Options for a 24-port firewall?

Jim Dennis jimd at starshine.org
Tue Nov 8 00:33:28 PST 2005


On Sat, Oct 29, 2005 at 07:20:05PM -0700, Alvin Oga wrote:
 
> hi ya michael
 
> On Sat, 29 Oct 2005, Michael T. Halligan wrote:
 
>>> On Sat, Oct 29, 2005 at 01:21:53PM -0700, Michael T.Halligan wrote:

>>>> I'm sitting around, analyzing my firewall needs. My needs are pretty
>>>> simple. I need to be able to throw a lot of customers on their own
>>>> 100mb firewall ports. Most customers
>>>> will never use more than about 3 mb/s. Given this, I expect the
>>>> overall throughput for 24 customers, given some flux, to be about
>>>> 150mb/s.  Ideally, I'd love to throw Linux or
>>>> OpenBSD onto a box that has 1/2 dozen quad ethernet cards.. I'd also
 
> motherboards with 6-pci slots is harder to find but if you're not
> locked to a particular cpu or mb vendor .. its doable ..
 
> yo'd probably want pci-x instead and there's probably not many 
> choices of mb for 4x or 6x 64-bit pci slot motherboards ..

 Why not get a $2000 white box 1U with a couple of 4-port PCI NICs
 (at less than $500 each)?

 That gives you 8 separate ethernet Interfaces, 3 or 4 drive slots 
 (possibly hot-swappable ... SATA or SCSI ... for software or hardware
 RAID (depends on your preferences and motherboard).

 Duplicate the whole mess for redundancy and your up to $6-grand.

 Leaves you $1500 in your budget for doing your own installation,
 configuration, testing, or buying around a beers with the gang.

 If space is not an issue then get a couple of 3u servers with three
 or four PCI slots and fill those with the 4-port wonders.  12 to
 16 interfaces.  (I know Linux can handle those, I've done it).
 I wouldn't try doing complex SNORT analysis and logging on even 8
 of the 100Mbps ports at once ... but simple routing and packet
 filtering should be possible at full line speed for those.
 
> openbsd would be better os

 The proposed solution would let you pick whatever, suits your fancy.
 
>>>> like to keep the budget per firewall under $7.5k, which rules out any
>>>> commerical solution.
 
> i'd go for 2 machines instead of 1 ... 
> and seems doable for the budget .. except for the "time for home brew" :-)
 
> c ya
> alvin
 
-- 
Jim Dennis



More information about the Baylisa mailing list