Thanks to all the list members who responded.
Below are some responces that did not get posted on the list but I found
very informative. The author ID's have been stripped since they did not
post to the
lists.
-------------
Briefly - but on a 486 - with the obvious problems of CPU slowness, but
it worked....I think 1.5mb will be a bit much - we also had no cache on
the system, but 32mb RAM.
I would sooner see you do it on a SS5 - bus performance is better and
x86
often suffers from driver inefficiencies....you may find a 200mhz
Pentium Pro
looks good, but the talking to RAM, Cache, Disk and Ethernet may not be
as
optimal....but I could stand corrected.
--------------
I tested a 3 legged DMZ using a P133, Solaris 2.5 vanilla, and a COGENT
card, it pegged SYS CPU use with 100 mbps but handled 10 mbps (and our
theoretical T1 transaction rate) with headroom to spare. 10 mbps CPU
use avg. around 40% as I recall. YMMV. FW-1, of course... ;-)
-------------- Another mentioned an interesting consideration:
With the S24 adapter, you can use all three Sbus slots for Quad
cards, bringing the total to 13. The biggest problem however,
is Solaris' inability to route subnet not directly connected.
We may have to wait for 2.6 to get that.
-------------- This puts it in perspective:
A pentium 133 and above is closer to a Sparc 20 then a Sparc5. In
everthing
except floating point operations.
However, you can't beat the quad ethenet board. If speed is an issue, 6
interfaces and one processor might be on the short end of the stick. If
I had
the money I would go with a dual cpu machine to support that many
ethernets.
I would also stay away from the onboard ethernet controller. It is not
buffered as well as the quad ethernet board.
---------------
> From: sthaug @
nethelp .
no
> Subject: Re: SOLARIS x86 as firewall platform?
>
> Why do you think Pentiums are limited this way? There are several companies
> that make 4-port PCI Ethernet cards, for instance ZNYX and Cogent.
Great! Thanks for the pointer. I'm off to Switchboard to find company
contact info!
Sounds like good system configuration may be more important than CPU
platform for our particular application (Now where did I hear that
before... :).
--
Adam Safier asafier @
csc .
com
CSC-SED-Infosec (301) 794-1349
If someone does not reply to the list they probably don't want their
name bandied about. If you repost a private reply edit it so ID info is
removed.
Technology Abuse: Netscape Frames on a 14" screen.
The above are my own opinions,
and I'm proud to live in a country where I'm free to express them!
|
|
