Hi List,
I am looking for 1U firewall hardware, any ideas? Something like that (http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-pfsense-gh...) but at least with 5GBit nics and more memory.
-- Eero
On Sun, May 15, 2011 at 8:36 AM, Eero Volotinen eero.volotinen@iki.fi wrote:
Hi List,
I am looking for 1U firewall hardware, any ideas? Something like that (http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-pfsense-gh...) but at least with 5GBit nics and more memory.
-- Eero
Supermicro has an Atom D525 with dual onboard Intel Gigabit NICs and PCI-E expansion slot. http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPE-HF-D525.cfm
You have your option of front or back IO case. Links are to the cases with high efficiency power supply. http://www.supermicro.com/products/chassis/1U/503/SC503-200.cfm http://www.supermicro.com/products/chassis/1U/502/SC502-200.cfm
Just add memory, SSD, and 4 port Intel Gigabit NIC. I'm not sure the performance of the Atom handling full 5 Gbps of traffic.
If you have some money to spend Vyatta has a nice appliance with 6 Gigabit interfaces.
Ryan
2011/5/15 Ryan Wagoner rswagoner@gmail.com:
On Sun, May 15, 2011 at 8:36 AM, Eero Volotinen eero.volotinen@iki.fi wrote:
Hi List,
I am looking for 1U firewall hardware, any ideas? Something like that (http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-pfsense-gh...) but at least with 5GBit nics and more memory.
-- Eero
Supermicro has an Atom D525 with dual onboard Intel Gigabit NICs and PCI-E expansion slot. http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPE-HF-D525.cfm
thanks!
You have your option of front or back IO case. Links are to the cases with high efficiency power supply. http://www.supermicro.com/products/chassis/1U/503/SC503-200.cfm http://www.supermicro.com/products/chassis/1U/502/SC502-200.cfm
Just add memory, SSD, and 4 port Intel Gigabit NIC. I'm not sure the performance of the Atom handling full 5 Gbps of traffic.
This looks good, but lacks processor power: http://www.mini-itx.com/store/?c=40
-- Eero
You can use something like this Atom 525 dual core motherboard:
http://www.jetwaycomputer.com/NF99.html
Or this Atom C550 dual core board:
http://www.jetwaycomputer.com/NC9C.html
With the AD3INLAN-G daughterboard:
http://www.jetwaycomputer.com/Daughter_Board.html
This will give you 5 Gigabit Ethernet ports (2 on PCIe and 3 on PCI) and a free PCI slot on which you can put up to 4 more. Of course it all depends on the needed concurrent traffic.
On 5/15/2011 5:26 PM, Miguel Medalha wrote:
You can use something like this Atom 525 dual core motherboard:
http://www.jetwaycomputer.com/NF99.html
Or this Atom C550 dual core board:
http://www.jetwaycomputer.com/NC9C.html
With the AD3INLAN-G daughterboard:
http://www.jetwaycomputer.com/Daughter_Board.html
This will give you 5 Gigabit Ethernet ports (2 on PCIe and 3 on PCI) and a free PCI slot on which you can put up to 4 more. Of course it all depends on the needed concurrent traffic.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more.
pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more.
I am aware of that. But as I said it depends on your particular needs in *concurrent* traffic. Although it cannot sustain simultaneous Gigabit debits on all interfaces, i can sustain Gigabit bursts that are not simultaneous, as is often the case.
I have found that such a solution is perfectly capable when isolating a LAN, or several LANs, from a WAN, for example.
pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more.
I am aware of that. But as I said it depends on your particular needs in *concurrent* traffic. Although it cannot sustain simultaneous Gigabit debits on all interfaces, i can sustain Gigabit bursts that are not simultaneous, as is often the case.
I have found that such a solution is perfectly capable when isolating a LAN, or several LANs, from a WAN, for example.
If you really need concurrent Gigabit traffic on several interfaces, I would suggest that you get proper *dedicated* firewall/router hardware instead of building one from standard parts. It will be much more efficient.
On Sun, May 15, 2011 at 5:57 PM, Miguel Medalha miguelmedalha@sapo.pt wrote:
pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more.
I am aware of that. But as I said it depends on your particular needs in *concurrent* traffic. Although it cannot sustain simultaneous Gigabit debits on all interfaces, i can sustain Gigabit bursts that are not simultaneous, as is often the case.
I have found that such a solution is perfectly capable when isolating a LAN, or several LANs, from a WAN, for example.
If you really need concurrent Gigabit traffic on several interfaces, I would suggest that you get proper *dedicated* firewall/router hardware instead of building one from standard parts. It will be much more efficient.
I'm assuming the OP is trying to save money. A firewall with 5xGbe interfaces is going to thousands of dollars. With Cisco you would be looking at a ASA 5520, which only provides 4xGbe and 1x10/100. If you just need to provide inter-vlan routing and a firewall for Internet access a layer 3 switch and separate firewall would be best.
Ryan
I'm assuming the OP is trying to save money. A firewall with 5xGbe interfaces is going to thousands of dollars.
I was assuming the same. That's why I suggested the Jetway solution. I is economic and works very well in many scenarios. Not, of course, if you need *concurrent* Gigabit access on several interfaces. I stress *concurrent*.
I was assuming the same. That's why I suggested the Jetway solution. I is economic and works very well in many scenarios. Not, of course, if you need *concurrent* Gigabit access on several interfaces. I stress *concurrent*
I built one of these to connect several vlans to a 24Mbit ADSL internet access. It runs pfsense 2.0 and it works very well. Stable, fast and effective.
On Sun, May 15, 2011 at 6:20 PM, Miguel Medalha miguelmedalha@sapo.pt wrote:
I was assuming the same. That's why I suggested the Jetway solution. I is economic and works very well in many scenarios. Not, of course, if you need *concurrent* Gigabit access on several interfaces. I stress *concurrent*
I built one of these to connect several vlans to a 24Mbit ADSL internet access. It runs pfsense 2.0 and it works very well. Stable, fast and effective.
Unfortunately pfSense doesn't have IPv6 support yet. For now I've been going with Vyatta to future proof my installations. It is actually easier to reuse portions of the config with the CLI vs web gui. The only thing I miss is pfSense's RRD graphs. However a remote Cacti install works as well.
Ryan
On Sun, May 15, 2011 at 5:38 PM, William Warren hescominsoon@emmanuelcomputerconsulting.com wrote:
On 5/15/2011 5:26 PM, Miguel Medalha wrote:
You can use something like this Atom 525 dual core motherboard:
http://www.jetwaycomputer.com/NF99.html
Or this Atom C550 dual core board:
http://www.jetwaycomputer.com/NC9C.html
With the AD3INLAN-G daughterboard:
http://www.jetwaycomputer.com/Daughter_Board.html
This will give you 5 Gigabit Ethernet ports (2 on PCIe and 3 on PCI) and a free PCI slot on which you can put up to 4 more. Of course it all depends on the needed concurrent traffic.
pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more.
I would defiantly stick with PCIe for 5 NICs. Additionally Realtek NICs don't offer the best performance and their drivers are hit or miss. The Supermicro board has Intel PCIe NICs onboard and a PCIe expansion slot. This should give you full performance depending on the Atom processor. It really comes down to if you are just moving packets or needing to do packet inspection.
Ryan
I would defiantly stick with PCIe for 5 NICs. Additionally Realtek NICs don't offer the best performance and their drivers are hit or miss. The Supermicro board has Intel PCIe NICs onboard and a PCIe expansion slot. This should give you full performance depending on the Atom processor. It really comes down to if you are just moving packets or needing to do packet inspection
The daughterboard I pointed to contains Intel 3 Gigabit chips.
By the way, the OP never told us what would be the intended use for the firewall he needs.
pci is a shared bus with a max of 2 gigabits. you'll see a gigabit but never see two or more.
32bits * 33MHz = 1,056,000,000 bps. PCI is an arbitrated bus with one talker at a time (half-duplex), so it's only capable of half the data rate of a 1Gbps (full duplex) network.
In practice, I've yet to achieve more than ~ 400Mbps on a PCI based Gbit NIC, even PCI-X based Intel NICs often fall short (~600Mbps) despite the theoretical bandwidth of the bus. In my experience, PCI-e is the only bus fast enough on consumer PC hardware to sustain Gbit data rates.
On paper, PCI-e 1x should support two 1 Gbit ports (four ports if using PCI-e v2.0). However, the multiport Gbit NIC manufactures all seem to have settled on PCI-e 4x, similar to how gfx card makers have settled on 16x whether or not the card can use or benefit from the additional bandwidth.
--Blake
Does it have to be 1RU ?
These are excellent;
http://routerboard.com/index.php?showProduct=90
5 GIGABIT etc
On Sun, May 15, 2011 at 10:36 PM, Eero Volotinen eero.volotinen@iki.fiwrote:
Hi List,
I am looking for 1U firewall hardware, any ideas? Something like that ( http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-pfsense-gh... ) but at least with 5GBit nics and more memory.
-- Eero _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Sorry wrong URL;
I was trying to point you to the RB750G model in particular.
http://routerboard.com/pricelist.php?showProduct=90
Cheers.
On Mon, May 16, 2011 at 9:07 AM, Brian McKerr bmckerr@gmail.com wrote:
Does it have to be 1RU ?
These are excellent;
http://routerboard.com/index.php?showProduct=90
5 GIGABIT etc
On Sun, May 15, 2011 at 10:36 PM, Eero Volotinen eero.volotinen@iki.fiwrote:
Hi List,
I am looking for 1U firewall hardware, any ideas? Something like that ( http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-pfsense-gh... ) but at least with 5GBit nics and more memory.
-- Eero _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Does it have to be 1RU ?
This one is 1U:
http://routerboard.com/pricelist.php?showProduct=98
13 Gigabit ports
I'm a big fan of Sonicwall .... have a look at what they offer ... price not too bad either
On Mon, May 16, 2011 at 8:00 AM, Miguel Medalha miguelmedalha@sapo.ptwrote:
Does it have to be 1RU ?
This one is 1U:
http://routerboard.com/pricelist.php?showProduct=98
13 Gigabit ports
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 05/15/11 5:00 PM, Miguel Medalha wrote:
http://routerboard.com/pricelist.php?showProduct=98
13 Gigabit ports
note 10 of those ports are on ethernet switches, so the actual router probably only has 5 ethernet ports, 3 dedicated and 2 switch groups of 5 ports each.
also note this doesn't run centos, it runs the vendors own proprietary RouterOS linux distribution.
On 05/15/2011 05:56 PM, John R Pierce wrote:
On 05/15/11 5:00 PM, Miguel Medalha wrote:
http://routerboard.com/pricelist.php?showProduct=98
13 Gigabit ports
note 10 of those ports are on ethernet switches, so the actual router probably only has 5 ethernet ports, 3 dedicated and 2 switch groups of 5 ports each.
also note this doesn't run centos, it runs the vendors own proprietary RouterOS linux distribution.
If your looking for a more enterprise solution that runs linux and is Red Hat certified, there's always the Dell R210 with configurations ranging from a Celeron (about $500 USD), Core I3, on up to a quad Xeon starting at $820 USD, 2 onboard broadcom gigE's and 1 X16 PCIexpress slot which could host a 4 port gigE card. It supports the Dell remote access controller. The only advantage I see to the Atom based system is they probably use a bit less power.
Nataraj
On Mon, May 16, 2011 at 2:21 AM, Nataraj incoming-centos@rjl.com wrote:
On 05/15/2011 05:56 PM, John R Pierce wrote:
On 05/15/11 5:00 PM, Miguel Medalha wrote:
http://routerboard.com/pricelist.php?showProduct=98
13 Gigabit ports
note 10 of those ports are on ethernet switches, so the actual router probably only has 5 ethernet ports, 3 dedicated and 2 switch groups of 5 ports each.
also note this doesn't run centos, it runs the vendors own proprietary RouterOS linux distribution.
If your looking for a more enterprise solution that runs linux and is Red Hat certified, there's always the Dell R210 with configurations ranging from a Celeron (about $500 USD), Core I3, on up to a quad Xeon starting at $820 USD, 2 onboard broadcom gigE's and 1 X16 PCIexpress slot which could host a 4 port gigE card. It supports the Dell remote access controller. The only advantage I see to the Atom based system is they probably use a bit less power.
Nataraj
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I have always liked the look of the 19" 1u case from varia ( http://www.varia-store.com/) for firewalls, but you willl have an issue getting 5gb nics with one of these cases.
When I needed something similar with four 4gb nics i used an ASUS Hummingbird board with a Travla C146 case. The board has two intel gb nics on the board, and one PCIe X1 slot. I used the PCIe slot to add two intel PCI cards to get x4 gb nics in total. I also have a PCIe x1 to PCIe x16 riser/adapter from linitx.com to allow the eventual installation of 4port gb intel card to give 6 gb nics in total.
I don't know how quick or otherwise my 4gb nic setup is but i have not noticed any issues with it during the last 9 months or so.
jk
-
Blake Hudson -
Brian McKerr -
Carel Lubbe -
Eero Volotinen -
James Kelly -
John R Pierce -
Miguel Medalha -
Nataraj -
Ryan Wagoner -
William Warren