In article <9510261248 .
AA05515 @
oanews .
ans-relay>, you write:
|>
|> I have been reading discussions on the pros & cons of using a
|> PC vs a 'real' workstation for the firewall. My long-winded
|> question is Should I even consider using a PC for a firewall
|> system (in particular with Guantlet) or will it get bogged down?
|> My plans are to have a Cisco - Guantlet - Cisco config protecting
|> my internal network and use the Guantlet as a proxy server (for
|> the internal users to have Telnet, FTP, and maybe web browsing) and
|> to let in mail to my SMTP gateway inside.
Larry,
The answer to your question is a resounding "it depends on your
traffic mix, distribution and load". Answering these type of performance
related issues is difficult for anyone without knowing (at least) how much
e-mail and HTTP transactions will occur at peak load, how often large data
files will be ftp'ed, and are you talking about hundreds of concurrent
telnet session during all this other stuff.
>From my experiences, the protocols that will most quickly kill a box are
those that require lots of process to handle the load, due to the load of
process creates/deletes and context switches required. Then heavy loads of
big file transfers and encryption will stress your CPU and networking code
(got enough mbuf space for the interfaces?). As you can tell there's lots
of issues here.
|>
|> Thanks for any/all advice.
|>
My advice (since you asked ;-)) is why plan for today's load when you know
that tomorrows will be much greater (particularly web use). Smaller
machines (like PCs and low-end workstations) can become overwhelmed by very
heavy web use, or very heavy mail use particularly if other protocols are
also being stressed. Bottom line is you need to understand and quantify
your traffic needs for tomorrow (peak time) and let that dictate the
decision.
Paul
|> <>----------------------------------------------------<>
|> <> Larry Resch <>
|> <> lresch @
relay .
nswc .
navy .
mil <>
|> <> <>
|> <> My thoughts are mine alone, and do not necessarily <>
|> <> reflect the thoughts of those for whom I work. <>
|> <>----------------------------------------------------<>
--
____________________________________________________________________________
Paul Sangster
ANS Senior Software Engineer
1875 Campus Commons Dr. sangster @
reston .
ans .
net
Suite 220, Reston VA 22091 (703) 758-7706
____________________________________________________________________________
|
|
