I just finished (mostly) restructuring the network by removing gw2 and having everything hang off of gw directly. You want to talk about a SPOF... Oh well, it makes some things easier. Hopefully gw will be reasonably stable, if not life will suck. This does free up an interface on gw which is going to be a dmz-type network. Basically it'll be where I stick people who can't stand to be behind my firewall. This way I can still muck with their routing, do traffic shaping on them and montior the network usage using mrtg w/o forcing them to deal with my firewall rules. gw is a bit cramped now though since it's got a total of 7 physical interfaces with just about 10 virtual (CIPE) interfaces. Makes for some interesting firewall and routing rules.