On Sep 20, 2007, at 9:53 PM, bofh wrote:
On 9/20/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
On Sep 20, 2007, at 9:09 PM, Josh wrote:
Can someone please inform me if this is a really bad idea or not,
ideally with some nice reasoning?
What type of throughput is required between each segment? If you've
been around here much, you've probably heard me espouse on the
benefits of VLANs. This is certainly more elegant and secure than
running a number of virtualized OpenBSD systems on non-OpenBSD
virtual host.
Well, heck, if he's thinking of putting in lots of interfaces
(probably to the tune of 1 interface per firewalled segment), why not
just run ONE or TWO firewalls? Either vlan the things or dedicate one
interface per network segment, both work well.
Actually, use the two boxes, and carp them for failover.
Because we have no idea what his requirements are. That's exactly
why I asked for them. Obviously, CARP is good in any scenario, but
it only provides redundancy. It has virtually nothing to do with his
network design.
---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
