[AusNOG] SPAM-MED: Re: Firewall
Kristoffer Sheather @ CloudCentral
kristoffer.sheather at cloudcentral.com.au
Wed Feb 25 12:41:42 EST 2015
You can get these with 10G-BASE-T (LOM, mezzanine and PCI-e adaptors) & SFP+ (mezzanine and PCI-e adaptors).
In our case we use 10G SFP+ mezzanine and Intel X520-DA2 PCI-e adaptors. Each use the Intel 82599 ethernet controller.
Regards,
Kristoffer Sheather
CloudCentral
Mobile: +61 475 048 864 | Switch: +61 2 6160 7624 | Email: kris at cloudcentral.com.au
LinkedIn: | Skype: kristoffer.sheather | Twitter: http://twitter.com/kristofferjon
----------------------------------------
From: "Alex Samad - Yieldbroker" <Alex.Samad at yieldbroker.com>
Sent: Wednesday, February 25, 2015 10:47 AM
To: "Skeeve Stevens" <skeeve+ausnog at theispguy.com>
Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>, "ausnog at ausnog.net" <ausnog at ausnog.net>
Subject: SPAM-MED: Re: [AusNOG] Firewall
I have to admit do like the looks of the new 2ru, 4 server ( 2 socket) (sort of blade enclosure) Dell offering
http://www.dell.com/au/business/p/poweredge-c6220-2/pd
The spec only says 1G nic, but I was told they will come with 10G Nic.
You could put a lot of routing / BGP peering etc on there.
Add this with
https://www.lightbluetouchpaper.org/2015/02/23/maxwell/ . steps towards a unifying theorem
it is definitely a wonderful time to be alive !
From: skeeve at niisch.com [mailto:skeeve at niisch.com] On Behalf Of Skeeve Stevens
Sent: Wednesday, 25 February 2015 10:27 AM
To: Alex Samad - Yieldbroker
Cc: Sam Sarkis-UIP; ausnog at lists.ausnog.net; ausnog at ausnog.net
Subject: Re: [AusNOG] Firewall
If you want pure speed and grunt, then physical boxes are the way to go.
But, when you're requirements are less than a few gig, then yes, virtualised equipment is just fine.
For example... in my offices in Asia, it was so damn hard to obtain/source equipment from distribution, taxes, bribes, delays, etc... we now longer sell Cisco/Juniper hardware.
We deploy only easily to obtain server hardware - mostly Dell or HP, and put ESXi (looking at other options too), and run up vSRX (Firefly), vASA, vThunder and many other fully virtualised platforms.
This enables the customers to get what they need in hours, and not weeks/months. The last SRX240's I ordered in SE Asia had an ETA of 7 weeks... I mean, wtf? Most have grace periods of licensing at 14-90 days, so the customer can run up things in an emergency. They also get to control the grade of hardware redundancy they want - which is often good in some countries that do not even have SmartNet/JCare local services.
If the customer wants serious redundancy, they can upgrade to full VMware at any time.
I find going to 10Gb in these environments more challenging, but getting easier... but at the multi-gigabit capacity throughput, it works perfectly. The only struggle initially was to get customers to accept a Juniper or Cisco with a HP Box on the front. But at the end of the day, it can do everything (and way way more) than they ever could by using hardware - and much sooner.
...Skeeve
--
Skeeve Stevens - The ISP Guy
Email: skeeve at theispguy.com ; Twitter: @TheISPGuy
Blog: TheISPGuy.com ; Facebook: TheISPGuy
Linkedin: /in/skeeve ; Expert360: Profile
On Tue, Feb 24, 2015 at 12:13 PM, Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com> wrote:
Hi
Interesting, I just went to VMUG yesterday, listen to a lot about NSX. Previously tried to stay away because of the enterprise licensing cost, but relooking at it again.
I noticed nobody mentioned it in the hypervisor env
Is anyone running soft routers (VMs/non Hardware) as an ISP/provider.
I thinking you can't beat silicon for pure switching . routing ?? and then coupled with something further up the stack, does switching/routing on the host of a hypervisor make more sense ?
A
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Skeeve Stevens
Sent: Tuesday, 24 February 2015 10:17 PM
To: Sam Sarkis-UIP
Cc: ausnog at lists.ausnog.net; ausnog at ausnog.net
Subject: Re: [AusNOG] Firewall
Sounds like an odd request... you mean it MUST be a Server based Firewall?
If that is an issue, get around it by going VMware and using vASA or vSRX?
...Skeeve
--
Skeeve Stevens - The ISP Guy
Email: skeeve at theispguy.com ; Twitter: @TheISPGuy
Blog: TheISPGuy.com ; Facebook: TheISPGuy
Linkedin: /in/skeeve ; Expert360: Profile
On Mon, Feb 23, 2015 at 9:09 PM, Sam Sarkis-UIP <ssarkis at unitedip.net.au> wrote:
Hi All,
I know this is strange but we have a specific requirement for a customer.
Does anyone know or recommend a firewall / UTM software that can be installed on an existing Windows, Redhat, SuSE, or Centos Server.
We would prefer a commercial package.
We cannot overwrite the existing os and have to work within any of the above mentions platforms only.
Kind Regards
Sam
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150225/b21420bb/attachment-0002.html>
More information about the AusNOG
mailing list