Mathias Kölsch wrote:
Hi, What are the system requirements for a debian-based router/firewall for gigabit ethernet adapters?
I reply to the original post, the thread seems to lost some focus.I spent this weekend to look for an article that discussed these questions, but I was unable to find it.
The PCI-bus got some limitations, i think it was about 433 mbit/s IRL.I recommend you to investigate PCI-X (or newer if it exists, I didn't find the article so I don't now how outdated this information is).
My experience from x86 gigabit solutions is that the throughput is about 0,5 Gbit and the CPU is idling quite a lot but you don't find fast/good PCI solutions in old machines.
To be honest (and taking the risc of being flamed) I would recommend a Cisco 4000-series MSFC router/switch, perhaps with FW feature set IOS if bandwidth is the critical point but it's quite expensive.
But, again, things might have evolved since my last GB-firewall so I DON'T say its bad but you asked for personal experiences, right?
Best regards Martin Burman, Sweden [This mail might contain Bad English (tm). I'm not a native English speaker]
Details: I need to put a subnet of about 20 machines, all gigabit ethernet, including a gigabit switch, behind a fast but flexible firewall. Debian seems to be a good choice for many reasons, however, I have no experience on the demands of a high-throughput firewall on CPU, buses, and the entire system. Can somebody confirm or crush my suspicion that basically any reasonably fast (100+MHz) CPU with little (128MB) memory is capable of handling the traffic organization between two gigabit interfaces? And more generally, what pitfalls are there to be avoided when choosing hardware for this purpose? Pointers to performance measurements and other hard evidence are highly appreciated! Thanks a bunch, Matz.