In comp.security.firewalls you write:
>Not disputing the fact, but I would be concerned about scalability issues.
>From what I understand, Borderware is a PC solution. A PentiumPro may only be
>able to handle that much load as an enterprise-wide gateway, whereas a
>firewall run on a scalable platform (ie. RS/6000, SunSparc, DEC) will probably
>offer more horsepower and upgradeability.
I don't know too much about how the software scales (OS, Firewall SW
itself) for Borderware, but it looks like reasonably modern PC-based
hardware can compete pretty well in the internet server business,
shoving data around at speeds faster than Ethernet. Take Walnut Creek
CDROM's ftp and www server:
Quoting config from WC's documentation
(the whole thing is on ftp://cdrom.com/config):
----
wcarchive.cdrom.com is an Intel architecture PC machine running the FreeBSD
operating system.
[...]
One 150Mhz P6 CPU ("Pentium Pro")
512MB of main memory (72pin, 16M x 36bits x 60nsec SIMMS X 8)
3 Adaptec AHA-2940 PCI SCSI controllers
1 SMC 9332 (DEC DC21140 based) PCI 100Mbps Fast Ethernet controller
18 attached SCSI drives of various types, typically 4.3GB.
These are all standard SCSI-II drives, all from Quantum and Seagate.
No special RAID controller hardware or WIDE drives are used.
[...]
Our connection to the Internet is via a 100Mbps Fast Ethernet channel that
connects directly to a core router which in turn connects to several major
points on the Internet via multiple T3s.
More than 25,000 people visit wcarchive each day, and wcarchive sends out
more than 2 terabytes of files each month (as of April, 1996), limited mostly
by the Internet backbone.
[...]
------
Now some data Jordan Hubbard posted this spring:
I thought people would be amused to see the load at the >1000 user
scenario:
jkh @
wcarchive-> ftpcount
Service class mirror-ftpserv - 0 users ( 10 maximum)
Service class mirror-freebsd - 0 users ( 10 maximum)
Service class mirror-linux - 0 users ( 10 maximum)
Service class mirror-demos - 0 users ( 10 maximum)
Service class mirror-os2 - 0 users ( 10 maximum)
Service class mirror-upl - 0 users ( 10 maximum)
Service class mirror-test - 0 users ( 10 maximum)
Service class local - 0 users ( 10 maximum)
Service class remote - 2 users ( 10 maximum)
Service class anonymous - 1012 users (1250 maximum)
jkh @
wcarchive-> top
load averages: 12.18, 9.51, 7.99 14:48:20
1128 processes:9 running, 1118 sleeping, 1 zombie
Cpu states: 13.5% user, 0.0% nice, 27.3% system, 19.9% interrupt, 39.4% idle
Memory: 307M Active, 2356K Inact, 50M Wired, 129M Cache, 676K Free
Swap: 819M Total, 804M Free, 2% Inuse
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
82 root 2 0 180K 268K sleep 300:12 2.71% 2.71% syslogd
23487 root 2 0 464K 320K sleep 0:15 1.83% 1.83% ls
22605 dave 2 0 7324K 7636K sleep 0:31 1.18% 1.18% perl
28761 jkh 85 0 1464K 1596K run 0:00 2.19% 0.65% top
28176 root 2 0 700K 460K sleep 0:00 0.54% 0.53% ftpd
28775 root 2 0 592K 448K sleep 0:00 3.83% 0.53% ls
28772 root 2 0 700K 440K sleep 0:00 2.31% 0.42% ftpd
28773 root 2 0 680K 428K sleep 0:00 2.31% 0.42% ftpd
28784 root 2 0 680K 424K sleep 0:00 8.59% 0.42% ftpd
28754 root 2 0 680K 440K sleep 0:00 1.04% 0.34% ftpd
28714 root 2 0 700K 448K sleep 0:00 0.61% 0.31% ftpd
28749 root 2 0 680K 440K sleep 0:00 0.92% 0.31% ftpd
28710 root 2 0 680K 424K sleep 0:00 0.58% 0.31% ftpd
26718 www 2 0 684K 440K sleep 0:00 0.27% 0.27% httpd
28763 root 2 0 680K 428K sleep 0:00 1.03% 0.27% ftpd
Sometimes this machine just amazes me.. :-)
Jordan
----
I know this kind of serving can't be directly compared to the type of
load a firewall gateway takes, there's issues of actual hardware
reliability, maintainability, *ility, etc. But dismissing any solution
solely upon one aspect of a system such as hardware is IMO not the way
to go.
>Note: I really hope this doesn't become a "My-Firewall-Is-Better-Than-Your-
>Firewall" discussion. Different solutions for different requirements...
Nah, merely a "my-dick-is-larger-than-yours" one.
Michael
--
Michael Elbel, DITEC, Muenchen, Germany - me @
muc .
ditec .
de
Fermentation fault (coors dumped)
|
|
