[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firewalling High Speed Interfaces (ATM -> GigE)

To: <silug-discuss@silug.org>
Subject: Re: Firewalling High Speed Interfaces (ATM -> GigE)
From: Mark Bishop <mark@bish.net>
Date: Tue, 15 Jan 2002 15:50:31 -0600 (CST)
In-Reply-To: <Pine.LNX.4.33.0201151541360.8282-100000@web1.lanscape.net>
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org



Yeah, that's something I would get from them that looks like exactly what 
you are looking for.  I just wonder how much they want for it.  You might 
get it cheaper second-hand.

On Tue, 15 Jan 2002, Richard Fifarek wrote:

> Regarding the x86, they do use PIIIs:
> http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/535_ds.htm
> 
> Based on the specs it appears that they use 64 bit PCI slots to get the 
> 1Gbps speed though.
> 
> On Tue, 15 Jan 2002, Mark Bishop wrote:
> 
> > 
> > 
> > Here are a few assumptions:
> > 
> > the PCI bus can only handle around 500MB/s, then add the overhead of the
> > firewall and that goes down, unless of course you are using one of the new
> > PCI-X standards, which is 64-bit and can handle bursts of up over 1
> > gigabit/sec (1066MB/sec).  Something like a dual or a quad Xeon should be
> > able to handle it.  I'd probably go with a quad just to ensure that the
> > processors are never the bottleneck and that it's the latency in the PCI
> > bus, which you really can't do anything about.
> > 
> > But, again I'd probably go get a Cisco, just because they are more adapt 
> > at doing just this thing.
> > 
> > 
> > 
> > 
> > On Tue, 15 Jan 2002, Richard Fifarek wrote:
> > 
> > > 	The folks that I work for want to place a firewall between us and
> > > the "outside world" to help minimize our exposure.  We have an ATM OC-3
> > > (155 Mb/s) link currently, and eventually that will be expanded to GigE.  
> > > My question is with a fairly vanilla firewall set (allow Ssh, HTTP/HTTPS, 
> > > SMTP, FTP; disallow everything else), what kind of horse power will this 
> > > require?  What kind of lag can I expect?  At OC-3 speeds, I'm guessing 
> > > that most machines could handle the load, however when it jumps up to 
> > > GigE, I expect problems.  With 2.4 supporting threaded IP stack, SMP makes 
> > > sense 2-4 processors.  Would Xeon's extra cache make a difference?
> > > 
> > > 	     -----------------------------------------------------
> > > 	     Richard H. Fifarek	       		rfifarek@silug.org
> > >              -----------------------------------------------------
> > > 
> > > 
> > > 
> > > 
> > > -
> > > To unsubscribe, send email to majordomo@silug.org with
> > > "unsubscribe silug-discuss" in the body.
> > > 
> > 
> > 
> > -
> > To unsubscribe, send email to majordomo@silug.org with
> > "unsubscribe silug-discuss" in the body.
> > 
> 
> 	     -----------------------------------------------------
> 	     Richard H. Fifarek	       		rfifarek@silug.org
>              -----------------------------------------------------
> 
> 
> -
> To unsubscribe, send email to majordomo@silug.org with
> "unsubscribe silug-discuss" in the body.
> 


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

References:
- Re: Firewalling High Speed Interfaces (ATM -> GigE)
  - From: Richard Fifarek <rfifarek@silug.org>

Prev by Date: Re: Firewalling High Speed Interfaces (ATM -> GigE)
Next by Date: Re: recompiling kernels in Red Hat 7.2
Prev by thread: Re: Firewalling High Speed Interfaces (ATM -> GigE)
Next by thread: mod_cvs
Index(es):
- Date
- Thread