Re: [CentOS] 1U firewall hardware
On Mon, May 16, 2011 at 2:21 AM, Nataraj incoming-cen...@rjl.com wrote: On 05/15/2011 05:56 PM, John R Pierce wrote: On 05/15/11 5:00 PM, Miguel Medalha wrote: http://routerboard.com/pricelist.php?showProduct=98 13 Gigabit ports note 10 of those ports are on ethernet switches, so the actual router probably only has 5 ethernet ports, 3 dedicated and 2 switch groups of 5 ports each. also note this doesn't run centos, it runs the vendors own proprietary RouterOS linux distribution. If your looking for a more enterprise solution that runs linux and is Red Hat certified, there's always the Dell R210 with configurations ranging from a Celeron (about $500 USD), Core I3, on up to a quad Xeon starting at $820 USD, 2 onboard broadcom gigE's and 1 X16 PCIexpress slot which could host a 4 port gigE card. It supports the Dell remote access controller. The only advantage I see to the Atom based system is they probably use a bit less power. Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I have always liked the look of the 19 1u case from varia ( http://www.varia-store.com/) for firewalls, but you willl have an issue getting 5gb nics with one of these cases. When I needed something similar with four 4gb nics i used an ASUS Hummingbird board with a Travla C146 case. The board has two intel gb nics on the board, and one PCIe X1 slot. I used the PCIe slot to add two intel PCI cards to get x4 gb nics in total. I also have a PCIe x1 to PCIe x16 riser/adapter from linitx.com to allow the eventual installation of 4port gb intel card to give 6 gb nics in total. I don't know how quick or otherwise my 4gb nic setup is but i have not noticed any issues with it during the last 9 months or so. jk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more. 32bits * 33MHz = 1,056,000,000 bps. PCI is an arbitrated bus with one talker at a time (half-duplex), so it's only capable of half the data rate of a 1Gbps (full duplex) network. In practice, I've yet to achieve more than ~ 400Mbps on a PCI based Gbit NIC, even PCI-X based Intel NICs often fall short (~600Mbps) despite the theoretical bandwidth of the bus. In my experience, PCI-e is the only bus fast enough on consumer PC hardware to sustain Gbit data rates. On paper, PCI-e 1x should support two 1 Gbit ports (four ports if using PCI-e v2.0). However, the multiport Gbit NIC manufactures all seem to have settled on PCI-e 4x, similar to how gfx card makers have settled on 16x whether or not the card can use or benefit from the additional bandwidth. --Blake ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
On Sun, May 15, 2011 at 8:36 AM, Eero Volotinen eero.voloti...@iki.fi wrote: Hi List, I am looking for 1U firewall hardware, any ideas? Something like that (http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-pfsense-ghz-19-appliance-1.html) but at least with 5GBit nics and more memory. -- Eero Supermicro has an Atom D525 with dual onboard Intel Gigabit NICs and PCI-E expansion slot. http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPE-HF-D525.cfm You have your option of front or back IO case. Links are to the cases with high efficiency power supply. http://www.supermicro.com/products/chassis/1U/503/SC503-200.cfm http://www.supermicro.com/products/chassis/1U/502/SC502-200.cfm Just add memory, SSD, and 4 port Intel Gigabit NIC. I'm not sure the performance of the Atom handling full 5 Gbps of traffic. If you have some money to spend Vyatta has a nice appliance with 6 Gigabit interfaces. Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
2011/5/15 Ryan Wagoner rswago...@gmail.com: On Sun, May 15, 2011 at 8:36 AM, Eero Volotinen eero.voloti...@iki.fi wrote: Hi List, I am looking for 1U firewall hardware, any ideas? Something like that (http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-pfsense-ghz-19-appliance-1.html) but at least with 5GBit nics and more memory. -- Eero Supermicro has an Atom D525 with dual onboard Intel Gigabit NICs and PCI-E expansion slot. http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPE-HF-D525.cfm thanks! You have your option of front or back IO case. Links are to the cases with high efficiency power supply. http://www.supermicro.com/products/chassis/1U/503/SC503-200.cfm http://www.supermicro.com/products/chassis/1U/502/SC502-200.cfm Just add memory, SSD, and 4 port Intel Gigabit NIC. I'm not sure the performance of the Atom handling full 5 Gbps of traffic. This looks good, but lacks processor power: http://www.mini-itx.com/store/?c=40 -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
You can use something like this Atom 525 dual core motherboard: http://www.jetwaycomputer.com/NF99.html Or this Atom C550 dual core board: http://www.jetwaycomputer.com/NC9C.html With the AD3INLAN-G daughterboard: http://www.jetwaycomputer.com/Daughter_Board.html This will give you 5 Gigabit Ethernet ports (2 on PCIe and 3 on PCI) and a free PCI slot on which you can put up to 4 more. Of course it all depends on the needed concurrent traffic. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
On 5/15/2011 5:26 PM, Miguel Medalha wrote: You can use something like this Atom 525 dual core motherboard: http://www.jetwaycomputer.com/NF99.html Or this Atom C550 dual core board: http://www.jetwaycomputer.com/NC9C.html With the AD3INLAN-G daughterboard: http://www.jetwaycomputer.com/Daughter_Board.html This will give you 5 Gigabit Ethernet ports (2 on PCIe and 3 on PCI) and a free PCI slot on which you can put up to 4 more. Of course it all depends on the needed concurrent traffic. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more. I am aware of that. But as I said it depends on your particular needs in *concurrent* traffic. Although it cannot sustain simultaneous Gigabit debits on all interfaces, i can sustain Gigabit bursts that are not simultaneous, as is often the case. I have found that such a solution is perfectly capable when isolating a LAN, or several LANs, from a WAN, for example. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
On Sun, May 15, 2011 at 5:38 PM, William Warren hescomins...@emmanuelcomputerconsulting.com wrote: On 5/15/2011 5:26 PM, Miguel Medalha wrote: You can use something like this Atom 525 dual core motherboard: http://www.jetwaycomputer.com/NF99.html Or this Atom C550 dual core board: http://www.jetwaycomputer.com/NC9C.html With the AD3INLAN-G daughterboard: http://www.jetwaycomputer.com/Daughter_Board.html This will give you 5 Gigabit Ethernet ports (2 on PCIe and 3 on PCI) and a free PCI slot on which you can put up to 4 more. Of course it all depends on the needed concurrent traffic. pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more. I would defiantly stick with PCIe for 5 NICs. Additionally Realtek NICs don't offer the best performance and their drivers are hit or miss. The Supermicro board has Intel PCIe NICs onboard and a PCIe expansion slot. This should give you full performance depending on the Atom processor. It really comes down to if you are just moving packets or needing to do packet inspection. Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more. I am aware of that. But as I said it depends on your particular needs in *concurrent* traffic. Although it cannot sustain simultaneous Gigabit debits on all interfaces, i can sustain Gigabit bursts that are not simultaneous, as is often the case. I have found that such a solution is perfectly capable when isolating a LAN, or several LANs, from a WAN, for example. If you really need concurrent Gigabit traffic on several interfaces, I would suggest that you get proper *dedicated* firewall/router hardware instead of building one from standard parts. It will be much more efficient. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
I would defiantly stick with PCIe for 5 NICs. Additionally Realtek NICs don't offer the best performance and their drivers are hit or miss. The Supermicro board has Intel PCIe NICs onboard and a PCIe expansion slot. This should give you full performance depending on the Atom processor. It really comes down to if you are just moving packets or needing to do packet inspection The daughterboard I pointed to contains Intel 3 Gigabit chips. By the way, the OP never told us what would be the intended use for the firewall he needs. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
The daughterboard I pointed to contains Intel 3 Gigabit chips. Ooops, I meant *3 Intel Gigabit chips*. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
On Sun, May 15, 2011 at 5:57 PM, Miguel Medalha miguelmeda...@sapo.pt wrote: pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more. I am aware of that. But as I said it depends on your particular needs in *concurrent* traffic. Although it cannot sustain simultaneous Gigabit debits on all interfaces, i can sustain Gigabit bursts that are not simultaneous, as is often the case. I have found that such a solution is perfectly capable when isolating a LAN, or several LANs, from a WAN, for example. If you really need concurrent Gigabit traffic on several interfaces, I would suggest that you get proper *dedicated* firewall/router hardware instead of building one from standard parts. It will be much more efficient. I'm assuming the OP is trying to save money. A firewall with 5xGbe interfaces is going to thousands of dollars. With Cisco you would be looking at a ASA 5520, which only provides 4xGbe and 1x10/100. If you just need to provide inter-vlan routing and a firewall for Internet access a layer 3 switch and separate firewall would be best. Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
I'm assuming the OP is trying to save money. A firewall with 5xGbe interfaces is going to thousands of dollars. I was assuming the same. That's why I suggested the Jetway solution. I is economic and works very well in many scenarios. Not, of course, if you need *concurrent* Gigabit access on several interfaces. I stress *concurrent*. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
I was assuming the same. That's why I suggested the Jetway solution. I is economic and works very well in many scenarios. Not, of course, if you need *concurrent* Gigabit access on several interfaces. I stress *concurrent* I built one of these to connect several vlans to a 24Mbit ADSL internet access. It runs pfsense 2.0 and it works very well. Stable, fast and effective. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
On Sun, May 15, 2011 at 6:20 PM, Miguel Medalha miguelmeda...@sapo.pt wrote: I was assuming the same. That's why I suggested the Jetway solution. I is economic and works very well in many scenarios. Not, of course, if you need *concurrent* Gigabit access on several interfaces. I stress *concurrent* I built one of these to connect several vlans to a 24Mbit ADSL internet access. It runs pfsense 2.0 and it works very well. Stable, fast and effective. Unfortunately pfSense doesn't have IPv6 support yet. For now I've been going with Vyatta to future proof my installations. It is actually easier to reuse portions of the config with the CLI vs web gui. The only thing I miss is pfSense's RRD graphs. However a remote Cacti install works as well. Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
Does it have to be 1RU ? These are excellent; http://routerboard.com/index.php?showProduct=90 5 GIGABIT etc On Sun, May 15, 2011 at 10:36 PM, Eero Volotinen eero.voloti...@iki.fiwrote: Hi List, I am looking for 1U firewall hardware, any ideas? Something like that ( http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-pfsense-ghz-19-appliance-1.html ) but at least with 5GBit nics and more memory. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
Sorry wrong URL; I was trying to point you to the RB750G model in particular. http://routerboard.com/pricelist.php?showProduct=90 Cheers. On Mon, May 16, 2011 at 9:07 AM, Brian McKerr bmck...@gmail.com wrote: Does it have to be 1RU ? These are excellent; http://routerboard.com/index.php?showProduct=90 5 GIGABIT etc On Sun, May 15, 2011 at 10:36 PM, Eero Volotinen eero.voloti...@iki.fiwrote: Hi List, I am looking for 1U firewall hardware, any ideas? Something like that ( http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-pfsense-ghz-19-appliance-1.html ) but at least with 5GBit nics and more memory. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
Does it have to be 1RU ? This one is 1U: http://routerboard.com/pricelist.php?showProduct=98 13 Gigabit ports ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
I'm a big fan of Sonicwall have a look at what they offer ... price not too bad either On Mon, May 16, 2011 at 8:00 AM, Miguel Medalha miguelmeda...@sapo.ptwrote: Does it have to be 1RU ? This one is 1U: http://routerboard.com/pricelist.php?showProduct=98 13 Gigabit ports ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
On 05/15/11 5:00 PM, Miguel Medalha wrote: http://routerboard.com/pricelist.php?showProduct=98 13 Gigabit ports note 10 of those ports are on ethernet switches, so the actual router probably only has 5 ethernet ports, 3 dedicated and 2 switch groups of 5 ports each. also note this doesn't run centos, it runs the vendors own proprietary RouterOS linux distribution. -- john r pierceN 37, W 123 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 1U firewall hardware
On 05/15/2011 05:56 PM, John R Pierce wrote: On 05/15/11 5:00 PM, Miguel Medalha wrote: http://routerboard.com/pricelist.php?showProduct=98 13 Gigabit ports note 10 of those ports are on ethernet switches, so the actual router probably only has 5 ethernet ports, 3 dedicated and 2 switch groups of 5 ports each. also note this doesn't run centos, it runs the vendors own proprietary RouterOS linux distribution. If your looking for a more enterprise solution that runs linux and is Red Hat certified, there's always the Dell R210 with configurations ranging from a Celeron (about $500 USD), Core I3, on up to a quad Xeon starting at $820 USD, 2 onboard broadcom gigE's and 1 X16 PCIexpress slot which could host a 4 port gigE card. It supports the Dell remote access controller. The only advantage I see to the Atom based system is they probably use a bit less power. Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
