Question : Do I have a bottle neck?

My problem was I wanted to add a security appliance (Panda Gate Defender) to our network, but have it cover two access lines, one T1 and one DSL.  The DSL ports our POP3 email and this T1 serves a couple small domains totaling 115 work stations.  We are all 2003 Standard server and XP Pro based.

We are suffering from occassional slow throughput of DSL line, and now having both lines go completely down requiring router restarts.  This seems to be occurring at high volume times, easrly morning, lunch and end of work day (well everyone but me!)

Here is the layout:

                      Internet
                    /            \
    DSL Modem               Full T1 CSU
           |                            |
    FW Routers              FW Routers
                     \            /
                  SMALL SWITCH
                            |
                  Security Appliance
                            |
                  Backbone SWITCH

The security appliance serves multiple roles, one main one for filtering email going and coming from DSL, and one as web content filtering coming from T1.

Public addressing stops at WAN side of FW Routers.

THANKS!!!!

Answer : Do I have a bottle neck?

I think that the issue here is that you need a layer 3 device where you have your little switch.  Right now you are expecting your 10/100 switch to route to two separate gateways.  I think what is happening is the two routers that you have are updating each other through the switch, when it is much better to have them updating one central device, so that when traffic gets there, it knows where to go instead of having to go out to one of your routers to find out.  The absolute best fix for you would be to have 1 line of thoroughput incoming and outgoing.  Something else I would do, before I did anything, would be to take a laptop, install ethereal on it (www.ethereal.com, follow install instructions) and plug the laptop into the little switch and see what kind of traffic your're getting.  It's my guess that you are going to be having a ton of ARP broadcasts.  Give this a try and let me know what it yields...Ethereal is pretty straight forward, and if you are going to be a network admin, it is virtually a necessity that you learn how to use it, or some other packet sniffer.

Good Luck,

JK
Random Solutions  
 
programming4us programming4us