[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: ipsec vpn starts one-way
 Date:  Sun, 20 Apr 2008 10:23:05 -0700 (PDT)
On Sun, 20 Apr 2008, Joe wrote:

> Neil,
> 
> You da man!
> 
> * The switch is not managed. It is an inexpensive D-Link 24-port.
> * I checked the capabilities of the LAN nic which is as follows:
> 
> $ ifconfig -m
> xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> 	options=9<RXCSUM,VLAN_MTU>
> 	capabilities=49<RXCSUM,VLAN_MTU,POLLING>
> 	inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
> 	ether 00:01:02:73:a3:9e
> 	media: Ethernet 10baseT/UTP <full-duplex>
> 	status: active
> 	supported media:
> 		media 10base2/BNC
> 		media 10baseT/UTP mediaopt full-duplex
> 		media 10baseT/UTP mediaopt half-duplex
> 		media 10baseT/UTP
> 
> I downloaded the config.xml file and edited the interfaces/(if)/mediaopt as follows:
> 
> <mediaopt>full-duplex</mediaopt>
> 
> I uploaded, it rebooted, and came up as full duplex!
> Full duplex should give our users a better experience.

No it won't.  Unmanaged switches have no means to set the duplex mode
other than via autonegotiation.  10Mb NICs don't support autonegotiation,
which means that the corresponding switch ports default to half duplex,
with no means to override the default.

By setting the NIC to full-duplex, you've now created a duplex mismatch.  
All NIC->switch packets that would have gotten collisions will now just be
dropped.  The NIC also won't wait for incoming packets to complete before
sending, so the switch-side collision rate will be *increased* (though
there's no way to see the stats on an unmanaged switch).

For all practical purposes, full duplex is not usable on 10Mb NICs with
unmanaged switches.  And a 100Mb NIC is a lot cheaper than a managed
switch.

It is almost NEVER a good idea to force the duplex mode manually.  The
peformance penalty from a duplex mismatch is orders of magnitude worse
than the performance penalty from half duplex.

Bob Metcalfe has stated that he regrets using the term "collision" in
Ethernet, because so many people automatically assume that "collisions"
are evil, rather than being a normal part of CSMA/CD behavior.

					Fred Wright