[CentOS] Theoretical Firewall Specs?
John R Pierce
pierce at hogranch.com
Tue Jan 17 23:52:06 UTC 2012
On 01/17/12 3:36 PM, Jason T. Slack-Moehrle wrote:
> So, the more I look at various ways to lay out my infrastructure, the more I am thinking about specs for hardware.
>
> Starting with firewalling.
>
> How does one determine the specs for a firewall?
>
> What I mean is:
>
> 1. motherboard/CPU - p4? Dual-Core? Intel i3, i5, i7?
>
> 2. RAM? 4gb? 8gb? More? 32gb?
>
> 3. Obviously GB Nics!
>
> I am bring about 300gb of traffic a month right now and I expect that to increase significantly with my next offerings.
>
> Obviously one answer is to but a beefy motherboard that supports lots of RAM and add more as needed, but where does one start out?
>
> How do I know if my firewall would need more RAM?
>
> How do I know if the CPU is good enough?
a pure firewall at gigE speeds really doesn't need that much ram and
only a fair-to-middling processor. more than 2 cores would likely be
wasted. Its when you start layering other server functionality on top
of the firewall system is when you need more hardware.
I'd expect with a firewall-centric OS distribution like pfSense, a dual
core 2-3Ghz I3 could easily keep up with gigE and quite complex rule
sets, several network zones. No storage requirements at all, unless you
plan on keeping your logging local on the firewall. to maintain gigE
throughput you'll want to use server grade NICs and not cheap desktop
ones. If you're using a lot of VPN encryption, more and/or faster CPU
cores would be useful. a few 100MB of ram is plenty for 100s of 1000s
of concurrent connections, so unless you're doing other ram intensive
stuff like Snort or NetTop, 1GB ram would be plenty.
--
john r pierce N 37, W 122
santa cruz ca mid-left coast
More information about the CentOS
mailing list