-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/12/07 5:01 AM, Stuart Henderson wrote: > On 2007/11/12 12:56, knitti wrote: >>> Looking to manage several webservers I am wondering if anybody uses >>> something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ? >>> (That image shows Wim's net4801-50 plus quadport lan1641 firewall box, >>> giving 7 ports with low powerconsumption - on OpenBSD) > > what sort of bandwidth / packets per second? > >>> The standard choice in my datacenter (linux users mostly) seems to be HP >>> Procurve but I'd prefer the power of PF. > > they're most likely switches. (Vantronix have a module for HP 5300xl > switches that runs PF, though). > >> I don't know exactly the 4801, but I use a couple of 4501 as firewalls and >> IPSec-Routers for connections of up to 5 MBit/sec. Seeing the specs of >> the 4801 and knowing the 4501, I wouldn't use them for more than about >> 40-50 Mbit/sec. > > I feel 40-50M would be pushing it, given that you might like some > overhead to allow for occasional heavy numbers of packets. 5501 > might do better (maybe with a nic rather than the on-board vr). > > I'd normally prefer a standard amd64/i386 box for a datacentre > firewall though. I may change my mind when the net7501 eventually > surfaces...
I was just about to ask about this. I've been very happy with Nexcom 1563s as pf firewalls, especially with the disk-on-chip. No moving parts is good. (And thanks misc@ for this recommendation.) But the Nexcoms have only 100Base-T interfaces and now I've got a requirement for gig boxes in a couple of data centers. Any recommendations for carp/pfsync hardware with these specs on each box? - - at least 3 x 1000Base-T (mandatory) - - disk on chip if possible (not mandatory) - - fanless (not mandatory) - - rack-mountable (not manadatory) Any reasonable RAM and CPU speed considered, in the context of pushing traffic at ~100-300 Mbit/s. Or am I better off just buying el cheapo PCs and relying on carp and pfsync for redundancy? thanks dn iD8DBQFHOLiRyPxGVjntI4IRAp1hAJ9Uy0cbbip3EEXIlQ+Nnzlqr21ECwCg18g5 vDFGHhVj2htXbuEGqfgXFRY= =wNZl -----END PGP SIGNATURE-----
