... a small operation with a few computers (maybe three or four servers
plus a handful of other computers)...
... that is not multihomed, and in fact will just be running an Ethernet
link down to the ISP downstairs...
...that is too small to get an ASN and therefore can't do BGP...
Do I go with gated or something similar, or try to pick up a cheap used
router... because I am going to be in this situation within the next
couple months.
Suggestions?
Don't use any routing protocol at all. Actually, skip having your
own router too.
Agreed, we ran default static routes for a long time. Y'all don't even need
a router. I might recommend a LinkSys 2-port ethernet switch, though.
(Control collision domains, See DataComm Warehouse.).
Hm. My main goal is to be able to block stuff from entering my LAN that
I don't want there. With a Cisco or Livingston box or something similar,
it's just a question of installing filters. I could set up a box and use
ipfwadm, perhaps that would be the best thing to do?
He said this was an ethernet handoff from the isp; they are not simply
going to plug him into a switch; he will most likely get a port on a
cisco; they should be able to apply policies for him.. no?
I don't see why he even needs a router, unless there is a lack of a trust
of the upstream's ability to filter.. Or if you know beforehand they will
not?
Oh, and c'mon Roeland, ipfwadm isn't *that* horrid. Granted, linux
will not have release-stable socket filters until 2.2.*, but it ain't
half bad..!
If your business requires offsite support of hw/sw, a 2514'd do you
justice, but it can also be useful to have a un*x box as the router..
cheap proxy/cache engine anyone?
He said this was an ethernet handoff from the isp; they are not simply
going to plug him into a switch; he will most likely get a port on a
cisco; they should be able to apply policies for him.. no?
True.
I don't see why he even needs a router, unless there is a lack of a trust
of the upstream's ability to filter.. Or if you know beforehand they will
not?
I don't know that I necessarily need a router. :>
If your business requires offsite support of hw/sw, a 2514'd do you
justice, but it can also be useful to have a un*x box as the router..
cheap proxy/cache engine anyone?
If push comes to shove I can set up mgetty on the router box, get an
additional phone line and dial into it when needed.
Incidentally, if this is better discussed on another list,
I'll go subscribe to it and raise the question there...
Any further replies I send will be off nanog, let's go private..
I'm sure someone has a quick response for an alternate list, but I don't
mind helping you out a bit more, off the list..
> He said this was an ethernet handoff from the isp; they are not simply
> going to plug him into a switch; he will most likely get a port on a
> cisco; they should be able to apply policies for him.. no?
True.
So do you _really_ want someone else configuring your packet filter?
I didn't think so.
> I don't see why he even needs a router, unless there is a lack of a trust
> of the upstream's ability to filter.. Or if you know beforehand they will
> not?
I don't know that I necessarily need a router. :>
D'accord. But you probably do want a packet filter/firewall/L3 protection
of some flavor.
Incidentally, if this is better discussed on another list,
I'll go subscribe to it and raise the question there...
Well, Tony and other NANOG folks, I think that due to TCO considerations
(not the least being price of a router-in-a-box and my extensive experience
with Linux) I'm going to go with the Linux-based solution. I really do like
Cisco's, but upon further consideration a router-in-a-box doesn't seem like
the proper way to go right now.
Granted, linux