[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firewalling High Speed Interfaces (ATM -> GigE)

To: <silug-discuss@silug.org>
Subject: Re: Firewalling High Speed Interfaces (ATM -> GigE)
From: Richard Fifarek <rfifarek@silug.org>
Date: Tue, 15 Jan 2002 15:43:04 -0600 (CST)
In-Reply-To: <Pine.LNX.4.33.0201151506140.27255-100000@web1.lanscape.net>
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

Regarding the x86, they do use PIIIs:
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/535_ds.htm

Based on the specs it appears that they use 64 bit PCI slots to get the 
1Gbps speed though.

On Tue, 15 Jan 2002, Mark Bishop wrote:

> 
> 
> Here are a few assumptions:
> 
> the PCI bus can only handle around 500MB/s, then add the overhead of the
> firewall and that goes down, unless of course you are using one of the new
> PCI-X standards, which is 64-bit and can handle bursts of up over 1
> gigabit/sec (1066MB/sec).  Something like a dual or a quad Xeon should be
> able to handle it.  I'd probably go with a quad just to ensure that the
> processors are never the bottleneck and that it's the latency in the PCI
> bus, which you really can't do anything about.
> 
> But, again I'd probably go get a Cisco, just because they are more adapt 
> at doing just this thing.
> 
> 
> 
> 
> On Tue, 15 Jan 2002, Richard Fifarek wrote:
> 
> > 	The folks that I work for want to place a firewall between us and
> > the "outside world" to help minimize our exposure.  We have an ATM OC-3
> > (155 Mb/s) link currently, and eventually that will be expanded to GigE.  
> > My question is with a fairly vanilla firewall set (allow Ssh, HTTP/HTTPS, 
> > SMTP, FTP; disallow everything else), what kind of horse power will this 
> > require?  What kind of lag can I expect?  At OC-3 speeds, I'm guessing 
> > that most machines could handle the load, however when it jumps up to 
> > GigE, I expect problems.  With 2.4 supporting threaded IP stack, SMP makes 
> > sense 2-4 processors.  Would Xeon's extra cache make a difference?
> > 
> > 	     -----------------------------------------------------
> > 	     Richard H. Fifarek	       		rfifarek@silug.org
> >              -----------------------------------------------------
> > 
> > 
> > 
> > 
> > -
> > To unsubscribe, send email to majordomo@silug.org with
> > "unsubscribe silug-discuss" in the body.
> > 
> 
> 
> -
> To unsubscribe, send email to majordomo@silug.org with
> "unsubscribe silug-discuss" in the body.
> 

	     -----------------------------------------------------
	     Richard H. Fifarek	       		rfifarek@silug.org
             -----------------------------------------------------


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: Firewalling High Speed Interfaces (ATM -> GigE)
  - From: Mark Bishop <mark@bish.net>

References:
- Re: Firewalling High Speed Interfaces (ATM -> GigE)
  - From: Mark Bishop <mark@bish.net>

Prev by Date: Re: Firewalling High Speed Interfaces (ATM -> GigE)
Next by Date: Re: Firewalling High Speed Interfaces (ATM -> GigE)
Prev by thread: Re: Firewalling High Speed Interfaces (ATM -> GigE)
Next by thread: Re: Firewalling High Speed Interfaces (ATM -> GigE)
Index(es):
- Date
- Thread