View Single Post
  #1   (View Single Post)  
Old 15th May 2008
gunderwood gunderwood is offline
New User
 
Join Date: May 2008
Posts: 2
Default Firewall Hardware Questions

I am new to OpenBSD and am interested in building a firewall. I have read some books and searched the Internet, but still have some questions about my hardware.

I want to filter on several GbE zones at once, but my traffic is very bursty. Very little average traffic (Mb/sec range) and then the occasional multi-GB transfers. I was planning on using several of the Intel Pro GbE dual or quad interface cards. My research showed some problems with the quad port cards. From what I could find, this is an out-standing issue; correct? For redundancy and extra bandwidth a total of 6-8 GbE ports with NIC teaming would be needed to filter 3-4 zones. If I can't use quad port adapters, then I will need multiple dual port adapters. My original spare computer would support this, but I am uncertain now after researching SMP support. Here is what I had in mind:

Asus P5W64 WS Professional, Intel C2D E6600, 2GB RAM, etc.

I was thinking this would be ideal with all the PCIe ports. I have a Spare Opteron 165, but MB is junk and it "only" has 512MB of RAM. I could use either one, but I liked the C2D because I already have a good MB, lots of RAM, and 4x PCIe slots. However, with SMP support being what it is, I feel like there maybe better uses for these machines and I should just pick up a UP Opteron, etc.

I should note that the reason for the beefy hardware when the average bandwidth is so little, is because when the multi-GB transfers happen they may be concurrent or should have very little impact on the other traffic (assuming there is spare bandwidth). Also in the near future, there are plans to add VPN support (probably 256bit AES, but uncertain atm). The firewall also will be working with an IDS and WAP.

So, the question is what would the ideal OpenBSD firewall hardware look like to filter 6-8 GbE ports? Should I use the hardware I have or pick something up for cheap?

I appreciate any help and would love to hear from someone who has done this. Thanks.
Reply With Quote