Zitat von Javier Miguel Rodríguez <javier.miguel@xxxxxxxxxxxxxxxx>:
Hello
I have to built a FAST Linux firewall (12 gigabit ethernets), and I
need your advice
My current setup is ( I can change things if needed)
Compaq Proliant DL380g4 (1 xeon 3.6 ghz, with hyperthreading, pci-x
based, 1 gb ram)
2 broadcom gigabit ethernet cards (tg3 driver)
3 intel quad gigabit ethernet cards (e1000 driver)
I need to keep connection tracking, so nf-hipac is discarded. I will
use almost no logging.
My ruleset will be rather short: 500-600 lines, with SNAT/DNAT in
about 5% of these rules. Only ipv4 will
be used in this firewall setup.
I expect substained rates of 300-400 megabits on EACH gigabit
interface, with gigabit peaks. I also expect 40.000-50.000
concurrent connections (mainly http/smtp/dns traffic). I also expect
500-600 megabits of NATed traffic (to & from internet)
Never done such a setup but i would suggest you read
http://people.netfilter.org/kadlec/nftest.pdf
and
http://www.wallfire.org/misc/netfilter_conntrack_perf.txt
Regards
Andreas
