[Pc_Support] Re: Suggestions for how to manage satellite offices? -- NetGear FVS124G/FVX538?

Bryan J. Smith b.j.smith at ieee.org
Thu Jul 7 09:37:15 EDT 2005 

On Thu, 2005-07-07 at 00:13 -0400, Damien McKenna wrote:
> They use many Windows-only applications and I don't believe are 
> in a position to migrate to Linux (which IMHO would make many things 
> easier).

Well, just because they don't run Linux doesn't mean you can't introduce
either Freedomware desktop solutions (with some planning/consideration
if management is open to it) or, even more transparently, Freedomware
server solutions.

> I had originally intended setting up a local mail server (Macallan Mail 
> Server aka MMS) to work as a local access point for email.  MMS has a 
> cool feature in that it can fetch email from another host and store it 
> in local mailboxes.

Well, if MMS is what is working for you, I wouldn't change anything.
BTW, is it just Freeware or actual Freedomware?

> For people working from home (mainly the owner) I was going to set up a 
> VPN for him to log into to do his work.
> The second office will need access to the files from the first office 
> and access to email.  I'm not really sure how the second office will fit 
> into my original plans above.
> Does anyone have suggestions on how I could manage the two offices' 
> facilities?  A VPN sounds like the obvious choice, but what about 
> bandwidth usage (if the satellite office grows) and redundancy (if the 
> VPN goes down they can't do any work)?
> Any suggestions would be appreciated, thanks.

If cost is an absolute issue, I've been recommending the new NetGear
sub-$200 FVS124G and sub-$400 FVX538, although I have done no direct
deployments of them myself.

  http://netgear.com/products/details/FVS124G.php  
  http://netgear.com/products/details/FVX538.php  

The FVS124G is a 4-port GbE LAN and 2-port 100MbE WAN.
The FVX538 is a 1-port GbE + 8-port 100MbE LAN and 2-port 100MbE WAN.

Both 100MbE WAN ports can be used in a redundant** Internet
configuration,
when one fails, the other takes over**.  There is included VPN software,
as well as site-to-site, although there might be licensing
considerations (which makes me assume this sucker runs VxWorks, not
Linux).

On the FVX538, one of the 100MbE ports can be a dedicated DMZ port (no
such option on the FVS124G other than to use one of the LAN ports with
everyone "exposed" -- although you could use one of the WAN ports for
this).

Now _internally_, things get interesting.  Beyond the 16MB and 32MB of
RAM, respectively, there some _serious_power_ in these boxen.

  ftp://download.intel.com/design/network/ProdBrf/25249603.pdf  
  ftp://download.intel.com/design/network/ProdBrf/27905104.pdf  

The FVS124G uses a 266MHz Intel IXP422 (XScale + 2xNPE).
The FVS538 uses a 533MHz Intel IXP425 (XScale + 3xNPE).

The XScale, in case people aren't familiar, are probably the sole
superscale (multiple-pipeline) microcontrollers out there -- based on
the StrongARM licensed from Digital Semiconductor years ago.  Split 32
+32KB instruction+data L1 cache.

The IXP series adds peripherals to the core called Network Processor
Elements (NPEs), which has its own, dedicated 8KB SRAM queue (I
personally think they should have put more SRAM in, but at least the
XScale has its 32KB data cache).  Both products have one generic 100MbE
MAC, and one hardware accelerated crypto 100MbE MAC.  Hardware-
accelerated capabilities include 56-bit DES, 168-bit 3DES and
128/192/256-bit AES symmetric ciphers plus both 160-bit SHA-1 and 128-
bit MD5 hash algorithms.  I didn't see 64/128-bit RC4 mentioned other
than the fact that the XScale is more than capable of handling it.

[ SIDE NOTE:  The IXP425 actually has a 3rd NPE for VoIP, but it seems
unused, at least from the NetGear specs. ]

**FAILOVER NOTE:  
My only question is if the VPN can fail-over along with Internet
connections?  Although you're not setting up BGP, you could at least
make each site aware of each other's failover connection.  But I'm going
to assume the answer is "NO" because the hardware accelerated
symmetric/hash is on _only_ one 100MbE NPE.  I've never tried the box
personally in this configuration, but I thought I'd better mention this.
The NetGear site is leaving me still asking the question and isn't much
help.


-- 
Bryan J. Smith                                     b.j.smith at ieee.org 
--------------------------------------------------------------------- 
It is mathematically impossible for someone who makes more than you
to be anything but richer than you.  Any tax rate that penalizes them
will also penalize you similarly (to those below you, and then below
them).  Linear algebra, let alone differential calculus or even ele-
mentary concepts of limits, is mutually exclusive with US journalism.
So forget even attempting to explain how tax cuts work.  ;->

More information about the Pc_support mailing list