[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: routing and pf at 10Gbps
From:       Joel Wiramu Pauling <aenertia () aenertia ! net>
Date:       2010-02-11 19:47:29
Message-ID: 5a658e8f1002111147t39f10157y5a84ba6fc070bf47 () mail ! gmail ! com
[Download RAW message or body]

Alcatel-Lucent do a AA-ISA card plugin module for their 7750 range of
routers. Which enables you to do filtering at 50GB (and scale it up to
800GB) per 12U router.

Having recently investigated this segment for work. Allot,
Sonicwall(which is a Linux Variant) and a few others are running FOSS
firewalls filtering appliances at 10GB+ and it's not just the router
vendors (nortel, cisco, junper,alcatel) that do that sort of speed
these days. I can't comment on the hardware blobs that may also be
involved in these, as Diana says they will have FPGA's under a
freeOS... i.e JunOS is essentially 4.4 BSD with a bunch of Juniper
FPGA drivers.

-JoelW



On 12 February 2010 04:54, Diana Eichert <deichert@wrench.com> wrote:
> On Wed, 10 Feb 2010, Mike Williams wrote:
>
>> Really, nobody firewalls at multi-Gbps?
>
> yes, people run firewalls on 10G circuits
>
> I am not aware of anyone filtering at 10G who is using off the shelf
> hardware, with open source O/S.
>
> Large enterprises use either commercial firewalls, for example
> Juniper Netscreens, or build systems using FPGA cards with locally
> produced code.
>
> Either way the filtering is done in hardware.
>
> In my experience the Netscreen 5x00 firewalls sold with 10G cards and MGT3
> card can not do line rate 10G, though it was marketed as capable of 10G
> filtering. B The newer, ie more expensive Juniper
> SRX firewalls supposedly can do it. B They are based on Juniper
> heavy iron routers.
>
> diana

[prev in list] [next in list] [prev in thread] [next in thread]