what is the benefit of this old style network

[techidave]

I was at a friend's place of business today and noticed this about his network of 3 computers running XP.  Each computer had 2 nics in it.  One is for the internet and one is for the local network.  he doesn't know why it was done this way nor does he really care since he isn't into computers.  Looks like all cabling is Cat 5.  One of the computers acts as a server.

So my question is:  Why would this have been done this way in the first place?  What benefit could it have given over any other style?  I call it old style but maybe it isn't??

Dave

[rgdot]

Separate or isolate local traffic from internet traffic for security...that's one possibility. Crude but has been done.

[Renegade]

I used to have multiple NICs for multiple Internet connections. One computer was WAN facing. It reduces the attack surface and protects computers on the LAN that have no direct access to the WAN except through the front-facing server. It's easy to setup and cheap.

[iphigenie]

still very commonly done on server clusters

security is one reason, another is performance - two sets of NICs means that any intense internet traffic will not affect the internal applications communications. If there was remote access or large downloads/uploads occasionally, it might have been a consideration.

Also means that if the internet network is under load or attack, there is the other network to reach the machine to make changes, maintenance, monitoring etc.

[techidave]

So was this more commonly done on smaller networks?  Perhaps to reduce the use of a firewall?  Which I don't think I have seen one of these.   

[40hz]

Like iphigenie, I've seen lots of multi-homed servers. (We currently set up most servers we do with three NICs) But I haven't seen too many PCs with dual NICs in quite a while.

I have heard of doing that in the past in rare cases where the goal was to increase available network bandwith by concatenating multiple NICs. But most of that came to an end with the advent of affordable 100Mb and faster NIC cards. However, it was mostly done, as others have already noted, to provide separate networks for security purposes; or to move bandwidth hogs (video conferencing, etc.) onto their own 'channel.'

Be interesting to find out why your friend's network was set up that way. General network security can be better (and more economically) provided by your standard WAN/LAN NAT+SPI router/switch combo. So I'm guessing it was done for performance purposes.

I'm curious. Do all his machines also have something like a heavy duty analysis or financial app constantly running in the background?

I know some brokerage-type businesses who do something similar. They use multiple NICs in their machines to better accommodate those apps since they need to be kept updated in near real-time. (They also have a dedicated T1 on the WAN side just for those apps as well.) But that's a pretty odd duck client requirement.

 

[techidave]

The business is a small manufacturing type... they do welding.  They do run quick books for billing and inventory purposes. And I do believe it is run from the server but not sure about that.  They do have some CAD programs but I do not know if they are server based or not.

With only 3 machines, I wouldn't think it would get hit too hard.  The secretaries machine is used most of the day while the other 2 are just hit and miss.  It has a 10/100 switch and also a newer looking gigabit rack mount switch.  I do not know what feeds what.

I may just have to dive into it one of these days and see what is what.

[40hz]

The business is a small manufacturing type... they do welding.  They do run quick books for billing and inventory purposes. And I do believe it is run from the server but not sure about that.  They do have some CAD programs but I do not know if they are server based or not.

With only 3 machines, I wouldn't think it would get hit too hard.  The secretaries machine is used most of the day while the other 2 are just hit and miss.  It has a 10/100 switch and also a newer looking gigabit rack mount switch.  I do not know what feeds what.

I may just have to dive into it one of these days and see what is what.

-techidave (April 24, 2011, 07:30 AM)

Let us know if you do. Wouldn't be surprised if it's related to the Cutting the End Off the Sunday Ham rationale.

[techidave]

40hz... your rationale could be righter than you know.  The secreatry told me once that the guy who set this up came in one time and said, "and why did we do it this way"?

makes you wonder, huh.

I haven't been involved in networks all that long.  Only since 2002 and that has been only in school settings (small ones).  but not this small and I hadn't seen anything like this before.

I will let you all know what I find out.

[40hz]

If you have one 10 and one 100mb card in each I'd guess they simply upgraded their network to 100 someplace along the line and left the old cards in there "just in case." If you run ipconfig /all it will give you the ip and gateway address for each card. If they're all on the same network, that's probably what happened.

Another possibility: Some of the older network laser printers only had a 10mb card for the longest time. Some of them never worked reliably with the newer auto-sensing switches. So rather than configure specific ports on the switch to only use 10mb speeds, it was just easier to leave the old 10mb network (usually with a "dumb" hub) up for communicating with the printers. A lot cheaper than buying a new large format plotter for blueprints.

I'm almost positive both cards will be on the same network however. Otherwise each PC's network stack would be forced into "router mode" to arbitrate between the two separate address ranges. Under XP, that was never too reliable or wise a thing to try and set up. And the performance hit would have been significant and noticeable.  

Legacy. Gotta love it.  

[Gothi[c]]

At work (Hosting company) we run a quad-nic setup.

* Two NIC's for internal (LAN) traffic.
* Two NIC's for internet (WAN) traffic.

In VmWare the two LAN NIC's are grouped, and the two WAN nic's are grouped for redundancy. (if one link goes down, the other one remains up.) - They are also connected to four switches, that are also set up in a redundant manner.

This allows a physical separation between LAN and WAN for security and performance, and a fully redundant network.

Nowerdays with VLAN's you can get away with separating LAN/WAN on the same switch, but many sysadmins and corporations are (with good reason) paranoid enough to not trust their network separation to a VLAN configuration in a switch (which can be hacked to change the config). Physical separation is simpler than VLAN's and not subject to (malicious) misconfiguration in the switches.