how-to block ads
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| Re: Duh! said by dibbb  :said by OSIU :Maybe they should make it with a toaster and a fridge built in too!  My WebStar gets hot enough I bet it could make toast... But personally, and I may change my mind later, but I like having a separate router, especially for my small-business LAN. I've had my ISP-provider modem fail a few times, and at least with a separate router I can still use the LAN functions. Unless you're running a multi-segment network, why would you need a router for LAN traffic??
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
|  radarman
join:2005-06-01
Odenton, MD
| Re: Duh! One word - NAT. Do you plan to connect more machines than you have leased IP addresses? If so, you need a LAN with a router.
Alternately, would YOU like control over what machine is assigned a certain IP address? Guess what - you can't, unless you run your own DHCP server - which no ISP is going to want to see. So, you are back to needing a router.
It isn't just multi-segment networks that need routers, (though strictly speaking, most home networks ARE multi-segment), but any network where you need more flexibility and control over your network. | |
| |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| Re: Duh! said by radarman :One word - NAT. Do you plan to connect more machines than you have leased IP addresses? If so, you need a LAN with a router. If the MODEM has failed, what are you NATing??
said by radarman :Alternately, would YOU like control over what machine is assigned a certain IP address? Guess what - you can't, unless you run your own DHCP server - which no ISP is going to want to see. So, you are back to needing a router. And this relates how to the benefits of having a router separate from a MODEM in the event of a MODEM failure? As an aside, DHCP does not require a router.
said by radarman :It isn't just multi-segment networks that need routers, Um... Care to explain that? The sole purpose of a router is to move packets from one segment to another. If you have single-segment network, you don't need a router.
said by radarman :(though strictly speaking, most home networks ARE multi-segment) Really?? Discounting the WAN IP, how can you possibly make this statement?
said by radarman :but any network where you need more flexibility and control over your network. Again, all that a router does is move packets from one network segment to another (and, optionally, doing P/NAT). If you want DHCP services, you don't need a router. If you want firewall services, you don't need a router (given that one can set up a filtering bridge device or use client-side software firewalls). So, how does having avrouter provide you with flexibility and control over a network (that you can't get through other means), particularly a network with a flat/unsegmented topology?
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
| | | radarman
join:2005-06-01
Odenton, MD
| Re: Duh! Ok, lets start over. I took some liberties because I assumed we were talking about CONSUMER hardware - not commercial - and that we were talking about CONSUMER ISP's. Please keep that in mind.
Strictly speaking, you are correct - a pure router (like your standard Cisco) does nothing but move packets from one domain to another. You do not need a pure router if you simply lease IP addresses for each machine on your LAN - since you don't really have a LAN, just an extension of the WAN in your house. It is theoretically possible to lease a subnet from your ISP, in which case you MIGHT need a pure router, depending on the ISP's configuration, but you WOULD NOT need NAT (since you have a one to one mapping of addresses available).
As far as I know, no CONSUMER ISP does this. Even if they did, these are not safe networks for most CONSUMERS, as they expose every machine to the public Internet explicitly. Even if I only had one machine, I would still hide it behind NAT as a limited first line of defense.
Also, most consumers with multiple computers do not (or can not) lease a subnet, and few lease enough addresses for each machine - they get one IP address, and then masquerade behind it using NAT. This comprises the vast majority of "home networks"
These networks are, by definition, "multi-segment". You have a private network in their house, typically assigned a 192.168.x.x subnet, and an access point to the public network. Again, you are technically correct - the term for the required hardware is "NAT Proxy" - a "router" is NOT required for this configuration, as private address aren't routable anyway. However, it is still multi-segment in that you can't directly communicate from your LAN to the WAN without some added trickery.
To make things more interesting, most people incorrectly denote ALL "Internet Gateways" as "routers", even though not all Internet Gateways can route. (most can, but few actually use the ability) The vast majority of boxes, such as the Linksys and Netgear boxes, are NAT capable routers - but the vast majority of customers assign the LAN a non-routable address space - making them overgrown NAT proxies. Typically, these consumer "routers" will also support DHCP, limited local DNS (on some models), and a few other services. Many times, they will interfere with other internal machines offering the same services.
There are several things I do not like about my ISP having control of this machine.
One - they could enforce a NAT free network by simply turning off the ability remotely. I'm sure they would love the increased revenue of charging a fee for every box on their network - much the way they used to charge for every TV in your house. The problem isn't so much the fee, though; but the fact that now your network is exposed on the public Internet. At least with NAT, you have to do something stupid to get rooted.
Two - they could permanently enable or disable services which might be disruptive to my LAN. If I am depending on certain network services to be present - I want those services explicitly under MY control. I do not want my ISP futzing with them, or worse, locking me out.
Lastly, if the machine fails, all of the services it provided would be gone with it - for the duration of the time it takes the ISP to service or replace it. At least in my neck of the woods, that involves a trip to the Comcast service center during business hours, or an irritating, time-wasting service call.
Now, most of these concerns are related to ISP leased equipment - but there is still the fact that these machines are not user-serviceable. I cannot simply pull the flash memory out, and drop it in another machine quickly. Even if I owned the box outright, its failure would still entail the time it takes to ship a new one - and I would still have to recreate all of my configuration data, unless by some miracle, I had either backed it up (which is difficult on most consumer "routers") or the machine was busted in some way that still allowed access to the administrative console.
I dunno - at least for me, my LAN is equally as important as the WAN connection. I don't ever save to my local hard drive, instead using a network server; printing is done over the network, etc. I don't want all of that going down because of one box.
My current setup is a Motorola SB5100 cable modem, attached to a Pentium III based PC running FreeBSD & ipfilter/ipnat. While this machine is a single point of failure (it runs the NAT proxy/router, firewall, DHCP, internal DNS, NTP, HTTP proxy, etc) - the machine is entirely under my control. If it fails, I can drop the hard disk in another machine and be up and running in under 20 minutes. If the hard disk fails, I can recover from a backup file on another machine or from a CD-ROM.
THAT is why I would avoid these boxes like the plague. | |
| 
GlobalMind
Domino Dude, POWER Systems Guy
Premium
join:2001-10-29
Hollywood, FL | He is probably using it as his LAN switch as well, since many if not most/all consumer level "routers" have a 5 port switch on them as well.
K. | |
| dibbb
join:2003-09-19
 ·Time Warner VOIP
1 edit | said by nixen :said by dibbb :said by OSIU :Maybe they should make it with a toaster and a fridge built in too! My WebStar gets hot enough I bet it could make toast... But personally, and I may change my mind later, but I like having a separate router, especially for my small-business LAN. I've had my ISP-provider modem fail a few times, and at least with a separate router I can still use the LAN functions. Unless you're running a multi-segment network, why would you need a router for LAN traffic?? -tom As explained by other posters, and I thought this was obvious, my router, which is a D-Link 624, also serves as my switch (along with another attached switch) for my LAN.
If my WAN or ISP connection fails, I can still access resources on my LAN such as networked drives and printers.
Edit: and reading your reply to radarman, I can tell you know a lot about networking, but I think you're just way over-thinking this one...
| |
| | | | | radarman
join:2005-06-01
Odenton, MD
| Re: Duh! Ironically, I did the same thing - I was aiming my post at the average user who just has a Linksys or Netgear router that "does it all". I suppose that's what I get for "dumbing it down"
My own home network looks very similar to yours. I have two switches instead of one, because most of my network equipment is in a closet, while the file server and my workstation are in a bedroom with only 1 ethernet jack available.
I have a Motorola SB5100 CM attached to a FreeBSD machine which handles most network services, as well as serving as an Internet Gateway / NAT proxy. That machine is (obviously) multi-homed, with the second connection going to a Dlink DES3624i 24-port 10/100 switch (managed) and a third PLIP connection available for an administrative uplink. (I have an old 386 laptop for emergencies, since the router has no keyboard or CRT)
All of this is powered by a APC SmartUPS - which also supports the Vonage ATA, and segments of the home automation system. The SmartUPS has a network management card (9617) for remote monitoring.
The DES3624i is linked to my office, where a second switch, a DES3624 slave, handles my private workstation (well, private in the sense my wife doesn't mess with it), the file server, and another SmartUPS. This is also my "lab", so machines I happen to be working on are plugged into this switch.
The file server is capable of coming online as a backup for DNS/DHCP during a failure, but isn't normally available. There is little need for NTP, or other services, if the network connection is down - so these are not replicated. Besides, the UPS for the file server doesn't last as long as the UPS for the network gear. The only time it comes into play is when the main "router" is down for service.
The file server provides the rest of my network services - such as SMB/NFS mounts, FTP services, and incoming secure shell connections. (ipnat handles the forwarding)
My LAN uses internal DNS & DHCP, so guests simply have to plug in - and immediately receive an IP address in a special range and a DNS entry. I can also refer to my machines by "short" name, so starting a secure shell session to the router involves "ssh router". As an added bonus, my gateway serves as a Stratum 2 NTP server for any machine on the local network which knows about it. (My windows/*nix boxes all point to it).
I do not run wireless, as I was fortunate enough to have a say in the wiring during construction. I have 10/100 ethernet in every major room (bedrooms, living room, kitchen, etc.) I don't even own any 802.11 equipment - so I don't know if my neighbors do.
I also run a HTTP proxy via SSH. I can tunnel through to the file server, which forwards back to the router, which runs the proxy. This protects the router, as it doesn't allow external access to itself directly. It works great for everything except FTP - but that isn't a problem.
This allows me to bypass proxies on networks that allow unrestricted access on at least one port. Yes, I do have to know a bit about the network in advance - but this isn't typically a problem, as I only explicitly allow access to networks I might conceivably attempt to connect from. | |
| | | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| Re: Duh! Heh... sounds like my network until the first summer where the combined equipment and A/C current draw drove my electricity bill into the mid-$300's. Turned off one of my E250s (and 14 hard drives) and several Ultra IIs. Electric bills teach the value of consolidation. Even considered replacing my SPARCstation 10 router with a SOHO device that would draw less current.
At this point, what I really need, is to replace some of the older, lower-capacity hard drives with fewer, higher-capacity drives (not like I'm doing OLTP).
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
| | | |
|
