Great Circle Associates Firewalls
(January 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Bastion host sizing
From: <mark_kadrich @ ins . com> (Mark S. Kadrich)
Date: Mon, 16 Jan 1995 14:45:32 -0800
To: mcfowler @ corp . rockwell . com (Mark C. Fowler), firewalls @ GreatCircle . COM 
At 01:09 PM 1/10/95 +0800, Mark C. Fowler wrote:
>I've been asked what kind of UNIX machine we should get for our
>bastion host.  I've been told by our network hardware people to size
>it for a T1 rate of throughput.  We have a T1 connection to the Internet
>but does that really mean that the bastion host should expect
>1.544 megabits per second?
This depends on your traffic analysis.  What % of traffic is in vs out and
what % of traffic must stop at the bastian?  Assuming that the T1 feeds a
router and that this router feeds your bastian, annnd there is nothing else
on the wire, you should have plenty of room.
>
>I expect that the machine will be running some proxy software (I can't
>be anymore specific at the moment), anonymous FTP service (read only),
>httpd (probably NCSA's but this could change), and an authentication
>server (not sure which one).
>
>I would like some information about the performance of various
>brands/models/configurations of UNIX machines that are used as bastion hosts.
>I really have no idea what size of machine to get.  Can we get away
>with a PC-AT running Coherent or do we need the latest 64-bit monstrosity?
>How much memory and disk?  Is one brand's ethernet throughput better than
>another's?  Does that really matter?  Etc., etc., etc.
Disk size depends on how often you want to deal with -routine- sysadmin
stuff, like off loading old data, and which services you plan to support.
Expect 75M/day for netnews alone.  For a cycle time of one month and a
resonable surge capacity, a 3G disk sounds suitable.  RAM depends on what
type and which kind of executables you are running.  The same argument can
be used to determine required processor bandwidth.  You must be more
specific with your requirements before an accurate -estimate- can be made.
As far as the interface question is concerned I believe the answer is yes. I
believe that most PC type NICs hover at 1M/s effective xput.  Just remember
that figures don't lie but liers figure...
>
>
>Mark Fowler
>Rockwell
>mcfowler @
 corp .
 rockwell .
 com
>
>
******************************************************************
Mark S. Kadrich, Systems Engineer, International Network Services
"The Power of Operable Networks"
Voice @ 415-254-4225, Page @ 1-800-759-7243; PIN 879-5783
e-mail @ kadrich @
 uni .
 ins .
 com
Security is a process, not a solution.
******************************************************************
Indexed By Date Previous: Re: "C2" and other two letter combinations.
From: rmck @ sandfiddler . paragon-systems . com (Bob McKisson)
Next: Re: This is what I suspected
From: somewhere!sjg @ zen . void . oz . au
Indexed By Thread Previous: Bastion host sizing
From: mcfowler @ corp . rockwell . com (Mark C. Fowler)
Next: Anything you can do.
From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Google
 
Search Internet Search www.greatcircle.com