Hi Rick, > Your diagram raised an interesting point. If you do intend to subnet the > cabinets in a private IP, you're going to make your clients' hosting plans > very, very difficult. The only way to do that is to use NAT to translate > public IP to private. Besides the headache of overhead and performance, > this raises problems of 2-way translation and DNS. I predict > failure. Better to assign a net block from ARIN and go independent than to > try NAT. From experience in dial-up, you'll fail otherwise. Erm, that was shown as an example. Trust me, I have no intention whatsoever as to running that server farm on NAT. :) But let's just cut to the chase. I LOVE TECHNOLOGY, period!! :) I had a meeting today with my Networking provider... The company who will basically be providing me with my hardware requirements towards getting my network up and running. The plain and simple answer is called - Cabletron... More specifically, their RRS2000 Network Cabinet and Layer 4 "Intelligent" switches - these devices are apparently used throughout the US Government and Military. The RRS2000 includes EVERYTHING. Frame Relay, Fibre Optic, WAN, LAN, Voice-IP, NAT, DHCP, BOOTP, you name it, it's got it. It also has dedicated monitor ports (invisible to the rest of the network) - ideal to monitor what is happening on my LAN aswell as to control configurations on the Network such as Firewall configurations, and feature all the capabilities of a fully fletched router. The Switches also feature PER PORT Firewalling, and Routing!!! Further enhancements includes data and port forwarding, aswell as data priorization. This thing is like IPChains on steroids, build into a dedicated metal box. On the routing side - also sorted. the RRS2000 will basically become my backbone, literally. Because of this, I simply route the biggest possible subnet of IP network(s) through to the port on the switch which connects to a secondary switch in the server farm. (say for example, 192.168.0.0 / 255.255.255.128). The secondary switch, is then configured to broadcast all incoming data to all the hubs (in the cabinets), and all the servers receives the data. For outgoing traffic, OSPF is used throughout the switches in the server farm, and the switches maintains the shortest possible path to the outside of the network (Internet), while automatically being firewalled in both directions by the firewall configuration on the RRS2000 (OSPF is configured in such a way to make certain ALL data from the Hubs inside the cabinets actually gets turned around inside the RRS2000) - SORTED!!! Cost wise, the RRS with all the attachments and ports I need should cost me about R45, 000 (or US$ 7, 500). I don't think that's too shabby for a network solution that looks after all my current requirements, aswell as to having a solution which physically has no limitation towards its reliability and upgradability. Erm, as to having to make sure the solution works. It uses the same technology, same equipment, and will be provided and supported by the same company that installed the biggest server farm to date in South Africa. The Internet Solutions (www.is.co.za) currently have a server farm capable of hosting 1000 PCs on the same network configuration as I am setting up now (obviously I am doing it on a much smaller size for startup costs). I almost believe their web site for the server farm is at www.hosting.co.za but I am not 100% sure about this. In anycase, like I said, same solution, same equipment, setup by the same company :) As to the firewall's setup... Let's make it interesting *G* I'll firewall everything except the well-known service types :) Or even better, firewall everything except the things that is used in the farm. Then again, because I am able to setup firewall rules on the switches, I can configure the entire firewall on a per Cabinet basis. Which means the client has FULL control over access on his server(s), regardless of where in the farm the server is allocated, or what IP address(es) his Cabinet hosts. Exactly what I was looking for on the Firewall side of things. I would have loved to Firewall on a IP bases (instead of Firewalling the HUB which connects to the Cabletron Switch), but this would mean that I need to put a Switch in the Cabinet instead of a Hub, which adds to unnecessary costs. In anycase, thank you for your valued feedback. If you didn't start talking about Layer 4 switches and VLANs and the like, I never would have found this solution. Regards, Chris Knipe Cell: (083) 430-8151 Q: How many Microsoft engineers does it take to change a light bulb? A: None. Bill Gates just redefines Darkness as the industry standard. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu
