options for 10gigabit firewall

P

physwm2501

n00b
Joined
Aug 3, 2011
Messages
8
I'm currently looking into what it would take hardware wise to get a 10gigabit firewall setup. Looking through the options it seems using 10 gigabit Ethernet would be the most cost effective over using fiber. Especially since the distances traveled are relatively short.

I'm currently being supplied with a 1 gigabit connection via fiber from my ISP but have been offered the option to upgrade to a 2.5 gigabit connection. The cost per month isn't much more but it seems the hardware needed to support the speed may be prohibitive.
 
You might be able to contain costs by running your firewall with 10G for upstream, and then lacp aggregated gigE on the backend. I think a switch capable of doing aggregation on gigE might be cheaper than one with any 10G port.

10G has come down in price a lot recently, but it's still spendy. :(
 
I agree with Physwm2501. LACP is going to be the most cost effective route for a 2.5 Gigabit connection.
 
physwm2501 said:
I'm currently looking into what it would take hardware wise to get a 10gigabit firewall setup. Looking through the options it seems using 10 gigabit Ethernet would be the most cost effective over using fiber. Especially since the distances traveled are relatively short.

I'm currently being supplied with a 1 gigabit connection via fiber from my ISP but have been offered the option to upgrade to a 2.5 gigabit connection. The cost per month isn't much more but it seems the hardware needed to support the speed may be prohibitive.
Click to expand...

You looking for a firewall that can handle 10Gbe NICs - or a firewall that can handle traffic at 10Gbe speeds, line rate with no drops? They are radically different things.

A pfSense box with X520 NICs will do 10Gbe connections. You could build such a thing for under $1,000. But it won't firewall at 10Gbe line rate even with beefy processors on it. But it should handle home/SMB loads of a 2.5Gbit ISP connection just fine.

For full line-rate firewalls at 10Gbe you are into big-iron. Juniper SRX, F5 Big-IP firewall, etc. $$$Big$$$.
 
I'd recommend sticking with 1gbps up/down, to be honest. At that speed, your main limitation is everyone else, not your own connection.

Even if your router/firewall could handle that speed, and it was hitting your switch at 10gbps (assuming 10gbps equipment), each of your clients is limited to 1gbps each (assuming a gigabit switch with 10gbps uplink).

You'd need to upgrade your entire network to 10gbps to see that performance boost to a single client, which gets very costly *fast*

What router / firewall are you currently running that'll handle even 1gbps when fully saturated?
The Edgerouter Lite can handle that for a few clients, but.... scaling up tends to run into problems.
 
iamwhoiamtoday said:
I'd recommend sticking with 1gbps up/down, to be honest. At that speed, your main limitation is everyone else, not your own connection.

Even if your router/firewall could handle that speed, and it was hitting your switch at 10gbps (assuming 10gbps equipment), each of your clients is limited to 1gbps each (assuming a gigabit switch with 10gbps uplink).

You'd need to upgrade your entire network to 10gbps to see that performance boost to a single client, which gets very costly *fast*

What router / firewall are you currently running that'll handle even 1gbps when fully saturated?
The Edgerouter Lite can handle that for a few clients, but.... scaling up tends to run into problems.
Click to expand...

While that's true, if the OP has a lot of clients, the extra throughput would then be beneficial. Point being, if you're going to only go to 2.5 gigabit, LACP really is your best bet.
 
My connection is currently fed into an asus ac68u, which handles all of the wan traffic on my home network. All wired LAN traffic is handled through a TP-LINK TL-SG3216 which is currently fully populated. I've been wanting to upgrade the ac68u and just use it as a wireless AP for awhile since it seems to be the weak link in my setup. The most I'm really doing is port forwarding a bunch of ports for varies services on my network. Since I am upgrading that portion of my network I'm wanting to future proof the setup as much as possible, especially since I can currently get up to 10gig from my service provider.

It's only $34 more a month to move from 1 to 2.5 gigabit so I'm only looking at preliminary options. I agree LACP is the most cost effective but I think the only connections my isp will deliver service is either over a fiber or single Ethernet line.

What is currently setup on my network is:
personal pc(LACP to switch)
NAS(LACP to swtich)
6 other wired pc's
6 game consoles
~15 wireless devices(phones, laptops, and tablets)
 
byusinger84 said:
I agree with Physwm2501. LACP is going to be the most cost effective route for a 2.5 Gigabit connection.
Click to expand...

LACP can only do 1Gb per stream MAX. The most you could pull with a client behind the firewall would be 1Gb. That said, 2.5 clients could each pull 1Gb before running out of bandwidth.
 
Save the money. As said even at 1gb the limitation is others not you. We run offices of 500+ users off a 1gb connection and solid QoS.
 
Apparently it's a non issue anyways, my isp just got back with me and said they would be replacing the switch and router with a 10 gibabit capable one if I decided to upgrade. For now I'll just look into upgrading the asus router, I'm out of addresses I can port forward anyways.
 
Mopower said:
Why even offer that speed when consumers can't even utilize it?
Click to expand...

To demonstrate that they have the capability and are willing to support it. I'm assuming only local companies are using the higher speeds. I'd much rather them offer too much at a competitive price then too little.

I'm well aware how useless 2.5g is unless I'm downloading 30 GB files 24/7. The only servers that max my 1g connection are larger company servers.
 
You must log in or register to reply here.
Back
Top