> Has anyone implemented such a firewall that is running at T3 speeds, or
> even at heavily loaded Ethernet speeds?
>
> And yes, some people have been asking for and seriously needing this high
> level of performance...
We do. In fact, we are soon going to step from ethernet speeds to ATM
at 622 Mbits/sec. Our firewall houses an Intel Paragon supercomputer
that set a record for the fastest MP linpack this year. To give you
an idea, it has 38 gigabytes of RAM, 330 gigabytes of internal disk,
and about 3,840 50Mhz processors. The network interfaces connected to
the outside world are currently ethernet to an external FDDI (stop
laughing please), and people are trying to ftp gigabytes of data back
to their remote site from this machine, so they can clearly use
greater bandwidth. This machine has several Hippi interfaces on the
machine that have been benchmarked at 800 Mbits/sec shipping data
out. Work is nearing completion on a proxy that will convert from the
Hippi to a new external ATM backbone. I have plans to hook the
authentication for this proxy into our firewall built from the TIS
toolkit. I would not be surprised to find this will be the highest
performing proxy-based firewall in existence. I have no clue what
kind of real performance to expect with TCP over ATM, because that is
a can of worms in itself that other people are working on.
Kevin McCurley
Sandia National Laboratories
References:
|
|
