Archived from groups: comp.security.firewalls (More info?)
Hello!
I need some help finding the right hardware for a gigabit firewall.
Here is the most important information:
- about 250 users (each 100 MBit)
- mixed 100/1000 MBit backbone (local network)
- 1000 MBit Internet/university network <-> 1000 MBit internal network
- network use is typical "home use" (surfing, mail, chat, file sharing),
although a few large transfers may occur and some servers are running
in the local network (including game servers)
- firewall should do accounting (IP-based)
- only few firewall rules (blocking some ports)
I just measured the current packets/sec and packet sizes (11pm here) on
the 100 MBit firewall. If you need more data, I can test again at other
times.
- about 1600 - 1800 packets/sec (900 incoming, 700 outgoing)
- packet sizes (meassured over about 10 minutes):
Packet Size (bytes) Count Packet Size (bytes) Count
1 to 75: 407926 751 to 825: 4110
76 to 150: 525765 826 to 900: 2553
151 to 225: 75152 901 to 975: 8226
226 to 300: 83945 976 to 1050: 5214
301 to 375: 58937 1051 to 1125: 6429
376 to 450: 27464 1126 to 1200: 1353
451 to 525: 8909 1201 to 1275: 3449
526 to 600: 6935 1276 to 1350: 55322
601 to 675: 5246 1351 to 1425: 8184
676 to 750: 4799 1426 to 1500+: 362829
At the moment we think of one of the following solutions:
1) self built
- 1x P4 2.8 (Prescott, 1 MB cache, 800 MHz bus)
- Asus PSCH-SR
- 2x 256 MB PC3200
- 80GB 7200rpm S-ATA
- Intel SCA (Copper) + Intel 1000XF (PCI-X, Fiber)
2) Sun Fire v60x
- 1x Xeon 2.8 (512 KB cache) [upgradeable to 2x Xeon]
- 2x 512 MB PC2100
- 36 GB 10000rpm SCSI
- 2x Intel PCI-X (on seperate busses?) + converter copper <-> fiber
Solution 2 is more expensive, but has some advantages (Sun, Xeon, 1HE).
We plan to use a recent Linux 2.6 kernel.
Please tell me what kind of hardware is needed for this specific network
situation. I'd also like to hear some opinions regarding the two server
solutions. Because we are a dormitory, money is of concern.
Thanks a lot,
--
Carsten Otto
c-otto@gmx.de
www.c-otto.de
Hello!
I need some help finding the right hardware for a gigabit firewall.
Here is the most important information:
- about 250 users (each 100 MBit)
- mixed 100/1000 MBit backbone (local network)
- 1000 MBit Internet/university network <-> 1000 MBit internal network
- network use is typical "home use" (surfing, mail, chat, file sharing),
although a few large transfers may occur and some servers are running
in the local network (including game servers)
- firewall should do accounting (IP-based)
- only few firewall rules (blocking some ports)
I just measured the current packets/sec and packet sizes (11pm here) on
the 100 MBit firewall. If you need more data, I can test again at other
times.
- about 1600 - 1800 packets/sec (900 incoming, 700 outgoing)
- packet sizes (meassured over about 10 minutes):
Packet Size (bytes) Count Packet Size (bytes) Count
1 to 75: 407926 751 to 825: 4110
76 to 150: 525765 826 to 900: 2553
151 to 225: 75152 901 to 975: 8226
226 to 300: 83945 976 to 1050: 5214
301 to 375: 58937 1051 to 1125: 6429
376 to 450: 27464 1126 to 1200: 1353
451 to 525: 8909 1201 to 1275: 3449
526 to 600: 6935 1276 to 1350: 55322
601 to 675: 5246 1351 to 1425: 8184
676 to 750: 4799 1426 to 1500+: 362829
At the moment we think of one of the following solutions:
1) self built
- 1x P4 2.8 (Prescott, 1 MB cache, 800 MHz bus)
- Asus PSCH-SR
- 2x 256 MB PC3200
- 80GB 7200rpm S-ATA
- Intel SCA (Copper) + Intel 1000XF (PCI-X, Fiber)
2) Sun Fire v60x
- 1x Xeon 2.8 (512 KB cache) [upgradeable to 2x Xeon]
- 2x 512 MB PC2100
- 36 GB 10000rpm SCSI
- 2x Intel PCI-X (on seperate busses?) + converter copper <-> fiber
Solution 2 is more expensive, but has some advantages (Sun, Xeon, 1HE).
We plan to use a recent Linux 2.6 kernel.
Please tell me what kind of hardware is needed for this specific network
situation. I'd also like to hear some opinions regarding the two server
solutions. Because we are a dormitory, money is of concern.
Thanks a lot,
--
Carsten Otto
c-otto@gmx.de
www.c-otto.de
Facebook
Twitter
Instagram