Re: 10mbit fiber to home; NAT router can't fill pipe
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: 10mbit fiber to home; NAT router can't fill pipe

From: DigitalVinyl <DigitalVinyl@internet.com>
Date: Mon Mar 13 2006 - 01:56:47 CET



"Steve" <steve.follmer@gmail.com> wrote:



>You may like to guess where I live; I just got 10 mbit fiber to my home


>for $43/month. The first thing I noticed was that eMule quickly


>overwhelmed my SMC 2804 WBRP-G router and it hung because of too many


>connections. A good workaround was to put my p2p machine into the DMZ


>(and also erase the mappings to it). But problems remain.


>


>If I plug my cable directly into the fiber box, I can get a full


>megaBYTE/sec upload. But when I run in through the SMC router, it seems


>to max out at about 40-60% of that. Most of these NAT routers only have


>a 10baseT plug on the WAN port, so clearly they're not even designed to


>handle 10mbit and up. And most countries don't offer anything faster


>than a megabit or two.


>


>Can someone recommend an industrial strength NAT router that is fast


>enough to handle 10, 20 or 100mbits?



One of the problems with peer to peers is they generate a wave of


incoming requests which slam the router. Far more requests then your


PC is processing. When I run bittorrent clients or direct Connect my


router goes berserk with traffic even if I have very little going on


in the client. When you shut the client down the traffic will


continue, even for minutes afterwards as the network retains you in a


netwrok of peers that haven't updated and recognized you're gone.



More than traffic volume, I find the connection volume drowns out the


wimpy soho market boxes when doing certain p2p.



I can't recommend a cheap alternative as I've mostly worked with


prefessional level firewalls (Pix & Checkpoint). 



There are low ends ($300 - $500) units but I haven't seen anybody put


any of them through there paces with real world traffic situations.


Even high end PIX appliances come with multiple Gigabit fiber


connections but theoretically they would max out internal buses by


400mbps, and I've seen them perform poorly at under 100Mbps.  A major


culprit there was the 50,000+ open connections--largely p2p and virus


traffic.



You might want to look at sonicwall, pix 501, the bottom


chekcpoint/nokia boxes. They're all into the sub$500 market now.


Received on Mon May  1 00:56:32 2006