we had 2 Xen serverers in colohouse, each with 30 IPs yet.

Now we are going to purchase third server and started to think about renting small rack and putting own firewall infront of the servers.

Actual bandwidth is 5Mbits for both servers together.

We are thinking about to have something like this:
Colohouse-->Firewall<-->switch<--->Xen server(s)

With scenario we would like to add:
1) traffic monitoring per IP
2) traffic shapping per IP
3) firewalling whole segment of our public IPs
FW will get single IP and range of public IPs routed to that IP
4) be able to put one public IP for VPS on to any Xen server

What firewall and switch you will recommend for this scenario?

Your comments to this?

Thank you