I'm looking for hardware to replace my current firewalls, and
my understanding is that Opteron gear is the way to go for pf
performance.
Clayton,
As Theo said there is not point in that. The only thing I could think of
really is put your money more into good network card, or hardware with
good built in nic, a single core processor would be best as the kernel
is not fully taking advantage of it yet. Sure getting better and better
all the time and as it looks like soon may be pretty good. Don't get me
wrong, it's not bad as is, but for firewall and router for example,
unless things have changed dramatically in the last two year, you still
best to have single core CPU for this type of setup.
You can send your money on more memory, but no point of going crazy here
either as to much will actually affect you adversely. The archive are
full of reference on that regards for both the multi core processor and
memory from Henning and a few others if my bad memory doesn't fail me to
much.
So, single core, put the money on speed instead of dual core or more,
good amount of memory, not crazy here and very good NIC will help you as
well. As for the rest, not as important really as OpenBSD really does
work well with pretty much what you through at it. But even a low
standard computer will do amassing results I must say. PF is pretty darn
well design and very efficient.
I love running it on Sun X1 server for example. Why, well, if very cheap
for one, small as well, 1U and 11 inch deep, two NIC built in and really
low on power requirements. Less the 13 Watts and I do put a Seagate 80GB
(ST380215A) or even better cache with 160GB (ST3160815A) new hard drive
in it, not that it's needed, but they are cheap too and quiet, low power
and run darn fast. You sure would be more the good with just a 10GB
anyway for PF only, but hard drives are cheap now and why not put a new
one as it most likely would be the first thing to go, if you forget the
power supply obviously, but my experience is more the drives that go
first for sure.
A side note on the drive size however, don't expect to be able to use
all of the 160GB. You are limited to 137GB, but still worth it.
This box makes a very strong and reliable firewall for years to come and
if it blow up, well, dump it in the trash as the cost of it is dirt
cheap, but the results are great and really doesn't cost much to run,
plus you get the benefit of console remote access as well on it.
I plug two of them with CARP setup and the console/serial ports
connected to one an other and this way I have ssh access to the console
access to the second server. (;> Just know it run Sparc64, not i386 type.
I can't think of a cheaper and better setup really for dual reliable PF
setup, low power and low cost with secure remote console access in small
box.
It's not your 3GHz server for sure, just 500MHz to 650MHz depending on
your model. Not sure if the 650MHz was in the X1, or just the V100, but
anyway, you can pass huge amount of data through that baby and it will
not break your wallets and that is a very nice place to recycle them if
you have a huge bunch of old one! (;> You can saturate your 100Mb NIC
there without breaking a sweat.
Hope this help you some as to what you think you need.
Best,
Daniel.
