Hi Michael,
> Which influence do CPU, RAM and kind of the network card have on the
> performance of the firewall ?
Just some insights from experience:
1) Opterons in 32Bit run around 20/30% better than Xeons
2) Iptables is CPU bonded, is important to purchase a fast CPU when
you plan for thousands of rules or big traffic
3) RAM is needed to keep firewall state table as well as buffers.
There are some speed optimizations for those that require even more RAM
4) Get good quality ethernet, if possible Gigabit and at least with
NAPI support. Besides the gigabits provide some cool stuff for real
demanding firewalling
5) Use 2.6 kernel
6) Use wiselly the rules, use tables and intelligent ordering (here
shorewall really excells)
7) When you entern the IPS realm, use patches to improve performance
of kerrnel and snort
8) Use the fastest PCI Express possible. Dont mix different bus
technologies, asign IRQ with care. If not, the bus will become the
bottleneck
Regards
--
Jaime Nebrera - jnebrera@eneotecnologia.com
Consultor TI - ENEO Tecnologia SL
Pol. PISA - C/ Manufactura 6, P1, 3B
Mairena del Aljarafe - 41927 - Sevilla
Telf.- 955 60 11 60 / 619 04 55 18