On Tuesday 25 March 2008, Aaron Glenn wrote:
On Tue, Mar 25, 2008 at 6:15 PM, Patrick Clochesy <patrick@chegg.com> wrote:
Very interesting study I had not seen, and a bummer. That really puts a cramp in my advocation of our CARP+pf load balancers/firewalls/gateways. Than again, what's a PIX box capable of?
I'd rather tweak a whitebox than pay through the nose for a PIX.
But aren't PIXen whiteboxes internally? I know the PIX-like LocalDirector that was donated to us makes a very nice nBox deployment for us. Lots of these sorts of boxes are internally whiteboxes (I'm using that term loosely to mean an Intel-based box that could potentially run something like a Linux or *BSD). The second-hand Content Engine 565 I got on eBay that had a fried power supply was just a Cisco-labeled IBM eServer xSeries 305, and was loaded with WindowsXP when I got it. It's running CentOS 5 now, with a new IBM power supply in the box. The two earlier Content Engines and two even earlier Cache Engines I got second-hand are likewise custom Intel hardware; PIII 800's, to be precise. Now, they DO use ECC RAM, which most whiteboxes won't have. But otherwise they are customized whiteboxes, and you're paying for the software and support. But cisco is not alone in this. Nomadix gateways, to use one example, are built on custom embedded x86 systems. What I'm waiting on is someone to take a system like a Xilinx ML410 dev board and use the FPGA to do hardware-accelerated forwarding/filtering. See http://www.lynuxworks.com/board-support/xilinx/ml410.php for info on the board. As to PIXen performance, see the charts in http://en.wikipedia.org/wiki/Cisco_PIX -- Lamar Owen Chief Information Officer Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu