Multiport Ethernet Adapters

Of the 170,000+ networks currently relying on WinRoute Pro as their router/firewall solution, the most common configuration involves two Network Interface Cards (NICs), one to the Internet and the other to a Local Area Network (LAN). This basic configuration filters packets going to and from the Internet; however, it cannot filter packets traveling between local segments because they do not pass traffic through WinRoute. An example of this configuration is illustrated below in Figure 1.

Multiport Ethernet Adapters

Figure 1. The most common configuration of WinRoute Pro.

In some cases, a third NIC will be added to the WinRoute machine allowing for a separate, secured segment. In such a scenario packets going to and from the secured segment from both the Internet and other local segments are filtered through WinRoute, providing an extra level of security.

Figure 2. A separate segment to the LAN can be added using a third NIC.

For larger networks, that may have several separated segments with their own unique security policies, the problem arises that the number of these separated segments is limited to the number of ports on the WinRoute machine. Because of this, additional hardware is required to appropriate further routing/switching and security policies. With the recent introduction of multi-port Ethernet NICs provides the opportunity for WinRoute to be the singular controller of network traffic. Because multi port cards can allow the WinRoute machine upwards of 24 ports, depending on the number of card slots on the motherboard, the WinRoute machine can also be the server, router, domain controller, etc. This way network management can be centralized and controlled through a single point. Figure 3 illustrates WinRoute Pro using a multi-port Ethernet NIC to control three separate networks.

Figure 3. WinRoute Pro equipped with a multi-port Ethernet NIC.

In addition to enhanced security and centralized management provided by multi-port Ethernet NICs, additional benefits include load balancing and fail-over protection. Note the assignment of three ports to the middle segment in Figure 4.

Figure 4. Middle segment is assigned three ports for port aggregation.

Load balancing can be accomplished by aggregating ports. For example, in the picture above the middle network segment is assigned three ports. If this segment uses a switch to connect to the WinRoute machine, all three computers can retrieve data each at 100 Mbps. The other two segments can only retrieve a combined total of 100Mbps each because only one port from that segment is attached to the WinRoute machine. A bonus functionality of port aggregation is the protection against port failure. If a line becomes disconnected, traffic will then be rerouted through the next available port.

Using multi-port NICs with WinRoute can provide an effective, yet very efficient, multi-routing system at a much more affordable price all under on single administrative umbrella. WinRoute has currently been tested successfully with the D-Link 4 port DFE 570 TX and the Adaptec 2 port Duralan ANA-62022. No other cards have been tested.

It should be noted that this type of network design requires different subnets for each network segment attached to the WinRoute machine.