New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@mnpeep
Vyatta or Mikrotik should have little problem handling that with the proper hardware. As far as a firewall solution, Mikrotik offers much more than Vyatta and would be my personal preference.
You should use either routerOS on X86 or get a larger routerboard like RB1100Hx2. The numbers they post as benchmarks are way off. You can divide them by 4-5 to get the actual throughput you will achieve(depends on how many IPs are in the routing table). Tested with 3 different boards and always get lower results.
Also, flood with spoofed IPs will kill it at even lower rates. You should ask your ISP to enable unicast reverse path forwarding or at least stop spoofed IPs from getting to the routing table in router os (In IP->Settings).
Yes, the numbers for some Routerboards are grossly inflated for the most part. Some have ports that are not connected directly to the CPU and will never push a full load regardless of packet size.
1+ for mikrotik / routerboard stuff in general
They taking over cisco in Indonesia in the last few years
if you familiar & comfortable with linux -> mikrotik
if you familiar with *BSD -> pfsense
Would this be good for >1GBit? (Vyatta)
eBay
Pfsense vs Vyatta?
I never try Vyatta, but seems quiet popular here,
I used to be pfsense user, but now I'm using Mikrotik,
for router/firewall - I like the Idea of having a non spinning device (aka no HDD), in my situation, most of the time problem comes from faulty HDD, and its not acceptable for my requirement.
You're still using a storage medium (flash / ssd), which can fail.
Probably, but maybe not at line rate. We used to have a very similar system (same CPUs) running 100Mbps @ ~20K PPS average with about 75 firewall rules on Mikrotik, it pulled around 15% CPU.
If you're looking for a firewall, Mikrotik would be the better choice as far as capabilities.
@mnpeep We talked about mission critical appliances in enterprise environments..not by EGI..
@Microlinux All CloudRouter from mikrotik have directly connected ports, e.g. CCR1036-12G-4S with 36 cores.
yes indeed, same risk, but compare to HDD, they also much faster, less power & smaller in size.
@graca what's your contingency plan? Flash drive and SSD?
I just duplicating all my important node/firewall/router, means that if I need 2 router, in reality I bought 4, 2 for backup.
in Mikrotik you can create script to sync your production conf to the backup device,
and manually swap it when needed. Or you can also configure it to handle automatic failed over scenario.
Mikrotik use NAND storage on their appliance, they usually around 64-128 Mb size, you wont need much storage on firewall / router. They also sell Disk on Module (DOM) with sata/IDE interface, pre installed with the latest OS/Firmware, in case you want to run it with stronger engine (server/desktop mobo).
While we've moved to the Vyatta commercial edition our community edition running on 2ghz octo cores dell 2950's ran just fine with Intel multiqueue cards. I've had DDOS in excess of 1GBPS and it barely registered on CPU load. Some others can cause issues, but as soon as you blackhole the destination it drops the load. It's never gone above 3 and I've had 1mpps DDOS attacks.
Commercial edition on the latest E5 Intels can handle 8MPPS per core.
@graca Some mikrotik routers having usb ports to add usb flash drives too.
I've decided to use pfsense since it uses FreeBSD, and blocks fragmented IPs automatically (which was my goal).
Thanks everyone!
Million Packets Per Second, that's of the smallest size as well.
I've got a friend who loves the Ubiquity stuff, certainly try it out