[AusNOG] SPAM-MED: Re: Firewall

Kristoffer Sheather @ CloudCentral kristoffer.sheather at cloudcentral.com.au
Wed Feb 25 12:34:22 EST 2015


We use (and sell, support, design, etc) dual-node 2U 'cluster-in-a-box' and quad-node 2U Quanta boxes (and storage + network hardware):
  
 Quanta STRATOS S810-X52LR dual-node cluster-in-a-box 2U server
 Quanta STRATOS S810-X52L quad-node 2U server
  
 The cluster in a box units are great for any system that you require high availability for such as storage, networking, etc.
 The quad node boxes are great for pretty much everything else.
  
 Transparency Disclosure: CloudCentral is the key Australian distributor / reseller for Quanta - see full list of resellers / distributors at http://www.quantaqct.com/product/manufacturer
  
  Regards,

Kristoffer Sheather
CloudCentral
  
 Mobile: +61 475 048 864 | Switch: +61 2 6160 7624 | Email: kris at cloudcentral.com.au
LinkedIn:   | Skype: kristoffer.sheather | Twitter: http://twitter.com/kristofferjon
   

----------------------------------------
 From: "Alex Samad - Yieldbroker" <Alex.Samad at yieldbroker.com>
Sent: Wednesday, February 25, 2015 10:47 AM
To: "Skeeve Stevens" <skeeve+ausnog at theispguy.com>
Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>, "ausnog at ausnog.net" <ausnog at ausnog.net>
Subject: SPAM-MED: Re: [AusNOG] Firewall   

I have to admit do like the looks of the new 2ru, 4 server ( 2 socket)  (sort of blade enclosure) Dell offering   

http://www.dell.com/au/business/p/poweredge-c6220-2/pd   

The spec only says 1G nic, but I was told they will come with 10G Nic.  

   

You could put a lot of routing / BGP peering  etc on there.  

   

   

Add this with  

   

https://www.lightbluetouchpaper.org/2015/02/23/maxwell/ . steps towards a unifying theorem  

   

it is definitely a wonderful time to be alive !  

   

      

From: skeeve at niisch.com [mailto:skeeve at niisch.com] On Behalf Of Skeeve Stevens
Sent: Wednesday, 25 February 2015 10:27 AM
To: Alex Samad - Yieldbroker
Cc: Sam Sarkis-UIP; ausnog at lists.ausnog.net; ausnog at ausnog.net
Subject: Re: [AusNOG] Firewall 

    

If you want pure speed and grunt, then physical boxes are the way to go.   

  

But, when you're requirements are less than a few gig, then yes, virtualised equipment is just fine. 

  

For example... in my offices in Asia, it was so damn hard to obtain/source equipment from distribution, taxes, bribes, delays, etc... we now longer sell Cisco/Juniper hardware. 

  

We deploy only easily to obtain server hardware - mostly Dell or HP, and put ESXi (looking at other options too), and run up vSRX (Firefly), vASA, vThunder and many other fully virtualised platforms. 

  

This enables the customers to get what they need in hours, and not weeks/months.  The last SRX240's I ordered in SE Asia had an ETA of 7 weeks... I mean, wtf?  Most have grace periods of licensing at 14-90 days, so the customer can run up things in an emergency.  They also get to control the grade of hardware redundancy they want - which is often good in some countries that do not even have SmartNet/JCare local services. 

  

If the customer wants serious redundancy, they can upgrade to full VMware at any time. 

  

I find going to 10Gb in these environments more challenging, but getting easier... but at the multi-gigabit capacity throughput, it works perfectly.  The only struggle initially was to get customers to accept a Juniper or Cisco with a HP Box on the front.  But at the end of the day, it can do everything (and way way more) than they ever could by using hardware - and much sooner. 

        

...Skeeve  

--  

Skeeve Stevens - The ISP Guy  

Email: skeeve at theispguy.com ; Twitter: @TheISPGuy   

Blog: TheISPGuy.com ; Facebook: TheISPGuy 

Linkedin: /in/skeeve ; Expert360: Profile 

    

On Tue, Feb 24, 2015 at 12:13 PM, Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com> wrote:    

Hi  

   

Interesting, I just went to VMUG yesterday, listen to a lot about NSX. Previously tried to stay away because of the enterprise licensing cost, but relooking at it again.  

   

I noticed nobody mentioned it in the hypervisor env  

Is anyone running soft routers (VMs/non Hardware) as an ISP/provider.  

   

I thinking you can't beat silicon for pure switching . routing ?? and then coupled with something further up the stack, does switching/routing on the host of a hypervisor make more sense ?  

   

A  

   

      

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Skeeve Stevens
Sent: Tuesday, 24 February 2015 10:17 PM
To: Sam Sarkis-UIP
Cc: ausnog at lists.ausnog.net; ausnog at ausnog.net
Subject: Re: [AusNOG] Firewall 

    

Sounds like an odd request... you mean it MUST be a Server based Firewall?   

  

If that is an issue, get around it by going VMware and using vASA or vSRX? 

        

...Skeeve  

--  

Skeeve Stevens - The ISP Guy  

Email: skeeve at theispguy.com ; Twitter: @TheISPGuy   

Blog: TheISPGuy.com ; Facebook: TheISPGuy 

Linkedin: /in/skeeve ; Expert360: Profile 

    

On Mon, Feb 23, 2015 at 9:09 PM, Sam Sarkis-UIP <ssarkis at unitedip.net.au> wrote:    

   

Hi All,  

   

I know this is strange but we have a specific requirement for a customer.  

   

Does anyone know or recommend a firewall / UTM software that can be installed on an existing Windows, Redhat, SuSE, or Centos Server.  

   

We would prefer a commercial package.   

   

We cannot overwrite the existing os and have to work within any of the above mentions platforms only.  

   

Kind Regards  

   

Sam  

   

   

  

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog 

  

  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150225/04d1cb59/attachment-0001.html>


More information about the AusNOG mailing list