[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firewalling High Speed Interfaces (ATM -> GigE)





Here are a few assumptions:

the PCI bus can only handle around 500MB/s, then add the overhead of the
firewall and that goes down, unless of course you are using one of the new
PCI-X standards, which is 64-bit and can handle bursts of up over 1
gigabit/sec (1066MB/sec).  Something like a dual or a quad Xeon should be
able to handle it.  I'd probably go with a quad just to ensure that the
processors are never the bottleneck and that it's the latency in the PCI
bus, which you really can't do anything about.

But, again I'd probably go get a Cisco, just because they are more adapt 
at doing just this thing.




On Tue, 15 Jan 2002, Richard Fifarek wrote:

> 	The folks that I work for want to place a firewall between us and
> the "outside world" to help minimize our exposure.  We have an ATM OC-3
> (155 Mb/s) link currently, and eventually that will be expanded to GigE.  
> My question is with a fairly vanilla firewall set (allow Ssh, HTTP/HTTPS, 
> SMTP, FTP; disallow everything else), what kind of horse power will this 
> require?  What kind of lag can I expect?  At OC-3 speeds, I'm guessing 
> that most machines could handle the load, however when it jumps up to 
> GigE, I expect problems.  With 2.4 supporting threaded IP stack, SMP makes 
> sense 2-4 processors.  Would Xeon's extra cache make a difference?
> 
> 	     -----------------------------------------------------
> 	     Richard H. Fifarek	       		rfifarek@silug.org
>              -----------------------------------------------------
> 
> 
> 
> 
> -
> To unsubscribe, send email to majordomo@silug.org with
> "unsubscribe silug-discuss" in the body.
> 


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.