3

I am looking into alternatives to commercial firewall appliances.
Most of the resources available online describe home network firewalls or sub-gigabit networks. Considering than 10GbE is becoming the standard server connectivity, would it be possible to reach the same level of performance than specialised appliances using whiteboxes ?

The question is specific to the datacenter environment, which means:

  • Server grade hardware
  • 10 to 40GbE network

Additional requirements:

  • OpenSource operating systems
  • OpenSource firewalling software

I know that getting 10 Gbps out of a server is already pretty tough but is it possible to filter this amount of traffic without using specialized hardware ?
Would the latency be equivalent or at least in same order of magnitude than commercial appliances ?
Does some of you run this kind of setup in production ?
What are the pitfalls and things to know before starting ?

I rewrote the original question which was way to narrow:

Is it possible to run a firewall based on OpenBSD, in a datacenter network (10GbE or more) and get the same or better latency/bandwidth than appliances like Cisco ASA, Juniper SRX, etc...

ITChap
  • 183
  • 1
  • 8
  • `Most of the resources available online describe home network firewalls or sub-gigabit networks` - Really? – joeqwerty Feb 12 '15 at 14:56
  • Just found some good content on FreeBSD: http://bsdrp.net/documentation/technical_docs/performance – ITChap Feb 13 '15 at 06:11

1 Answers1

0

I doubt it. As far as I know, OpenBSD still lacks the proper SMP support, is still fighting the giant lock problem and still has PF without SMP suppport.

You should take a look at FreeBSD, which has these issues solved. Though implementing 10GBe+ network and services still requires more in-depth knowledge than Cisco/Juniper equipment.

drookie
  • 8,051
  • 1
  • 17
  • 27
  • The original question was way to narrow. But your answer on OpenBSD is still very interesting and in the scope. – ITChap Feb 12 '15 at 12:48