Go Back   Singapore Web Hosting Talk > LEARNING CENTER > Networking

Networking Networking-related subjects in managing dedicated servers.

Reply
 
Thread Tools
Old 17-10-2008, 18:39   #1
xiaokira
SGWHT Newbie
 
Join Date: 17-07-2004
Posts: 291
xiaokira will become famous soon enough
SonicWall or Juniper? need experts' recommendation

Hey guys,

Good day . I plan to operate a small server room with about 10 racks and having a relatively good firewall would be good. Will lay fiber to the server room therefore having fiber port on the firewall would be a plus. But now not sure which firewall to choose. So far narrowed down to two models.

SonicWALL PRO 5060 and Juniper SSG550

Looking at firewall performance as main requirement, to help defend possible network attacks, three main things i am looking at are below.

- packet per sec
- Concurrent connections
- Mbps of firewall capability

Q1) How would you prioritize the above 3 and why?

Q2) Does it make sense to have firewall with 1Gbps defense capability, to protect a 100mbps UPLINK? Or only firewall with 100mbps capability is needed to protect a 10Mbps port? Now, compare the two cases below, assuming there is network attack Ddos and assuming uplink is 100Mbps from ISP.

1st case, 500Mbps ddos hit the 100mbps port of Firewall with 300Mbps defense capability .. Apparently firewall is knocked out here?

2nd case, 500mbps ddos hit the 100Mbps port of Firewall with 1Gbps defense capability .. so any difference now? will there be any clean Mbps available for Legal traffic to servers?

Q3) what are you guys' opinion on the above two models and is there any other models you would recommend and why?

Thanks in advance.

__________________
Asia/Singapore Affordable & Reliable Dedicated servers
Singapore Colocation , Carrier-neutral , Tier3 standard, Full Cabinet 3KVA from USD950/mth
Email : sales@asiaserverhost.com | Skype : AsiaServerHost | QQ : 2079345223
xiaokira is offline   Reply With Quote

Old 17-10-2008, 19:26   #2
xiaokira
SGWHT Newbie
 
Join Date: 17-07-2004
Posts: 291
xiaokira will become famous soon enough
correction

Q2) Does it make sense to have firewall with 1Gbps defense capability, to protect a 100mbps UPLINK? Or only firewall with 100mbps capability is needed to protect a 100Mbps port?
__________________
Asia/Singapore Affordable & Reliable Dedicated servers
Singapore Colocation , Carrier-neutral , Tier3 standard, Full Cabinet 3KVA from USD950/mth
Email : sales@asiaserverhost.com | Skype : AsiaServerHost | QQ : 2079345223
xiaokira is offline   Reply With Quote
Old 30-10-2008, 01:43   #3
alanwoo
SGWHT Senior Member
 
Join Date: 15-10-2003
Location: Singapore
Posts: 575
alanwoo is on a distinguished road
Hi,

If the attack is 500Mbps, and you only have 100Mbps uplink, then most of the services (http, ftp, email, voip, media streaming, online games) is badly affected and consider not functioning, although the firewall can hold up to the attack, your network is fully protected, everything seems perfectly fine within your network, but just outside traffic hard to get in.

Actually upstream provider/ISP, should take initiative to stop DDos attack traffic and it is more effective they do it at their end than doing it at the end-user end.

For the firewall throughput, the key consideration is "packet" per sec, concurrent connection, instead of bandwidth.

1 IP Packet maximum size around 1500 bytes.

(For Http download senario)
1Mbps bandwidth = 128KB / 1.5KB(full packet size) = 85 packet / per sec.
100Mbps of http download = 8500 packet /per sec

(For DNS query)
1Mbps bandwidth = 128KB / 100byte(estimate average dns result size) = 1280 packet /per sec.
100Mbps of dns query = 128000 packet / per sec **

(There is a huge difference in packet throughput compare the same 100Mbps use for http download or dns query)

Concurrent connection means more memory is needed to hold the connection detail.

Alan
__________________
Alan Woo

NewMedia Express Pte Ltd (AS38001)
Web Hosting Singapore
http://www.speedtest.com.sg
Tel: +65 63967188
alanwoo is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +8. The time now is 11:59.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright (C) 2002-2015 Brought to you by Singapore Web Hosting Talk (SGWHT). All Rights Reserved.