Date: Sat, 28 Apr 2001 17:48:40 -0400 From: Dennis <dennis@etinc.com> To: bsd@shell.coffey-web.net, <freebsd-isp@FreeBSD.ORG> Subject: Re: ipfw and ISP's. Message-ID: <5.0.2.1.0.20010428124409.0363c350@mail.etinc.com> In-Reply-To: <005a01c0cfec$1303c6e0$6401a8c0@bduross>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:03 AM 04/28/2001, bsd@shell.coffey-web.net wrote: >Hello, > I am new to the list as of today. I work for a small ISP in Michigan, we >have 2 T1's out to different providers in which we run BGP on a Cisco 3640. >My question is this: We are looking for a way to filter traffic (if needed, >due to an attack or similar) inbound or outbound to our network. I believe I >could do this with a dual nic configuration on a FreeBSD machine with ipfw. >Would the machine be able to handle the traffic? and if so, what kind of >specs would you reccomend for a machine to do 3mb/s of bandwidth? We have a >DS3 coming in the soon months, would the machine be able to handle even >that? Here is a diagram (in my great ascii skills.. :/) You might want to take a look at our FreeBSD based bandwidth management solution. We now have DOS filters (packet/second filters) , as well as an HTML based firewall and bandwidth management interface. Our boxes can handle up to 100K pps and full 100Mb/s. Of course if you have 100s of rules your mileage may vary. You may also want to consider running your DS3 right into the freebsd box...You can run the DOS filters and firewall right on the HSSI line. The problem with ciscos is that the DOS may trash the cisco (particularly lower end models), so your external firewall wont help much. see www.etinc.com for info. We have a new gigabit-capable box soon to be announced for super heavy duty tasks. Dennis >2 T1's ----------->Cisco 3640 -------->FreeBSD ipfw box -------->Cisco >3500XL Switch ------>rest of network(dialupandothers) > > Is this feasuble(sp)? Would appreciate any comments or reccomendations on >this topic. > >TIA, >Brian S. DuRoss >bsd@shell.coffey-web.net > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.0.20010428124409.0363c350>