[unisog] IPTables as high banwidth firewall

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Fri Jul 29 21:58:11 GMT 2005

On Fri, 29 Jul 2005 14:04:42 PDT, Johan van Reijendam said:
> Have any members on this list had any experience using a linux host with 
> iptables as a firewall handling and filtering high volume traffic.

What do you consider "high volume"?  The question of "why does a Cisco cost
so much more than a PC?" is raised every few months on the NANOG list, and the
basic bottom line remains the same:  If you have 2 network interfaces in a Linux
box, it's most probably using a PCI bus.  So you get limited by the available
PCI/backplane bandwidth (and keep in mind that the CPU will likely need some
backplane cycles too, unless you make sure that you have a CPU with a really
hefty L2 cache).

Do you have an interface/packets-per-second target?  An OC12, OC48, etc?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050729/c70f3e32/attachment.bin

More information about the unisog mailing list