• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

pfsense and high traffic site

T

TechBoyJK

Lifer
A customer of mine, at the datacenter I work at, consistently has between 50Mbps-200Mbps traffic, with some spikes up to 600Mbps. The largest spike they've ever had was 650Mbps.

They are looking at spending over $20k for two Juniper firewalls.

All they need is a basic bridging firewall (so that the firewall can be removed from the network without issue). They need basic traffic blocking.

Could a pfsense install on a dual cpu quad core Xeon system with 2GB 1333Mhz ram and gigE network adapters get the job done? If so, I could give them 3 firewalls for less than $10k, one active, one passive, one cold...

 
Doubtful. Plus the Juniper firewalls come with support and maintenance.

This is NOT something you want a PC to be doing.
 
Originally posted by: spidey07
Doubtful. Plus the Juniper firewalls come with support and maintenance.

This is NOT something you want a PC to be doing.
Click to expand...

Ok.. I was reading that the latest TCP stack in FreeBSD can handle up to 10Gig traffic..

If the system is just doing basic traffic filtering, where would it choke?
 
It depends. A hardware firewall will be doing a lot of this in hardware, you'd asking a CPU to do all the work.
 
Originally posted by: spidey07
It depends. A hardware firewall will be doing a lot of this in hardware, you'd asking a CPU to do all the work.
Click to expand...

True..

Could the dual gigE ports, if there was little processing involved, handle the traffic, if the server was just acting as a bridge? My hardware manager seems to think that if you just bridged eth0 and eth1 as br0, and put the firewall out front of the network, it "should" be able to pass that traffic easily, even if its 1Gbps (the max of the nics). It would come down to if the TCP stack of the OS could handle it, and apparently FreeBSD can do up to 10Gbps

IMO, all that would be applied would be basic port blocking rules. I understand as the rule chain gets more complex, more cpu resources would be needed, but......

The server would be a dual CPU, 2.4Ghz quad core xeon with 1333mhz memory... 8 cores of processing on a very light, thin freebsd install...
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top