We currently have two gbit uplinks set up with spanning tree for our network, with IP routing and firewall services supplied by our ISP. However, we would like to do the IP routing and firewall ourselves, and are therefore looking for a solution.
I don't know if we need some dedicated network equipment or if a linux box will fit our needs, but our requirements are:
- No single point of failure (we will need two units, one for each of our uplinks, so i guess the units need to support spanning tree somehow)
- Firewall capabilities
- Basic IP routing (we would like to be able to do full BGP at a later point, so if the solution supports it or is upgradeable it would be nice)
- IP accounting
We currently only need a capacity of 100 mbit, but since we have a gbit uplink we would like to have gbit capacity if possible.
I would like some kind of API or similar, so that we could integrate firewall management with our customers control panel, so that they could manage their own rules. This is no requirement though.
This can be accomplished with dual linux boxes. Since you'll be doing your own routing, you'll want to run BGP to accomplish failover, as opposed to spanning tree (which is evil). I'd recommend hiring a consultant rather than relying on the advice of (armchair?) network admins on WHT. Good luck.
Now selling BigVPS's! Jacksonville Colocation and dedicated servers by colo4jax
We are *not* a reseller. We own our servers, switches, routers and racks.
Thank you very much for your reply. We are currently not planning to do the actual implementation on our own (we do not know enough about it), but i would like to look in to the possibilities and know as much as possible so that we are not totally ignorant when hiring a consultant.
I'm glad to hear that a setup with linux boxes should be able to do the job, as i assume it will be the most flexible solution. Is there any special software that you can recommend that i look into for the various tasks (specially the routing and ip accounting part), and what hardware specifications should we go for? I assume quality NIC's and a fast CPU is the primary concern, and that memory and harddrives aint that important?
Since juniper's m5 (maybe m7) pricing have came down quite a bit on the used market, you could consider a pair of those. They are going to be more expensive then your linux box implementation, but it will do everything you asked for perfectly. If you are planning on any expansion with 10GE, you can also consider the 6503 with sup32/720. Those are reasonably price as well.
http://Ethr.net[email protected] West Coast AT&T / Level3 / Savvis Bandwidth, Colocation, Dedicated Server, Managed IP Service, Hardware Load Balancing Service, Transport Service, 365 Main St, SFO / 200 Paul Ave, SFO / PAIX, PAO / Market Post Tower, 55 S. Market, SJC / 11 Great Oaks, Equinix, SJC
Thank you very much for your reply. I tried looking at the german ebay (i need a 230v european version), and unfortunately there wasn't any available. Do you know which specs i should go for if i decide to use a couple of linux boxes?