Routers: Cisco vs. Linux?

David A. Bandel david
Mon May 17 11:56:40 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 08 Dec 2003 15:11:56 -0600
Michael Hipp <Michael at hipp.com> wrote:

> I'm planning a major upgrade of my SOHO network in the near future.
> Many of the network designs I've been looking at put a Cisco router
> ahead of the Linux firewall on the T-1s.
> 
> What advantage does this offer?
> 
> Even a smallish (26xx) Cisco router with 2 WAN ports is a pricey
> affair compared to a Linux box. Stated another way, I could have
> several hot/cold spares for my Linux firewall box for the price of a
> spare for the Cisco. And my impression is that Cisco routers aren't
> inherently any more secure than a "hardened" Linux box.
> 
>                    Cable Internet
>                      fallback
>                        |
>                        |
>   2x T-1 bonded  |  Linux   |         DMZ LAN
> ================| IPtables |-------+--Apache Server
>     (Cisco?)     | Firewall |       +--DNS Server
>                     |    |          +--Email Server
>                     |NAT |NAT
>                     |    |            QUARANTINE LAN
>                     |    +------------ Win box
>                     |                    (suspect of viruses, etc.)
>                     |
>                     |                 PRIVATE LAN
>                     +---------------+--Win2k App server
>                                     +--Linux desktops (x n)
>                                     +--Win desktops   (x n)
> 
> Any other comments on this design?
> 
> What PCI port card would anyone recommend for direct connection of the
> 
> Linux box to the T-1s?
> 
> What specs should I plan for the firewall box given that it needs to 
> handle up to 3 Mbps of WAN traffic plus a fair amount of LAN traffic?
> 

Well, I have several Linux boxes w/ a Cyclades Frame Relay card (but the
PC300 is also available for T1/E1 connections as well as V-35).  My
biggest pipe is 4Mb and I run several incoming/outgoing PVCs (but I also
haven't saturated this tube).  To date, I've had no problems.  Cyclades
is a bit slow supporting new kernels (they write their own drivers), but
generally this has not been a problem for me.  What I like is that the
Linux box is much more flexible than the Cisco, and I can run tcpdump,
etc., and watch traffic, troubleshoot, run ingress/egress policing, and
more that Cisco doesn't give me.  If I were to use Cisco, I'd end up
with a Linux box directly behind it, so why bother?

I do, however have a few Cisco boxes, which I buy off E-Bay on the
cheap.  Haven't had problems with any of them, but most are just
emergency boxes (in case one of my Cyclades cards goes down). 

Ciao,

David A. Bandel
- -- 
Focus on the dream, not the competition.
		Nemesis Racing Team motto
GPG key autoresponder:  mailto:david_key at pananix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/1Ozzj31PLQNUbV4RAh++AJ93iGAtbBkUJBJjw+KQxyLPWqSQKQCeOXdu
ciun4beXz2Q+BPvU1bcXdVI=
=hrFo
-----END PGP SIGNATURE-----

More information about the Linux-users mailing list