(October 9, 2021 at 10:14 am)Abaddon_ire Wrote:(October 8, 2021 at 10:48 pm)Jehanne Wrote: If you can diagram it, then, yes, it is possible!
At first blush, sure it is workable. But there is an obvious bottleneck. If one is not hurling large files about the place, that might be acceptable. If the traffic is high, nope.
Explain, please. The 10 gig SFP link between the switches? Most of the LAN traffic should be limited to a single switch. Users mostly accessing data on the user vlan, backups happening on the server vlan, IDS and logging functions on the management vlan, etc.
The original plan was to feed each VLAN with its own port off the router, but I was planning on using a single server to monitor multiple ports. Turns out that each IDS sensor port is going to require at least 12 cores and 128 BG of ram for every Gbps of data to keep the sensors from dropping packets. I ran out of hardware to support that many ports. I'm using older hardware for the sensors so it isn't terribly expensive, but I'm rapidly running out of power. A Dell R710 pulls a lot of watts when you are running the shit out of the processors, memory, and drives at the same time.
Save a life. Adopt a greyhound.


