anybody have a ballpark figure of what sort of hardware I would need? I want it to do firewalling and routing, and that's about it. To start with, I would use Intel Pro/1000 Server adapters (for the TCP offload), but what about the rest?
Let's say I wanted to build a gigabit speed router
- Thread starter Brazen
- Start date
i like the Dlink gaming router. I bought one for $70 of ebay. Cheap considering its got 4 gigabit port plus extra cool features.
- Oct 25, 1999
- 29,546
- 422
- 126
It is very nice (since you got it for $70), and I sure that you would enjoy it:thumbsup:
However when obtained through regular retail, objective analysis shows.
This Router is one of the most expensive Entry Level Routers.
As a Router it is No better than other Good Routers.
As a Giga Switch it does not support Jumbo frames.:thumbsdown:
One can buy a regular Wireless Cable/DSL Router, and get an SMC Giga switch.
It will cost the same (or less) and it would be a better Giga Network.
:sun:
I agree with JackMDS in terms of an answer to the OP Brazen.
Plus he didn't really mention it explicitly, but I doubt the gigabit dlink hits above 50mbit in terms of routing from WAN (internet) to LAN (computers).
Usually the most cost effective solution is a gigabit switch after the router. Why? Because 99% of all home internet connections are 1.5mbit or 3mbit or maybe if you are lucky, 6mbit. Thats not even touching close to 10mbit or 100mbit let alone gigabit. In fac 99% of all DSL (and I think cable too) modems have only 10mbit max hardware inside. So if it wont be helpful in terms of the internet traffic, its only going to be useful when transfering files on the local network. Like if you regularly transfer gigabytes of mp3s, or movies, or whatever from one computer to another. So since gigabit is only going to be useful for your internal network, much cheaper to just use a gigabit switch, and throw gigabit cards into the computers.
Essentially what I'm saying is that since your bottleneck is probably going to be the 10mbit hardware in your modem, or perhaps the maximum speed of your internet, then your pipe will be like this:
internet------router----gigabitswitch======
You could do what you are saying and get:
internet-----router====gigabitswitch=====
The small pipe at the start will still restrict everything speedwise.
Now if you are still serious, you would need good quality network cards as you mentioned, then you need a server capable of routing gigabit traffic. If you dont want to get dedicated cisco hardware for quite a few thousand dollars (probably $10k-$20k minimum), then you would need to build a linux computer that could handle it. Or buy one of those dell servers that doesn't come with an OS and setup linux on it. I dont think windows is going to cut it on a being a gigabit router if you really want gigabit type throughput.
Plus he didn't really mention it explicitly, but I doubt the gigabit dlink hits above 50mbit in terms of routing from WAN (internet) to LAN (computers).
Usually the most cost effective solution is a gigabit switch after the router. Why? Because 99% of all home internet connections are 1.5mbit or 3mbit or maybe if you are lucky, 6mbit. Thats not even touching close to 10mbit or 100mbit let alone gigabit. In fac 99% of all DSL (and I think cable too) modems have only 10mbit max hardware inside. So if it wont be helpful in terms of the internet traffic, its only going to be useful when transfering files on the local network. Like if you regularly transfer gigabytes of mp3s, or movies, or whatever from one computer to another. So since gigabit is only going to be useful for your internal network, much cheaper to just use a gigabit switch, and throw gigabit cards into the computers.
Essentially what I'm saying is that since your bottleneck is probably going to be the 10mbit hardware in your modem, or perhaps the maximum speed of your internet, then your pipe will be like this:
internet------router----gigabitswitch======
You could do what you are saying and get:
internet-----router====gigabitswitch=====
The small pipe at the start will still restrict everything speedwise.
Now if you are still serious, you would need good quality network cards as you mentioned, then you need a server capable of routing gigabit traffic. If you dont want to get dedicated cisco hardware for quite a few thousand dollars (probably $10k-$20k minimum), then you would need to build a linux computer that could handle it. Or buy one of those dell servers that doesn't come with an OS and setup linux on it. I dont think windows is going to cut it on a being a gigabit router if you really want gigabit type throughput.
I'm not sure if this is a driver thing or not, but the SysKonnect based cards are supposed to be the hot ones to get these days under OpenBSD. Just something to look for so you don't end up wasting money on "okay" cards. 
I have an IPCop ProxyWall with Gigabit. I'm using Intel Pro1000MT Nic for the LAN side and Pro100+ for the WAN connect . The box is a home-built using an old Intel L440GX, (2) Slot 1 PIII 450, 18GB SCSI, and 512MB Ram. For a single user, there is a noticable diff in speed over 100Mbps, but nothing near 10x. The real advantage comes when you have sevaral users banging away at it. I have 35 machines sharing this box. Of course, this will also depend on your users surfing habits. If they all visit pretty much the same sites, *AND* you have a large enough segment of memory allocated for caching, then you'll "feel" the speed increase.
Well, it would be easy to purchase something like an intel 3+Ghz and say 2Gig of fast RAM and 2 Intel Pro1000 server adapters. The best case would be if there was hardly any difference in speed from just having a Cisco gigabit switch in place. I just didn't know if the above hardware would be adequate for that much traffic, and was hoping someone here had built a similar device and had some insite on what kind of hardware they used and how much bandwidth they were getting through it.
I could possibly get beefier hardware, but of course I don't want to spend more than necessary, especially if the above config would already be more than adequate.
I could possibly get beefier hardware, but of course I don't want to spend more than necessary, especially if the above config would already be more than adequate.
OK, I should ask, are you trying to use this to bridge/route traffic between 2 diff local Gigabit LANS, or as an Internet Gateway?
The hardware required to build a firewall that will truly handle 1 gig doesn't exist in the PC world.
There are however a few boxes out there that can do it. They start at around 50 thousand dollars and go to 200K.
Cisco has gigabit routers for $5,000, although their firewall starts at $20,000 for gigabit throughput, and yes I would like to do firewalling. SonicWall also has gigabit firewalls for $10,000. I tried finding details on hardware specifications in the Cisco products with no luck.
I did however find out that SonicWall uses an Intel Xeon in their gigabit firewall. I suppose that would be a starting point. Later, I will probably dig around and try to find more specific what speed of Xeon and how much RAM they use. I'm still open to hear from anyone who has done this, though.
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
Intel just released specs for their 10G cards, so those will probably end up being the best supported on Linux in the near future. But if you already have cards you probably don't want to be buying new ones.
The biggest problem will probably be the firewall rules delaying packets, netfilter's locking is pretty granular so it'll be up to you to design your rules properly.
In a close second will probably be memory->card bandwidth. If you can put each card on it's own bus and bind each card's IRQ to a seperate CPU (assuming SMP) you should get good throughput, but no I haven't done it.
The biggest problem will probably be the firewall rules delaying packets, netfilter's locking is pretty granular so it'll be up to you to design your rules properly.
In a close second will probably be memory->card bandwidth. If you can put each card on it's own bus and bind each card's IRQ to a seperate CPU (assuming SMP) you should get good throughput, but no I haven't done it.
asking a 5000 dollar router to do gigabit firewall just ain't gonna happen.
Having the interfaces and actually being able to perform stateful firewalling are different things. But to get gigabit performace usually hardware is involved (asics)
Have you actually looked at the specs for the ultra expensive Cisco PIX 500 series stateful firewalls? They're based on Intel processors with the highest model PIX 535 sporting only a Pentium III 1GHz. I've actually opened up a PIX 520 and it's just an Intel Pentium II CPU (if I remember correctly 350MHz), Intel ATX motherboard and desktop Intel 82559 100Mbit NICs. I haven't had a chance to open up the PIX 525's since they're in production but "show version" lists PIII 600Mhz. I doubt you'll have much problems building a PC based stateful firewall handling gigabit traffic running some flavor of BSD. It's been done before.
Yes, Cisco charges a lot of money for undeserved hardware. They charge even more money for the hardware that does deserve it.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter