Goodday,

Looking to manage several webservers I am wondering if anybody uses 
something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ?
(That image shows Wim's net4801-50 plus quadport lan1641 firewall box, 
giving 7 ports with low powerconsumption - on OpenBSD)

The standard choice in my datacenter (linux users mostly) seems to be HP 
Procurve but I'd prefer the power of PF.

I have no idea how rigid /stable/fast the Soekris machines are, I've 
never used one.
I'm wondering if a setup as mentioned could (speedwise) compete and if 
it is a sane idea to deploy something like this in the DC.

Any advise is appreciated. Thanks.

Matt

If you are looking for raw networking performance, don't go for soekris.
I don't know exactly the 4801, but I use a couple of 4501 as firewalls and
IPSec-Routers for connections of up to 5 MBit/sec. Seeing the specs of
the 4801 and knowing the 4501, I wouldn't use them for more than about
40-50 Mbit/sec. There are people on this list, who have more experience
with the 4801. BUT you have to test for yourself if it fits your needs, and
your performance depends a lot on your setting.


--knitti

they're most likely switches. (Vantronix have a module for HP 5300xl

I feel 40-50M would be pushing it, given that you might like some
overhead to allow for occasional heavy numbers of packets. 5501
might do better (maybe with a nic rather than the on-board vr).

I'd normally prefer a standard amd64/i386 box for a datacentre
firewall though. I may change my mind when the net7501 eventually
surfaces...

...that is the point. especially the pps rate and the estimated
concurrent TCP sessions (concurrent visitors on the website) are
important. a net4801 is able to handle more than 60MBit/s, but the

for the record:

the net5501 is ok and the performance is much better. there was just
some more work in the past to fix and optimize the sis driver and to
tune OpenBSD support for the 45xx/48xxx. some more work needs to be

and it would be great to have soekrises with redundant power supplies ;)
it is not just the performance.

reyk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I was just about to ask about this. I've been very happy with Nexcom
1563s as pf firewalls, especially with the disk-on-chip. No moving parts
is good. (And thanks misc@ for this recommendation.)

But the Nexcoms have only 100Base-T interfaces and now I've got a
requirement for gig boxes in a couple of data centers.

Any recommendations for carp/pfsync hardware with these specs on each box?

- - at least 3 x 1000Base-T (mandatory)
- - disk on chip if possible (not mandatory)
- - fanless (not mandatory)
- - rack-mountable (not manadatory)

Any reasonable RAM and CPU speed considered, in the context of pushing
traffic at ~100-300 Mbit/s.

Or am I better off just buying el cheapo PCs and relying on carp and
pfsync for redundancy?

thanks

dn
iD8DBQFHOLiRyPxGVjntI4IRAp1hAJ9Uy0cbbip3EEXIlQ+Nnzlqr21ECwCg18g5
vDFGHhVj2htXbuEGqfgXFRY=
=wNZl
-----END PGP SIGNATURE-----

I have been very pleased with my FWA-9106 from iBASE.
http://www.ibt.ca/v2/items/fwa9106/index.html

Mine have P4 CPU at 3.2GHz and 1GB of DDR400 (can take up to 4GB)
NICs are 4 msk (Marvell 8053) and 2 em (Intel  82541) interfaces.
There is also two PCI slots at the back and I believe a third at the front.

/Jason