How do you have this set up at the moment? Are you using a private range or another of you public subsets on G0/0?
You can't have the same subnet on different interfaces as it would break routing. The router wouldn't know which hosts were reachable through each of the interfaces.
There are a couple of workarounds if you want to have your BGP peering on the same network as your public address space:
It is possible to create a bridge-group consisting of G0/0 and G0/1. You can then assign a BVI to the group with your public addresses. This would give you a single IP interface with traffic from G0/0 and G0/1 L2 forwarded to the IP interface. Another option would be to connect your BGP connection into the LAN and put your IPs on G0/1 only.
This isn't the usual way to peer with a provider. It would be much better to use separate IP interfaces for the LAN and peering so that policies and ACLs can be applied. What is your reasoning for wanting it set up like this? Is it just so your trace routes show your public address?
Well, the (corrected) config is straightforward and there's nothing much you could do differently or in a better way.
But first, let's confirm that you have the younger model. The fact that the LAN switch ports are "gigabit" is a strong hint that this is the case, but let's verify.
Issue the "show inventory" command and look for the difference of "CISCO89x" vs "C89x" in the Product ID (PID). On a younger C89x, you would find (example taken from a C892FSP)
C892#show inventory
NAME: "C892FSP-K9", DESCR: "C892FSP-K9 chassis, Hw Serial#: xxxxxxxxxxx,
Hw Revision: 1.0" PID: C892FSP-K9 , VID: V02, SN: xxxxxxxx
On an older CISCO89x, that would be
CISCO891#show inv
NAME: "891", DESCR: "891 chassis, Hw Serial#: xxxxxxxx,
Hw Revision: 1.0" PID: CISCO891-K9 , VID: V02, SN: xxxxxxxx
Should you have the older model and be looking for performance: don't. Actually, don't look for "high-performance" in the 800 Series at all.
These are branch office models well suited to provide feature-rich connectivity in the 25-50Mbps market, where the WAN circuit has latency characteristics in the a-few-tens-of-milliseconds to start with.
What makes them look "high-end" is their rich feature set (QoS, Dynamic Routing, virtualised Routing (VRFs), Firewalling, NAT, IDS, WAN Accel., MPLS, IPSec etc.). But they are not known for outstanding performance or low latency.
At my employer's, we use the C89x family to provide WAN connectivity to customers with WAN circuits up to 50Mbps (making use of VRFs, MPLS-o-GRE-o-IPSEC tunneling and QoS). We see the 50Mbps being fully-used on a regular basis. We are aware that this is already above what Cisco says this device is intended for.
I have a C892 on my homebrew testbed right now. In "dragstrip routing" [1] with large packets, it can take the full gigabit pipe at ca 80kpps with IPv4 and IPv6, both TCP and UDP.
With small packet payloads (88bytes MSS for TCP), there seems to be some limit at ~280kpps (IPv4) and ~80kkpps (IPv6) when routing between L3-Switch and WAN-interface.
Oddly, these values are better when routing between gig8 and gig9 of the C892FSP: >600kpps for IPv4, ~144kpps for IPv6;
My homebrew testbed does not allow for generating more than ~120kpps of UDP reliably, so the results are a bit shady, and I pefer to not share them.
A router's performance is generally characterized by packet rate (often related to CPU power, resp. CPU load) and delay introduced.
Throughput and "Performance" just follow by "multiplicator by packet size" and how good the upper layer protocols in question can cope with the unavoidably increased delay.
Depending on which set of features ou activate on a low end platform such as the 800 Series, the router's CPU and therefore packet rate is taking massive hits - especially NAT is notorious for that.
To follow-up on Teun Vinks answer - please define what you consider the "performance issue" to be. Is it only the latency difference of 0.2ms vs 0.45ms between RV325 and C891?
If latency differences in the sub-ms range are your "hot topic", that puts you in the low-latency networking game, and you should consider designing your network in a way that routing nor NATing can be avoided at all, or you'll have to consider specialized products. The 800 Series are definitely not in that league.
I'm not at expert at host based firewalling or NATting, but couldn't the same goal be achieved with an additional LAN interface on the Linux machine (connected to where the Cisco's gig8 is plugged into), with some "iptable magic" added?
Best regards
Marc
[1] no NAT, no ACLs, no CBAC-FW, no ZB-FW, no IPS, no Tunneling, no IPSec encap/decaps, no QoS)
Best Answer
There are two basic options:
These options can also be combined, so you could connect a VPN gateway directly to the switch/VLAN and map other IPs to servers/services through the Sonicwall.
PS:
Do NOT manually configure Ethernet ports EVER unless you can configure them identically on both sides (and there's a need to in the first place). Especially configuring one side for manual full-duplex deactivates Autonegotiation which a) disables Gigabit Ethernet completely (where Autoneg is mandatory) and b) causes the other side to fall back to half duplex (legacy mode). This in turn creates a nasty duplex mismatch which causes very poor performance.