FreeBSD router - large scale
Svein Skogen (Listmail Account)
svein-listmail at stillbilde.net
Fri May 28 11:32:02 UTC 2010
On 27.05.2010 17:00, Kevin Wilcox wrote:
> Hello everyone.
>
> We're in the very early stages of considering [Free|Open]BSD on
> commodity hardware to handle NAT *and* firewall duties for (what I
> consider to be) a sizable deployment. Overall bandwidth is low, only a
> gigabit connection, but we handle approximately fifteen thousand
> devices. DHCP and DNS would be passed through to other servers, this
> hardware would only be responsible for address translation and pf.
>
> I've done this on a very, very small scale (small/home office, small
> business) but I'm curious how many other folks are doing it on this
> scale, the hardware they are running on and any "gotchas" they may
> have faced. Does pf on FreeBSD take advantage of multiple cores/SMP?
> Is it preferable, as with OpenBSD, to go for a very stout processor
> without much consideration to cores? Would freebsd-net@ be a better
> place to ask this?
>
> I'm getting ready to start digging in to memory and other resources
> needed based on available documentation but real-world usage is much
> preferred to my academic assessment.
>
Actually, I'd find an answer from the FreeBSD Networking gurus useful as
well. My trusted Cisco 3640 is getting old (had it's
ten-years-of-service birthday a little while ago), so I guess I must be
prepared to replace it with something new. Preferrably something that
can do proper NAT port mapping to the inside servers in an
RFC1918-adressed DMZ, proper NAT mapping for the client net, incoming
VPDN (virtual private dialin network, such as PPTP+MPE and L2TP+IPSEC
tunelling), sane IDS in the border-gateway, GRE or IPinIP tunelling with
crypto for remote-sites, etc
If somebody has a good starting-point for documentation on these
features, I'm more than willing to "do a procject on it" to create a
mini-howto/handbook-section on "setting up FreeBSD as your border
gateway", provided I have someone to ask when the documentation is ...
flaky. ;)
It would be interesting to see what kind of performance modern hardware
could get, compared to dedicated hardware a decade old. :)
//Svein
--
--------+-------------------+-------------------------------
/"\ |Svein Skogen | svein at d80.iso100.no
\ / |Solberg Østli 9 | PGP Key: 0xE5E76831
X |2020 Skedsmokorset | svein at jernhuset.no
/ \ |Norway | PGP Key: 0xCE96CE13
| | svein at stillbilde.net
ascii | | PGP Key: 0x58CD33B6
ribbon |System Admin | svein-listmail at stillbilde.net
Campaign|stillbilde.net | PGP Key: 0x22D494A4
+-------------------+-------------------------------
|msn messenger: | Mobile Phone: +47 907 03 575
|svein at jernhuset.no | RIPE handle: SS16503-RIPE
--------+-------------------+-------------------------------
If you really are in a hurry, mail me at
svein-mobile at stillbilde.net
This mailbox goes directly to my cellphone and is checked
even when I'm not in front of my computer.
------------------------------------------------------------
Picture Gallery:
https://gallery.stillbilde.net/v/svein/
------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100528/6ce2879f/signature.pgp
More information about the freebsd-questions
mailing list