LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-23-2012, 05:26 AM   #1
dasil003
LQ Newbie
 
Registered: Jan 2012
Posts: 4

Rep: Reputation: Disabled
What do router throughput ratings actually mean?


I am in the market for a router for my startup's office. We have a 100Mbps fiber connection, and the office is wired with cat-5 attached to a Cisco 300 series managed switch. Currently we have a number of machines connected directly to the Internet with no firewall, with the majority of my colleagues connecting via an Apple Airport Extreme, which really can not handle the traffic and suffers interference as we are in central London.

I'm looking at some medium-range routers, specifically some WatchGuard XTM 2 Series models (I have experience with the old SnapGear 560, which sadly was killed a couple years ago).

My main concern is network throughput because we are a video company and uploading very large files on a regular basis (saturating 100Mbps up for hours at a time). The WatchGuard spec gives 3 throughput numbers: Firewall, VPN, and XTM in decreasing order of magnitude.

I'm trying to interpret these numbers and wondering if they represent all LAN traffic or just LAN to WAN, and whether up/down traffic should be added together. In short, what should I be looking for if I want to saturate our fiber, do I really need a full 200Mbps Firewall throughput?
 
Old 01-23-2012, 05:43 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
If you're just passing video files to remote sites over the net then that's just the "Firewall" throughput. if you need the firewall to be an endpoint for a VPN, then that will naturally bring the throughput down due to all the extra encryption work it has to do. It sounds like this is not a VPN based scenario, or you would have said it was, so those 2 series devices would be fairly well aligned to your fibre connection. (fiber?? awww come on, you're in London!!) The XTM stuff appears to be some form of IDS, and so given you have a defined set of upload / download endpoints for your video you'd probably just want to exclude those endpoints from this filtering.

And these will just be L3 traffic related, so if you were just switching between local machines, it'd be either 100mbps or 1gbps based on what ports you were using any way. I wouldn't recommend switching through that device though, unless you have very logical reasons to do so, otherwise just stick with the Cisco switch and uplink from that to your firewall on a gigabit port.
 
1 members found this post helpful.
Old 01-23-2012, 06:32 AM   #3
dasil003
LQ Newbie
 
Registered: Jan 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thanks for the response. Sorry for the misspellings, but I'm hopelessly American having just arrived in the UK 2 months ago.

As may be obvious I'm a web developer and not well-versed in system or network administration (though I tend to be a jack-of-all-trades), but I have a dumb follow up.

As far as LAN traffic is concerned, we currently have none because we don't have a router (just the locked down one provided by the telco, which is not providing DHCP). Based on your response, I am to understand that even though this router will provide DHCP to our LAN, LAN traffic will not go through the router directly. That is, the router provides the IP address, but the LAN traffic just goes through the switch without needing to be routed. Again, my mental model of TCP/IP is weak, and my knowledge of what our Cisco switch can do is even fuzzier (it says it can do static L3 routing for instance, but no clue what that means, could it take some of the load off the router for WAN traffic?). So basically, router throughput specs are irrelevant for normal LAN traffic (other than VPN traffic)?

Last edited by dasil003; 01-23-2012 at 06:33 AM.
 
Old 01-23-2012, 06:44 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
so Layer 2 = switching in your local subne and L3 = routing between different subnets. so if you're going from 192.168.1.1 to 192.168.1.2 you're just switching to will just go up one cable and down another in a L2 world. The Cisco 300 series supports L3 stuff but it doesn't look like you have any reason to want to route outside of getting to the interwebs, so that is why you have the firewall in the first place. You can't offload that routing work, you'd just end up doing it twice. The 300 series also supports ACL's, so you... ***could*** do some security on that instead of buying a firewall altogether, but it is NOT a firewall so I really would suggest you avoide that temptation.

If you introduce a firewall then you'll have an additional network space to be aware of. I presume your ISP has given you a /29 of public IP space or some such, so you'd potentially give all of those addresses to the firewall (but in reality I doubt you'd have any real use for more than one of them) and then add a new subnet behind the firewall, e.g. 192.168.1.0/24, which could be dished out via DHCP from the firewall. Note now though that you would need to perform NAT on the firewall, so all traffic reaching your ISP will appear to come from one of the public addresses they gave you rather than the new private networks behind the firewall or you'll never see that traffic again. It's an extremely common thing to do, and the smaller the firewall is, the more likely it is that it'll be there enabled by default.
 
1 members found this post helpful.
Old 01-23-2012, 07:25 AM   #5
dasil003
LQ Newbie
 
Registered: Jan 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
Yes, they've given us a /29 and yes we are okay with DHCP and NAT for most everything. There may be a developer server or two that we want to expose directly on an IP address, but even most of that could be handled with simple port forwarding.

Again, thank you, this is very helpful.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux router max throughput by CPU? nemox Linux - Networking 1 07-22-2006 09:20 AM
Router Throughput Monitor davcefai Linux - Networking 1 04-17-2006 02:49 PM
Hardware Ratings Dimplewidget LQ Suggestions & Feedback 2 11-11-2005 09:57 AM
Urinal Ratings? Berto General 11 07-07-2004 09:22 PM
The user ratings?????? timmy_laf General 11 01-05-2004 01:33 AM


All times are GMT -5. The time now is 04:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration