Yo all, I'm finally starting a project where I need to build a front-end network that'll allow us to push up to (eventually) 10 gigabits of outbound internet traffic, made up of non-jumbo frame packets. Currently we push between 150,000 and 200,000pps. Our current firewalls running 3.8 i386 and em cards are maxing out now.
I have gigabit fiber ethernet feeds, and can get 10 gigabit drops as well. I need redundancy, I'd like to run BGP. We use PF round-robin for high speed L4 LB, but nothing else too special. Everything else is open right now; I'll be buying multiple hardware platforms, CPUs, motherboards, network cards, and testing them all thoroughly for packet rates with/without PF rulesets. My question is; how the hell do I scale this? What good approaches are there to getting a front end network to scale, be redundant, maybe run BGP, and not be a huge pain in the ass to manage? I'd much rather continue sending resources to OpenBSD instead of shelling out for a pair of huge, expensive routers. Any good input is greatly appreciated; trolling not so much. Yes I've read all of the PF docs, the PF series on undeadly, the OpenBGP slides, etc. Thanks, -Dormando
