[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HW for 100Mb firewall

I'm interested in setting up a firewall for our department using OpenBSD.
I'm never setup a OpenBSD firewall though I've got basic firewalling
working on a linux box at home.  

I was thinking about a system with 3 NICs (either 3c905b's or Intel
EtherExpress Pro 10/100s) , 1 for the outside world, 1 for our private
net, and 1 for a network of semi trusted hosts (ie webserver).  I was
planning on picking up something along the lines of a P3-500 w/ 256MB of
RAM and running Squid on it as a web accelerator/proxy in addition to the
firewalling feautres.

The main campus networking person said that a P3-500 probably wouldn't
hold up to the load of saturated 100Mb lines and that I would be better
off purchasing a $10,000 router instead.  Ouch.  We currently don't come
close to saturating our 100Mb outside line (sitting at %2 usage now) and I
don't forsee that changing in the near to mid future.  I'm having a hard
time accepting that a P3-500 can't handle a fair amount of traffic but I
don't have any real world experience with this.  How much throughput can a
person expect from the above hardware?  What kinds of bottlenecks would a
person face and would there be any additional steps a person should take
to avoid those bottlenecks? 


James Thompson    138 Cardwell Hall  Manhattan, Ks   66506    785-532-0561 
Kansas State University                          Department of Mathematics