[unisog] IPTables as high banwidth firewall
Valdis.Kletnieks at vt.edu
Fri Jul 29 21:58:11 GMT 2005
On Fri, 29 Jul 2005 14:04:42 PDT, Johan van Reijendam said:
> Have any members on this list had any experience using a linux host with
> iptables as a firewall handling and filtering high volume traffic.
What do you consider "high volume"? The question of "why does a Cisco cost
so much more than a PC?" is raised every few months on the NANOG list, and the
basic bottom line remains the same: If you have 2 network interfaces in a Linux
box, it's most probably using a PCI bus. So you get limited by the available
PCI/backplane bandwidth (and keep in mind that the CPU will likely need some
backplane cycles too, unless you make sure that you have a CPU with a really
hefty L2 cache).
Do you have an interface/packets-per-second target? An OC12, OC48, etc?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050729/c70f3e32/attachment.bin
More information about the unisog