Recommendation for Dual T1 Routing/Firewalling

Steven N. Fettig freebsd at stevenfettig.com
Thu Mar 18 07:35:57 PST 2004 

Sorry to cross-post this question, but I wanted to make sure my thinking 
is on track regarding a FreeBSD box I am going to use for 
routing/firewalling.
A wireless project I am working on is getting 2 T1's from Global 
Crossing that I want to bring into a Sangoma dual CSU/DSU card (using 
their software called WANPIPE to configure) in a FreeBSD box.  I am 
considering using one of my left-over VIA mini-itx machines running at 
533 MHz (512MB of RAM and a 40 GB IDE drive).  Basically, I want to 
build a dual-homed machine that provides firewalling and NAT to the 
wireless network (both of the T1's are bundled by GC, so actual 
throughput should be around 3Mbps).  There are segments of the network 
that I want to do NAT for and other segments where I simply want the 
clients to have real world addressable IP's.  I have built a number of 
dual-homed machines before, but nothing that was critical like the 
system that I am about to build.  Plus, I would like to test out 
bandwidth controls for some ranges of IP's. 
The questions are:
a) does anyone have anything bad or good to say about Sangoma CSU/DSU cards?
b) is the processor I am using more than capable of handling the 
bandwidth I am bringing in (considering there may be upwards of 60 
machines behind the firewall either surfing via NAT or directly via 
their real-world IP's)?
The machine is a great choice from the standpoint that there is no 
cooling fan and it is extremely small, so I don't have to be so 
concerned with mechanical failure outside of the HD.  I am concerned, 
however, that the processor is going to be too slow and will add too 
much latency to the network.  Like I said before, I have built 
dual-homed gateways before (using nothing more than a P 150 and a P II 
233) and didn't have any issues with those machines, but I also wasn't 
dealing with the amount of bandwidth and/or clients that I am looking at 
for this new network.  So, I am concerned about reliability and latency...
Any comments or suggestions would be very much appreciated.

Thanks,
Steve Fettig

More information about the freebsd-net mailing list