Debian routers + firewalls for large ISP?
Hi all,
I'm looking for experts advice about possible firewalling with debian.
I'm
needing to serve a very heavy load of clients/bandwidth and I'm not sure
if
it is do-able with Linux based OSs and today's machine, due to my test
results.
Here's the specs:
1) Serving video + audio streaming only, clustered environment pushing
the stuff
2) 10GB/second sustained bandwidth, 40GB/second peaks (long peaks,
sometimes hours), growing fast
3) 200 000 simultaneous clients, growing, expecting 0.5 million within a
year
3) Service responding on a specific port, serving through established
non-priv ports
4) Need redundancy on the firewalling and interfaces.
5) We would prefer to be able to manage Linux boxes rather than Cisco
routers.
We are looking at Cisco 6500 series routers + redund. options that we
can add to it,
cause what we've tried with linux so far "dies under the load".
The firewall ruleset is small as we're listening to 1 port for this
service,
but it seems that no matter the "super computers" we tried, they would
all crawl
to their death due to heavy processor usage by iptables.
Should it be doable to serve such traffic through iptables on debian, if
yes,
what would be the best way to approach this. I cannot fail, this is 24/7
operations.
Maybe we had too many connections per adapters, filling the 65k ports,
didn't have
much time to look at it, we had to put the original routing back on fast
when our tests
failed.
Thanks in advance for any help you may provide, guidance to accomplish
this with success
would be very appreciated.
BTW, $$$ for required hardware is not an issue... so if you suggest
pricey stuff, I don't care.
Martin H.
Reply to: