Ray Percival wrote:
On Mon, Aug 29, 2005 at 05:22:13PM -0400, Peter Landry wrote:
Hi,
We're going to be doing some network restructuring, splitting our
internal network into 2 separate IP networks (192.168.1.0 and
192.168.2.0). We currently have a Microsoft ISA firewall for our whole
network (since it's just 1 ip network right now, 192.168.0.0). I've
suggested replacing the ISA firewall with an OpenBSD machine with 3
NICs, to handle both routing between the two internet networks, and
firewall out to the internet. It will just be a static route between the
two internal networks, in addition to whatever routing is necessary for
firewall/NAT (I'm not sure on this?).
As far as the firewall is concerned, I don't think it will be a problem
as far as performance goes (our internet connect is 2mbit, which
shouldn't be hard to saturate). For the internal routing though, what
kind of hardware would we need to keep the 2 gigabit networks connected
at a decent speed?
Amazing what happens when you bother to read and search just a bit. Almost has
if you aren't the only person in the world asking this question.
http://www.openbsd.org/faq/pf/perf.html :)
We're looking at a p4 with a gig of ram - does that sound like it'll be
a bottleneck?
I figured that OpenBSD would lower the requirements for our firewall
machine (less bloat) as well as increase security.
Sorry if this is too general or vague a question - I did some searching
on the archives and could only find references to performance of IPSec
implementations, which we won't be using
Thanks, I appreciate any responses/links/feedback,
Peter L.
Umm, although I have no actual experience with them, many of the people
on this mailing list who do recommend SK network cards as they are more
effficient than alot of other models. If you are shifting alot of
traffic through your internal network this should stop your bus from
being saturated as easily.(i think)
From reading the faq that was post3ed previously 1g of ram and a p4 is
overkill depending on how comple your ruleset it. having said that the
p4 probably has a better bus architecture than an old p3.
-2ds
