Re: Building a Gigabit firewall

[Alex de Joode <usura@zedz.net>]

On Thu, Jan 31, 2002 at 08:56:54AM +0000, Paul Reilly wrote:
> > traffic.  PCI bus speed is a biggie however -- for the amount of data
> > you're talking about, make sure you use a 64-bit/66MHz NIC and motherboard
> > to squeeze as much performance as possible from the system.  Build a
> > custom kernel for increased performance / high-bandwidth ability (increase
> > the buffer sizes), and strip the running processes to what you absolutely
> > need.
> >
> 
> I'm interested in this too. Has anyone built a GB firewall and if so what
> kind of performance did you achieve? Is it really viable building such a
> beast using PC hardware? I'd be interested to know what motherboard (PCI
> bus speeds) and NIC's were used. Also has anyone detailed how exactly to
> customise the kernel as suggested above. I think a lot of people would
> be interested in this.

Last week I've setup a Dell 1550 which will act as a corporate firewall,
for an organisation that has a GigE link to the internet. Usage normally
is very low so top performance wasn't needed (and isn't tested for).

The config:

cpu:	cpu0: Intel Pentium III (Coppermine) ("GenuineIntel" 686-class) 1 GHz
mem:	avail mem = 118554624 (115776K)
nic:	ti0 at pci1 dev 4 function 0 "Netgear GA620" rev 0x01:
nic:	ti1 at pci2 dev 4 function 0 "Netgear GA620" rev 0x01: 
nic:	skc0: SysKonnect SK-9821 Gigabit Ethernet Server Adapter (SK-NET GE-T)
nic:	fxp0 at pci0 dev 1 function 0 "Intel 82557" rev 0x08:
nic:	fxp1 at pci0 dev 2 function 0 "Intel 82557" rev 0x08

We haven't tested throughput, but if someone can suggest a 
'testsuite' I'm willing to test the box and post some stats.

-- 
Exit! Stage Left!