|
||||||||
> > Internet > > ^ > > | 1 Mbps > > | > > +----------+ 1000Mbps +-------------------------------+ > > | MonoWall | <----------> | perimeter network - 4 servers | > > +----------+ +-------------------------------+ > > || > > || 1000Mbps > > \/ > > LAN > > > > Is MonoWall suitable for this scenario? Is it powerfull enough for 1000Mbps? Could you recomend me suitable HW configuration for MonoWall box in this scenario. We got a test on this list with a Opteron 1,6GHz... maybe this helps you: http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=119&actionargs[]=78 > With a really fast box and good quality PCI-X gig cards on separate > PCI buses, it should push upwards of 700-800 Mb easily. Can't say > that I've tried it specifically with m0n0wall. > > I've specifically tested some 'em' Intel PRO/1000 desktop NIC's on > FreeBSD. A P4 1.6 will push about 550-600 Mb, and a P3 733 about 400 > Mb. One NIC only, no routing. For routing, it would probably be a > bit less than half of that. The bottleneck in both cases is the CPU, > because those cards offload most everything to the CPU. They're only > $30 USD a pop though, you need something much better than those, some > of the higher end Intel gig cards are supported and should do well. > > I question how much you really need gig wire speed throughput, > considering the cost of the box that would be required. For a > commercial firewall, you'd be looking at at least $5-10K USD to get > wire speed, and probably $2500 for a m0n0wall box. You'd need the > fastest processor you can get, a server motherboard with multiple PCI > buses, and good quality gig cards. For your internet connection > speed, you could get by with a $200 box like a WRAP or Soekris. If > you're just running some web and mail servers in your perimeter > network, you'd get by with a Soekris unless you have to push some > serious traffic from those perimeter servers. Arent there cheap PCI-Express boards available that using a fast Gbit NIC and a huge P4 could maybe get up to the Gbit ? |