Firewall - How Much Memory???

Firewall - How Much Memory???

Post by Gerald E. Butl » Sat, 07 Sep 1996 04:00:00



        Hello All, I was wondering if anyone out there who has experience
with Linux Firewalls could give some recommendations on what sort of
hardware to dedicate ( i.e. memory, cpu, hard drive space, etc. ).
The Firewall will be to protect an internal 15 node Network running on
10bT ( 10 Mb/s ). The main thing outsiders will be accessing is the
our HTTP server ( downloading software demos etc. ). Our connection to
the internet will be through a semi-dedicated 10 Mb/s connection.
        Basically, I'm looking for some general recommendations based
on first hand experience, not second hand knowledge.

        Thanks & Have A Nice Day!  8^)

 
 
 

Firewall - How Much Memory???

Post by Jon Bloo » Sat, 07 Sep 1996 04:00:00



>         Hello All, I was wondering if anyone out there who has experience
> with Linux Firewalls could give some recommendations on what sort of
> hardware to dedicate ( i.e. memory, cpu, hard drive space, etc. ).
> The Firewall will be to protect an internal 15 node Network running on
> 10bT ( 10 Mb/s ). The main thing outsiders will be accessing is the
> our HTTP server ( downloading software demos etc. ). Our connection to
> the internet will be through a semi-dedicated 10 Mb/s connection.
>         Basically, I'm looking for some general recommendations based
> on first hand experience, not second hand knowledge.

It's not clear to me whether you mean to have the HTTP server running on
the same machine as the firewall. The amount of memory you need on the
HTTP server depends to some degree on how many HTTP transactions you
expect to see running simultaneously, as each transaction requires a
forked httpd.  Even this is probably not a big deal unless you expect
quite a few hits.

At work, we are running two Linux (1.2.13) machines. Our Web server
(about 12000-14000 hits/day) is a 486DX66 with 64 MB. I can't remember
the last time I saw it swap. The other machine is a 486DX100 with 20 MB,
and it acts as our firewall and mail handler. We have a 100-node
network, with each node having Internet access via firewall proxy
(SOCKS), and the mail throughput is somewhere in the ballpark of
1500-2000 messages per day. This machine occasionally gets to swapping;
I plan to upgrade the memory in this machine as soon as I get around to
it.

In short, with the prices of memory at present, I recommend at *least*
64 MB. It just doesn't pay to save a couple of hundred bucks only to
find that you're short of RAM. Of course, if you expect the site to be
really busy, or if you expect to run numerous other applications on the
machine, you may want even more memory. I don't consider CPU speed to be
too much of a factor for 'Net server application. All those 14.4/28.8
connections out there keep the server processes in memory for a while,
but the processes aren't using much CPU time. This seems like it might
be a particular problem for you in that you are serving up software
demos that will, I presume, be fairly large files.

BTW, the 20-MB machine ran for about 6 months as our sole machine,
including HTTP. It swapped a fair amount, even though our Web hits then
were about half what they are now.

As for hard drive space, I again suggest that at today's prices, more is
better. If all you plan to do with the machine is firewall and HTTP
service, a 1.2 GB drive would be more than adequate, and cheap. If
you're trying to reuse older hardware, a smaller drive could do, too.
I'd probably not drop much below 500 MB, though.

These are all rough numbers, subject to adjustment to your particular
situation--your budget in particular.

I do envy you the 10 MB/s connection to the 'Net!

Quote:>         Thanks & Have A Nice Day!  8^)

I'll do my best!

--
Jon Bloom


 
 
 

Firewall - How Much Memory???

Post by Mark Grenn » Wed, 11 Sep 1996 04:00:00




>    Hello All, I was wondering if anyone out there who has experience
> with Linux Firewalls could give some recommendations on what sort of
> hardware to dedicate ( i.e. memory, cpu, hard drive space, etc. ).
> The Firewall will be to protect an internal 15 node Network running on
> 10bT ( 10 Mb/s ). The main thing outsiders will be accessing is the
> our HTTP server ( downloading software demos etc. ). Our connection to
> the internet will be through a semi-dedicated 10 Mb/s connection.
>    Basically, I'm looking for some general recommendations based
> on first hand experience, not second hand knowledge.

>    Thanks & Have A Nice Day!  8^)


Well, I just finished building a TIS FWTK firewall on a Linux system.
After much checking.. (I powered up 20 systems all using a Web
mirroring product to such off 500 pages) I was getting about 50 hits
per second. I found the system was more then enuff. The CPU runs at
most 40% utilization and memory never swaps.

I used
        RedHat 3.0.3 - Shadow password coded added
        TIS FWTK - ssl-gw added
        A Pentium 133
        32meg of memory
        Two HP-lan network cards (better cards might help)
        1 500m hard disk (How much loging do you want to keep?)
        1 CD-ROM (This could be removed after installion)

I hope this is helpfull.

 
 
 

Firewall - How Much Memory???

Post by James Youngm » Thu, 12 Sep 1996 04:00:00




Quote:

>        Hello All, I was wondering if anyone out there who has experience
>with Linux Firewalls could give some recommendations on what sort of
>hardware to dedicate ( i.e. memory, cpu, hard drive space, etc. ).
>The Firewall will be to protect an internal 15 node Network running on
>10bT ( 10 Mb/s ). The main thing outsiders will be accessing is the
>our HTTP server ( downloading software demos etc. ). Our connection to
>the internet will be through a semi-dedicated 10 Mb/s connection.
>        Basically, I'm looking for some general recommendations based
>on first hand experience, not second hand knowledge.

I suggest PCI network cards (for example I am happy with 2 3c590s),
purely to keep the CPU overhead of Ethernet packets down.

--
James Youngman       VG Gas Analysis Systems |The trouble with the rat-race
 Before sending advertising material, read   |is, even if you win, you're
http://www.law.cornell.edu/uscode/47/227.html|still a rat.