1. Home
  2. Networking Firewalls
  3. 10mbit fiber to home; NAT router can't fill pipe

10mbit fiber to home; NAT router can't fill pipe

You may like to guess where I live; I just got 10 mbit fiber to my home for $43/month. The first thing I noticed was that eMule quickly overwhelmed my SMC 2804 WBRP-G router and it hung because of too many connections. A good workaround was to put my p2p machine into the DMZ (and also erase the mappings to it). But problems remain.

If I plug my cable directly into the fiber box, I can get a full megaBYTE/sec upload. But when I run in through the SMC router, it seems to max out at about 40-60% of that. Most of these NAT routers only have a 10baseT plug on the WAN port, so clearly they're not even designed to handle 10mbit and up. And most countries don't offer anything faster than a megabit or two.

Can someone recommend an industrial strength NAT router that is fast enough to handle 10, 20 or 100mbits?

Reply to
Steve
Loading thread data ...

Indeed I would expect your SMC or similiar (D-link, linksys etc) device to be overwhelmed by that sort of speed.

As long as you don't want to do antivirus at your gateway, any FortiGate unit (even the lowly 50A) can handle your 10Mbps feed.

For a 20Mbps feed, I'd look at at least the FG60, again, with no Virus Scanning at the gateway you'll be fine.

On a 100Mbps feed you should probably look at a FG200.

These recommendations are very, very ballpark, it depends what you want to do (what protections you want) and the character of the traffic. If you were just going to do NAT and port filtering/firewalling, even the 50A can do 60Mbps by spec though I've never seen anyone try to run on that hard before. You should consult a qualified local reseller for more specific recommendations.

-Russ.

Reply to
Somebody.

Though the fortigate are decent boxes, their cost is probably going to put you out of the ball park.

I think a good bet would be to take a look at smoothwall or astaro. These are simple linux install on an old pc (think boot cd, simple graphic config, manage by http). They should be able to handle the throughput.

Reply to
C Kim

Put m0no or IPcop on an old PC with two NIC cards.

formatting link
You d/l an ISO file and burn it into a bootable CD. Both are "appliances" that require NO knowledge of *nix.

Reply to
Al Dykes

One of the problems with peer to peers is they generate a wave of incoming requests which slam the router. Far more requests then your PC is processing. When I run bittorrent clients or direct Connect my router goes berserk with traffic even if I have very little going on in the client. When you shut the client down the traffic will continue, even for minutes afterwards as the network retains you in a netwrok of peers that haven't updated and recognized you're gone.

More than traffic volume, I find the connection volume drowns out the wimpy soho market boxes when doing certain p2p.

I can't recommend a cheap alternative as I've mostly worked with prefessional level firewalls (Pix & Checkpoint).

There are low ends ($300 - $500) units but I haven't seen anybody put any of them through there paces with real world traffic situations. Even high end PIX appliances come with multiple Gigabit fiber connections but theoretically they would max out internal buses by

400mbps, and I've seen them perform poorly at under 100Mbps. A major culprit there was the 50,000+ open connections--largely p2p and virus traffic.

You might want to look at sonicwall, pix 501, the bottom chekcpoint/nokia boxes. They're all into the sub$500 market now.

Reply to
DigitalVinyl

A FG to suit the need would be sub-$1000, which may well be out of some folks ballpark.

Reply to
Somebody.

Not exactly industrial strength, but take a look at the D-link "GamerLounge" routers, (DGL-4100 wired, and 4300 wireless).

I have the 4100. It supports much larger route tables than the older little home routers, thousands of connections compared to hundreds. It has a more robust processor, and has a 10/100 Mb WAN side connection and 10/100/1000 LAN side connection. You should be able to find it for about $150.

Reply to
whos

Possibly the new pre-n or eventual 802.11n routers will have beefier processors. The issue is needing the CPU sort of at level 3 to examine all the packets, DMZ or not. Everybody has a chip to handle the level 2 at wire speed. But for the NAT, which is sort of level 3, you need more CPU and more memory. Maybe those gamer lounge routers are battle tested.

Thanks for those suggestions. The Netgear 240

formatting link
seems like a candidate too (for its wired, not its wireless, from my point of view). But I agree that a few throughput tests are not the same as a big p2p load.

For now I just took the server machine and plugged it straight into the FTTH, then hung my old network (just for web surfing), through ICS, off the back of the XP server.

I suspect they're throttling me a bit now, so its hard to gauge the results.

Reply to
Steve

Would something like a Cisco 1605 (dual 10mb ethernet router) handle the

10mb he is looking for? I also need to know as I am considering it for a lesser DSL connection of 4mb/s that I would like to not have a bottleneck for.
Reply to
gr

I've used it with good results on 3-Mb DSL and bittorrent. It has handled the torrents and maintained full bandwidth.

I'm still waiting for FIOS in my area.

Reply to
whos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.