Question about high perfomance Linux firewall
Javier Miguel Rodríguez
javier.miguel at talika.eii.us.es
Mon Sep 5 20:36:23 CEST 2005
I have to built a FAST Linux firewall (12 gigabit ethernets), and I need
My current setup is ( I can change things if needed)
Compaq Proliant DL380g4 (1 xeon 3.6 ghz, with hyperthreading, pci-x
based, 1 gb ram)
2 broadcom gigabit ethernet cards (tg3 driver)
3 intel quad gigabit ethernet cards (e1000 driver)
I need to keep connection tracking, so nf-hipac is discarded. I will use
almost no logging.
My ruleset will be rather short: 500-600 lines, with SNAT/DNAT in about
5% of these rules. Only ipv4 will
be used in this firewall setup.
I expect substained rates of 300-400 megabits on EACH gigabit interface,
with gigabit peaks. I also expect 40.000-50.000
concurrent connections (mainly http/smtp/dns traffic). I also expect
500-600 megabits of NATed traffic (to & from internet)
Which gigabit ethernet card is more suitable for high perfomance
filtering? Any special advice
about linux distro/ kernel tuning?
Thank you for your support
More information about the netfilter