You gonna need a server with a very fast bus, and a very fast memory.
Some motherboards have dedicated PCI controllers for each slot, So, each NIC
has its own dedicated controller, decreasing the interrupts for each one.
Aparently gigabit intel NICs are the best out there, but this is just what
I've heard.
Don't know the details of your application, but you may think about using
CARP or even a lame DNS round-robin to load-balance two or more FWs, instead
of getting a very expensive hardware for just one.
Cheers
----- Original Message -----
From: "Kirill Ponazdyr" <"ng1@"@codeangels.com>
To: <[email protected]>
Sent: Friday, July 08, 2005 1:55 AM
Subject: 400Mbps PF based firewall, which hardware?
Hello,
We are in need of "core" firewall for our new datacenter.
This firewall will not be directly connected to internet but rather
serve as a separator for security zones within the "application" part
of our network, classical fileserver traffic will not go thru this
firewall.
Network is full duplex 100Mbps Ethernet, there will be 25 machines
split into 6 zones, we estimate that our rules will be around 200
lines per zone. No Syproxy, no NAT, no QOS, "just" a stateful packet
filter.
The largest traffic types would be: http/s,postgres,imap and a daily
backup which runs over network.
TCP connections wise we expect to see no more then 30k concurrent
connections, so taking 60k as a goal would fit very well.
We would like this firewall to be able to fill 2 of its 100mbs ports
with duplex traffic (400Mbps) at any given moment without significant
latency due to the firewall itself.
Which hardware would you advise for such environment?
Any gotchas / hints to watch out?
Kind Regards
Kirill
-------------------------------------------------
When replying via E-Mail, please remove duplicate
"@" from the address.
-------------------------------------------------
