On Fri, Mar 2, 2012 at 9:28 PM, Mehma Sarja <mehmasa...@gmail.com> wrote: > > I am thinking of a RFP from an un-named country with current BW of 85 Gbps. > They are looking for a system to handle 100 Gbps. I have a gut feeling that > this stream needs to be split and filtered that way.
Yes if it truly has to be firewalled. There isn't a commercial or open source firewall in existence today that can do 100 Gb. With the biggest and baddest commercial firewalls you *may* get 20 Gbps in real world throughput at best, and that'll cost you into 6 figures USD up front plus 5 figures annually in support per firewall. Carrier-grade filtering is not a good fit for general purpose server hardware or operating systems. For that matter, firewalling traffic at carrier-grade rates is very difficult to accomplish at all. Unless you have extensive experience deploying carrier-grade firewalling, I seriously doubt you would get any consideration. Whoever is putting out the RFP likely realizes that's a very specialized and difficult space. My guess is Cisco or Juniper will win that and no one else has any hope. > I am also wondering how > the Great Firewall might be setup. > Good question, I presume it's probably split up into numerous ingress and egress points and may not statefully filter at all. Doubt if you'll find many if any details on how that works though. _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
