RE: Is Linux based Gateway/Firewall feasible

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'd like to chime in here considering I brought this topic up a few years ago. From a standpoint of routing data from one subnet to another with high speed serial interfaces etc.. nothing beats a cisco. Cisco routers have special ASIC(application specific intergrated circuits) that do nothing but routing and other features.

Now from a firewall standpoint, this is were Linux really shines. Cisco PIX firewalls are all based on Intel processors (even celeron) and PC architecture. So any machine with a 1ghz and gig of memory should out perform any PIX firewall. One thing PIX does bring to the table is failover but its expensive. I think any properly configured Linux cluster could give PIX failover a run for there money. Price a PIX 525 to a redundant Dell or HP slimline with Linux and I think you will be surprised.

-Mike


From: Sudheer Divakaran <sudheer@xxxxxxx>
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Is Linux based Gateway/Firewall feasible
Date: Thu, 08 Jul 2004 17:40:33 +0530

Hi,

I've a local LAN consisting of about 150 machines. I'm using a machine with Linux + IPTables as the gateway machine which inturn connects to two different ISPs. My question is can a Linux based machine match the performance of a hardware based routers provided by Cisco,... OR is my decision to go for a Linux based solution is a wrong one?.

Is there so much difference between these two solutions?

Can I achieve the same performance using a high end PC and Linux?

I'm asking this because one guy told me that my decision to go for a Linux based solution is a wrong one and it can never match the performance of hardware based Routers.

Thanks
Sudheer




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux