[AusNOG] Firewall

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Wed Feb 25 11:14:52 EST 2015 

Usually depends on packet size. It has been quite common that link speed has been higher and sometimes a lot higher than the forwarding capacity of a device.
      From: Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com>
 To: Skeeve Stevens <skeeve+ausnog at theispguy.com> 
Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>; "ausnog at ausnog.net" <ausnog at ausnog.net> 
 Sent: Wednesday, 25 February 2015, 10:45
 Subject: Re: [AusNOG] Firewall
   
 <!--#yiv0551130480 _filtered #yiv0551130480 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv0551130480 {font-family:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}#yiv0551130480 #yiv0551130480 p.yiv0551130480MsoNormal, #yiv0551130480 li.yiv0551130480MsoNormal, #yiv0551130480 div.yiv0551130480MsoNormal {margin:0cm;margin-bottom:.0001pt;font-size:12.0pt;font-family:"Times New Roman", "serif";}#yiv0551130480 a:link, #yiv0551130480 span.yiv0551130480MsoHyperlink {color:blue;text-decoration:underline;}#yiv0551130480 a:visited, #yiv0551130480 span.yiv0551130480MsoHyperlinkFollowed {color:purple;text-decoration:underline;}#yiv0551130480 p {margin-right:0cm;margin-left:0cm;font-size:12.0pt;font-family:"Times New Roman", "serif";}#yiv0551130480 p.yiv0551130480MsoAcetate, #yiv0551130480 li.yiv0551130480MsoAcetate, #yiv0551130480 div.yiv0551130480MsoAcetate {margin:0cm;margin-bottom:.0001pt;font-size:8.0pt;font-family:"Tahoma", "sans-serif";}#yiv0551130480 span.yiv0551130480EmailStyle18 {font-family:"Calibri", "sans-serif";color:#1F497D;}#yiv0551130480 span.yiv0551130480BalloonTextChar {font-family:"Tahoma", "sans-serif";}#yiv0551130480 .yiv0551130480MsoChpDefault {font-family:"Calibri", "sans-serif";} _filtered #yiv0551130480 {margin:72.0pt 72.0pt 72.0pt 72.0pt;}#yiv0551130480 div.yiv0551130480WordSection1 {}-->I have to admit do like the looks of the new 2ru, 4 server ( 2 socket)  (sort of blade enclosure) Dell offering http://www.dell.com/au/business/p/poweredge-c6220-2/pd The spec only says 1G nic, but I was told they will come with 10G Nic.    You could put a lot of routing / BGP peering  etc on there.       Add this with    https://www.lightbluetouchpaper.org/2015/02/23/maxwell/ … steps towards a unifying theorem    it is definitely a wonderful time to be alive !       From: skeeve at niisch.com [mailto:skeeve at niisch.com]On Behalf Of Skeeve Stevens
Sent: Wednesday, 25 February 2015 10:27 AM
To: Alex Samad - Yieldbroker
Cc: Sam Sarkis-UIP; ausnog at lists.ausnog.net; ausnog at ausnog.net
Subject: Re: [AusNOG] Firewall    If you want pure speed and grunt, then physical boxes are the way to go.    But, when you're requirements are less than a few gig, then yes, virtualised equipment is just fine.    For example... in my offices in Asia, it was so damn hard to obtain/source equipment from distribution, taxes, bribes, delays, etc... we now longer sell Cisco/Juniper hardware.    We deploy only easily to obtain server hardware - mostly Dell or HP, and put ESXi (looking at other options too), and run up vSRX (Firefly), vASA, vThunder and many other fully virtualised platforms.    This enables the customers to get what they need in hours, and not weeks/months.  The last SRX240's I ordered in SE Asia had an ETA of 7 weeks... I mean, wtf?  Most have grace periods of licensing at 14-90 days, so the customer can run up things in an emergency.  They also get to control the grade of hardware redundancy they want - which is often good in some countries that do not even have SmartNet/JCare local services.    If the customer wants serious redundancy, they can upgrade to full VMware at any time.    I find going to 10Gb in these environments more challenging, but getting easier... but at the multi-gigabit capacity throughput, it works perfectly.  The only struggle initially was to get customers to accept a Juniper or Cisco with a HP Box on the front.  But at the end of the day, it can do everything (and way way more) than they ever could by using hardware - and much sooner. 
 
...Skeeve 
-- Skeeve Stevens - The ISP Guy Email: skeeve at theispguy.com ; Twitter: @TheISPGuy Blog: TheISPGuy.com ; Facebook: TheISPGuy Linkedin: /in/skeeve ; Expert360: Profile    On Tue, Feb 24, 2015 at 12:13 PM, Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com> wrote: Hi   Interesting, I just went to VMUG yesterday, listen to a lot about NSX… Previously tried to stay away because of the enterprise licensing cost, but relooking at it again.   I noticed nobody mentioned it in the hypervisor env Is anyone running soft routers (VMs/non Hardware) as an ISP/provider.   I thinking you can’t beat silicon for pure switching … routing ?? and then coupled with something further up the stack, does switching/routing on the host of a hypervisor make more sense ?   A     From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net]On Behalf Of Skeeve Stevens
Sent: Tuesday, 24 February 2015 10:17 PM
To: Sam Sarkis-UIP
Cc: ausnog at lists.ausnog.net;ausnog at ausnog.net
Subject: Re: [AusNOG] Firewall   Sounds like an odd request... you mean it MUST be a Server based Firewall?   If that is an issue, get around it by going VMware and using vASA or vSRX? 
 
...Skeeve 
-- Skeeve Stevens - The ISP Guy Email: skeeve at theispguy.com ; Twitter: @TheISPGuy Blog: TheISPGuy.com ; Facebook: TheISPGuy Linkedin: /in/skeeve ; Expert360: Profile   On Mon, Feb 23, 2015 at 9:09 PM, Sam Sarkis-UIP <ssarkis at unitedip.net.au> wrote:   Hi All,   I know this is strange but we have a specific requirement for a customer.   Does anyone know or recommend a firewall / UTM software that can be installed on an existing Windows, Redhat, SuSE, or Centos Server.   We would prefer a commercial package.    We cannot overwrite the existing os and have to work within any of the above mentions platforms only.   Kind Regards   Sam       
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog      
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog


  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150225/46ab0c15/attachment-0001.html>

More information about the AusNOG mailing list