AM -0500, Steven Bellovin wrote:
> > > I know nothing of how to do this on a Catalyst; for PCs, my own guess
> > > is that you're looking far too high-end.  If the issue is relaying to
> > > the outside, I suspect that a small, dedicated Soekris or the like
> > > will do all you need -- there's no point in switching traffic faster
> > > than your DSL lines can run.  I'm not doing load-balancing, but all
> > > traffic from my house to the outside world (I have a cable modem)
> > > goes through a Soekris 4801, and I can download large files from my
> > > office at 12-13M bps.  Further, since the Soekris is bridging some
> > > networks, its interfaces are in promiscuous mode, so the box is
> > > seeing every packet on my home LAN. 
> >
> > Really?  If it's connected to a switch, I'd expect it to only see
> > broadcast/multicast/unknown destination MACs, as well as traffic
> > actually flowing through the Soekris.
>
> I believe he's refering to the situation where the soekris is doing the
> bridging, since the soekris only has 4 ethernet ports and two pci slots
> max it's likely that if you need greater than quantity 3 plus wireless
> internal interfaces that you'll need a switch. given the performance
> limits of even a 5501 I tend to disagree that the switching traffic
> internally in software bridge at less than line rate at 100Mb/s is a
> great trade-off vs say using a cheapo gig-e switch.

Correct, except that my Soekris has only 3 100Mbps ports.

My house is wired with COTS GigE switches.  Outbound traffic passes through the Soekris, which bridges to an older 100M 
bps switch.  That, in turn, is connected to the cable modem and a few older devices that don't need much bandwidth and 
only have 100baseT ports themselves, like a wireless access point and a printer.  

I have that setup for several reasons.  First, I want a point from which I can monitor outbound traffic -- home 
"routers" and switches don't have monitoring ports.  I wanted a DHCP server that supported static allocations.  I 
contemplated (but never implemented) putting an IPsec gateway there; I still may do that.  I'm about to move my IPv6 
tunnel endpoint to the Soekris.  I have contemplated multihoming my house, though I might conclude that that would 
incur too many spousal points.  Finally, at one point I had a more complex topology for my home network -- certain 
locations in the house were separated, to permit imposition of restrictions for, shall we say, violations of the house 
AUP...

                --Steve Bellovin, http://www.cs.columbia.edu/~smb