Building A Router/firewall -- Vyatta? Untangle? Endian?
May 22, 2008
I would like to thank in advance to anyone who shares his knowledge or experience here.
I am trying to find a firewall with some routing capability. Since I expect to have Gbps transfer in the near future, I don't think I can find a solid commercial hardware firewall within my low budget. That's why I am looking at software products.
I would need firewall functions(ability to prevent DDoS attacks is desirable) and basic routing functions (dynamic routing and BGP is desirable but not necessary at the moment).
Stage 1 environment:
20Mbps from provider P;
100Mbps from provider C;
35 servers for budget dedicated, mainly web servers;
*I have a question in mind that, can I have my network setup that incoming from both provider P and C but outgoing through C only? Is static routing able to do that?
Expected stage 2 environment:
40 ~ 60Mbps from provider P;
100 ~ 200 Mbps from provider C;
70 ~150 servers, mainly web servers;
Currently I am looking at Vyatta, Untangle and Endian. Can someone give some comments on these software or any others that might be suitable for me?
View 14 Replies
ADVERTISEMENT
Feb 22, 2008
I have seen these 2 OS that should work as router/firewall, but are they worth enything?
View 14 Replies
View Related
Oct 31, 2007
I am about to design my company network.
The network will be designed like : we have 3 providers of IP transit, one will be the main network while the two other will feed the first network and manage a highly available network, probably using protocols like BGP4 and OSPF.
The current size of each fiber is 45 Mbit/s per operator. So I am looking for :
A router :
- able to handle each provider with up to 200 MBit/s in/output
- able to support protocol such as BGP4 or OSPF
- able to output snmp for monitoring
- have a little intuitive GUI for basic operations and have a real routing OS (like IOS or JunOS)
- is branded and warrantly (a plus would be hardware extensible)
- not too big box, something between 1 and 6U
A firewall :
- able to handle ALL the traffic to all carrier
- able to work as a SPF (drop all, allow only what I want, very accurate rules)
- have a little intuitive GUI for basic operations
- not too big box, something between 1 and 6U
About brand, most probably about Cisco, Juniper, Extreme or some good brand.
Which model would you advice me as router and which as firewall ? The price is not the main proccupation until it will do job just fine, but I would prefer to don't buy too expensive also.
View 5 Replies
View Related
Nov 10, 2008
I run a small datacenter, and we are migrating from Cisco to Linux based routers.
This routers should run a firewall, DDOS mitigation rules, CBQ bandwidth limitation, etc..
I know how to mitigate DDOS using tcpdump, also I know how to route..
I just need some advice about the firewall, stopping basic DDOS, fragmented packets, etc..
Should I use APF firewall in this case? Is there a good IPTABLES set of rules I could use?
I'm giving up from Ciscos, as I just discovered there are some UDP packets that can easily break them. I tested it last night, and that was it, nothing secure A few traffic (bogus UDP packets) and the router was down for a few minutes.
View 5 Replies
View Related
Jan 30, 2008
we had 2 Xen serverers in colohouse, each with 30 IPs yet.
Now we are going to purchase third server and started to think about renting small rack and putting own firewall infront of the servers.
Actual bandwidth is 5Mbits for both servers together.
We are thinking about to have something like this:
Colohouse-->Firewall<-->switch<--->Xen server(s)
With scenario we would like to add:
1) traffic monitoring per IP
2) traffic shapping per IP
3) firewalling whole segment of our public IPs
FW will get single IP and range of public IPs routed to that IP
4) be able to put one public IP for VPS on to any Xen server
What firewall and switch you will recommend for this scenario?
View 0 Replies
View Related
May 13, 2008
I've been using dedicated hosting in places like the planet and rackspace for a long time now, but we're about to purchase a rack in a local data facility. This is my first time setting up a rack environment, so I have a bunch of questions.
They'll be giving me an ethernet drop into the cabinet. I have to take it from there. I'm thinking I needed a router/firewall. Am I right? Can those be a single device? Should they be? Which models would you recommend? (We're still a small operation, we don't usually push more than 1Mbps bandwidth).
View 9 Replies
View Related
May 3, 2008
I am in the process of gathering the peices to move from a dedicated box to my own hardware in a local colo and am undecided how best to choose the edge device.
The colo has a 30Mb pipe with about 10Mb of it being constantly used during biz hours. Another 10Mb is being allocated in the next couple of months. I want to be able to burst to the full 30Mb when needed.
I am getting 12 IP's allocated but will increase to 24 soon if all goes well (fingers crossed!).
I will have for starters just a single Proliant running dnp on 2008 with IIS, FTP, Mail, ns1 and a 2003 VM running my secondary ns.
What I am unsure of is the edge device and looking for others that have used either a 2800 series router or a ASA5500 series firewall in a similiar fashion. I know what the raw throughput of each device is, but raw benchmarks are not realworld numbers by any means.
I am looking at the 2801 with IOS Firewall turned on and hopefully even some inspects for FTP and HTTP traffic. The other option and one that I am less familiar with is to use the ASA5505 instead which will do my basic routing but supposedly provide more thourough inspects and advanced rules.
Does anyone have experiance with either of these in a hosting environment and have input on the realistic throughput one can expect from either device?
There is a signifigant cost difference with the ASA5505 being much cheaper but I am more familiar with IOS. Would anyone recommend a 1841 router instead?
View 6 Replies
View Related
Aug 10, 2007
any of you using Vyatta in a production environment?
If so, how is it working out for you?
View 1 Replies
View Related
Mar 24, 2008
I've been running a niche hosting business (one man show) for about 6 months now and so far I've learnt the basics of the hosting business. In fact I'm quite successful too, with good profits right from the first month. I know a bit of server admin and manage my own servers.
However, now I plan to start general shared hosting business and have decided to own my hardware and colocate it at a DC. (I'm not located in the US; the DC owner is my friend and would receive the hardware and set it up for me.)
The box would cater to general shared webhosting needs with cPanel (I don't like it but the market does )
Here's what I'm planning to go for...please put in your valuable inputs.
$300 for 1x SUPERMICRO MBD-X7DCL-I ATX Mainboard
$380 for 2x Kingston 4GB(2x2GB) KVR667D2D4F5K2/4G RAM
$475 for 2x Intel Xeon E5405 Harpertown Quad Core 2Ghz.
$240 for 2x WD Caviar RE2 WD5001ABYS 500GB SATA2 HDD
$250 for 1x Supermicro CSE-811T-420B 1U Chassis
100Mbps port, CentOS 5.latest 64bit, cPanel.
So, to sum up... 8x2Ghz CPU, 8GB RAM, 500GB SATA RAID system to start with.
I'm open to all suggestions and would appreciate valuable advice etc. from experienced people. I'd like to ensure full hardware/software compatibility and maximum stability.
View 12 Replies
View Related
Oct 9, 2009
How would I go about building an ostemplate?
I want to build one running Ubuntu 8.04 LTS and ISPConfig on openvz
Could I pretty much start with the Ubuntu 8.04 minimal install and then run the ispconfig installation [url]
and then make an ostemplate out of that?
The part that concerns me is will the hostname autopopulate based on what is setup during the build of the vm?
What about the SSL info it asks me for during the install, should I just enter something generic for that or?
Has anyone else done this?
I don't want hostinabox to be the only image with a control panel
View 2 Replies
View Related
Mar 24, 2009
I am thinking about buying this processor and building a server with it. This processor is very affordable for me but I am wondering what kind of server I should run it as? Do you think the processor would be able to handle a heavy DDoS attack and act as a good firewall?
Let me know, here's the processor I want to build the server with:
[url]
View 12 Replies
View Related
May 18, 2009
Does anyone know why companies like Level3/Yipes/Abovenet/Global Crossing don't make their on-net building list available readily? Cogent/Zayo/etc have it listed right on their website....Zayo even gives you this downloadable KMZ file for Google Earth.
I'm working with a few clients who run their own data center/web hosting facilities and are looking at new spaces in various Class A office buildings. Obviously, I can go around and call all the providers, but it becomes a voicemail game.
View 14 Replies
View Related
Nov 3, 2009
I am working on building another hosting companies which I will be hosting VPSs as well.
I am asking this from a customers opion.
with each plan should it be an = shared amount of the processor or should each person have a dedicated amount? For example say you got duel quadcore processors running 3ghz which would = like 24ghz total correct? Say you have 16 VPS on 1 server each getting roughly 1.5Ghz.
View 14 Replies
View Related
Feb 2, 2008
We currently have a few racks within a UK Datacentre and unfortunately its filling up quicker and quicker by the day.
When we contacted our account manager during the week for another rack we were told that there is less than 5 racks left. Saying that these new racks came with +20% increase on our normal costs plus a £800 setup fee. While I have no complaints with the price going up for the rack (as its the same in any data centre when it gets full) I am starting to think that if we (as a company) maybe benefit more to converting an office into a data suite and getting suitable fibre to the building.
One reason why I am calling this a data suite and not a data centre is it wont have the benefits of a backup generator and fire suppression system as costs would outway the benefits (at the moment anyway). We are looking to only have around 4/8 racks in this data suite with none of the services being hosted business critical.
At the moment our current DC is around 100 miles from me so when we looked at the location we found that having one closer to our office and my home allot easier/beneficial. Next option was is there affordable fibre access available and yes there is. There was many sets of offices and industrial sites which already had fibre access to the doors with many suppliers available such as the national fibre grid (BT), Virgin Media Backhaul and Global Crossing (waiting to be confirmed on GC to see if its theirs or BTs). Least that saves the cost of the expensive last miles from the POP.
Either way the fibre we would be using would be used to back haul our connection to a London DC to plug into our network. Over the last week I have been looking at possible locations, costs, quotes etc to see what I can work with. I am just wondering if anyone else has done something similar (as in setting up a few racks away from the DC) and how did it turn out?
One worry I did worry about is losing the data centres remote hands when things go really wrong and say a technician is unavailable to go to the suite. All our servers are hooked up to KVMs and Reboot racks so if something does go wrong (software wise) we can cope but the thought does linger over me slightly.
View 14 Replies
View Related
Dec 17, 2008
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
View 3 Replies
View Related
Oct 17, 2009
building a SeedBox with a $35,000 USD Budget
how to build one of these bad boys. While staying under my budget.
I want to build a top of the line SeedBox that can handle 100 users. I need help on what kind of software and hardware I need with prices. I want this to be able to hold a 10Gbits line. (Or 10 1Gbits lines) And security stuff I need like firewall or virus scanner stuff. And Back-Up type stuff like in case of a HD Crash. And how to get 100 different IP addresses.
View 14 Replies
View Related
Oct 31, 2009
I am planing on building a small data center either in Waterloo, Ontario or in the surrounding area of Toronto, Ontario.
My questions:
1.) Is Waterloo a good area to build a data center? I know its a technology area but I havent seen much data centers from the area. And are there any bandwidth providers in the area?
2.) Anyone know a good place in the surrounding area of Toronto ontario where fiber lines will be easy to bring in? Mostly looking for something on the edge of the city, planing of purchasing my own land and a place where it will be easy to expand. Right now looking Bolton area or Brampton
3.) What bandwidth providers can be found in these areas? Need someone who can offer bandwidth for cheap like the do in the states so I can offer my customers cheap bandwidth also.
4.) If I open a data center in Waterloo ontario do you guys think there will be a good demand for colocation there?
View 14 Replies
View Related
May 30, 2009
I have built my own computer before with ease. However, I am aware that building a dedicated server can be slightly different. I have a question.
Should I go with 'normal' hardware or specially made 'server hardware'?
I am aware that 'server hardware' is more expensive, but is it really that much better? I don't want to spend out lots of cash just for a minor performance increase.
Also I was looking at these rack mount cases as I am going to Co-locate the box. However I don't know which would be the best to use with my configuration.
[url]
I'm hoping to use a Quad Q6600 and 4GB RAM but I'm stuck on which motherboard to use,
View 7 Replies
View Related
Jun 15, 2008
So I need to build or buy a server to run my site. The site will use a basic LAMP setup and we will also be allowing for file uploads and downloads. File sizes aren't expected to be too large, mostly word/PDF documents and maybe some Powerpoint presentations. At the moment we can only afford one box to run the whole site so we need to build something that can handle both file serving and basic site stuff.
I'm wondering what kinds of hardware we would need to make this happen. If I were to setup a box with a quad core CPU, 4-8GB of RAM, and a few 15K RPM drives would that be able to handle file serving and PHP/mySQL? Would multiple processors be required? What about RAID?
I guess the real question is what kind of hardware requirements are involved with setting up a file server. I'm guessing running PHP and mySQL is not really an issue but I don't want the site to slow down because of the file serving. I'm sure some of you have experience with this sort of thing so if anyone knows please let share your thoughts.
View 3 Replies
View Related
Jun 8, 2008
Wondering what the most cost-effective and efficient way of building up a bulk backup server. I'm colocating some equipment and will have a private network.
I have a full cab, and only a few servers in it, so lots of room to spare.
Now this will originally just be used for my own users, but I need ease-of-use and expandability. For example, I can load it up with lots of cheap SATA drives, and a raid card. However, what do I actually do on the software end? Installing Linux and setting up rsync crons is the easy part, but what about permissions? Is there an easy way to create users?
View 0 Replies
View Related
May 12, 2007
Lets say you're building your 'perfect' rack or cabinet, you've got a single network and power drop from your provider, 20 x mixed 1 and 2u boxes (two interfaces per box), 1u switch and require remote reboot across them all. No other servers to go in the rack at a later date.
What are you gonna buy if budget wasn't an issue? rack/cab/pdu/cbl management/etc/etc.
Basically it's your geek pr0n rack/cab. I'll post mine once I've had a further think.
View 14 Replies
View Related
Jan 28, 2007
I had some questions about it.
I'm planning on using a C2D Quad Core and was wondering the following
I am planning on using non-ecc ram is that ok for a server?
Will a normal board work instead of a server board?
View 8 Replies
View Related
Nov 26, 2007
In me effort to go colo I have been studying as best I can different server builds. Here is some information you may want to know or be able to help me and others with.
Quest: Build a server designed for serving html and other uses as a webserver (mail, database, etc). Limux operating System
Chipset- Although I found a lot of good and bad motherboards, I could find no information regarding chipsets and Linux. maybe it does not matter, who knows? Also..upgrading motherboard and chipset AFTER server is up and running seems like a challenge.
Harddrives- It would seem best to get a harddrive made for a 24/7 uptime. Not ALL drives are like this. Seemingly, unconfirmed, SCSI drives are for this pupose. However, Western Digital has made some 'RE' drives that are to be up 24/7 with no issues.
Note: 7200+ rpm drives appear to fail more often and some suggest a more stable 5400rpm.
Built in NIC vs Adding one- Very little could be found on this, but would assume a much better one should be bought and not use an onboard one. Some onboards can have probelm with some linux distros too. I would buy one and add it...a good one.
CPU- very little talk was available on linux's use of multiple CPUs. Very little talk was available on speed and use of multiple versus single cpu units. Example- how would a single cpu of 3ghz do against 2 CPUs of 1.8ghz.
Having two CPUs does allow for a server to utilize different CPUs for different processes, so if one is busy, the other can be used.
No information was really available on the difference..or what you should buy for the actual CPUs.
RAM- Buttloads of ram out there. No info on what works best with linux, which works best for a server, or what kind would work best for a server.
Motherboard- many are available and many suggest different kinds, but no definitive reasons have been given. No idea which would be best for a linux web server.
Control panel versus no control panel - after a little learning curve it would appear a non control panel is easy to use for a single user server. Control panels are buggy, have many issues, but do allow multi user systems and shared servers to be easily used. Some seem very limited in the updated versions of software. I will be going with fedora, but no control panel. The overhead is not something I want to deal with..or the bugs, or the old software, of the issues of upgrading. Ensim and cpanel seem most used and professionally serviced.
Raid- Just working on this one. No real info as to the best type of raid card for a linux webserver. Raid 1 is a mirror system i believe that allows you to have two drives where one is a ghost of another (sort of)? Do not know how much this slows the system or the drives down, but a mirror would be best in the case of a failure.
Do not know what happens when there is a failure (will system freeze, ignore it, hang?)
Partition of drives: It would seem that putting the linux system on one aprtition, the /home directory on another, and perhaps the mail directory on another is a way to make it easier to deal with certain issues. If you need to compile, reinstall, or whatever with linux and all your data is not on the partition, it becomes easier. If a partition gets screwed, the data is spread out, so much can not be destroyed. The actual amounts for the partitions are not evident in my research.
ANyway, that is a synopsis of info I have been perusing these last few days. Usually you can only find someone talking about something they use and like, but no real details to balance out why something else will not be as good.
One other note: Distros of llinux are all over the place. But for a webserver I do not think any distro is really needed. Perhaps just building your own kernel would be good (and a great learning experience)...but that remains to be seen.
I will be posting a web page in the coming weeks with a detail of how I built, where i bought, and how I installed, my new server here.
View 14 Replies
View Related
Dec 22, 2007
I'm building a HDD rack tower because I'm sick of DVDs and external USB drives. I plan on using it as a private FTP and file storage.
I got me a Lian Li PC-V2100A Plus II which can hold up to 19 3.5" drives and I plan to feed it with 1TB SATA HDDs.
The problem is that I neither have an idea which mainboard I should use nor if there's even a power supply that can support this many drives.
Performance doesn't matter to me I'm all about space, I'll probably throw in some old P4 and 1gig RAM.
I was thinking about a Thermaltake Toughpower 1200W PSU but I still don't have an idea which mainboard I should settle with.
Preferably one with 6+ SATA connectors so that I don't have to buy too many controllers.
View 9 Replies
View Related
May 3, 2006
I need to build a video server that supports remote inbound live streams (multiple sources) and multiple outbound streams. I'm interested in hearing feedback or suggestions on Real Media Server, Microsoft Media Server, or other alternatives. Please share your thoughts on any of these. I would prefer Linux hosting and would prefer Windows Media formats. I would love to hear what some of you have had successes with.
View 4 Replies
View Related
Oct 4, 2009
We're building a bunch of new servers (as I mentioned in another thread). What do you guys think is the best drive layout? Traditionally we just have the entire 4-6 drives in a RAID 5, but now I'm wondering if it makes sense to have a separate OS drive, and then the rest in a raid 5?
On a side note, we need a giant ~2TB-3TB partition on these boxes, that's why we go with the multi-drive raid setup. Thoughts? I know it was customary to have a separate OS drive back in the day (I remember having WD raptor's for that), but now when the WD Black-edition (which we'll be using for the raid setup) are as fast as the raptor's, is it even worth it?
View 7 Replies
View Related
Apr 28, 2008
Any Web hosting companies offering services based of servers hosted at the "one wilshire" building located in LA.
View 3 Replies
View Related
Aug 1, 2008
has anyone had experience in building high availability systems?
View 0 Replies
View Related
Sep 21, 2008
I have done my research, befriend a few super proxy webmasters, and learned everything I need to know about being successful in the proxy business. So I am selling almost all my websites to fund this huge project. I will also be flipping proxies from time to time to fund the project even more. This will be a year long project and will be my full time job sooner or later. My goal is to have 1,000 proxy sites.
So with this knowledge, my questions are the following;
1) Which hosting plan should I get right now "Reseller" or "VPS"?
2) Which one would be more profitable in the short term?
View 7 Replies
View Related
Jul 18, 2007
I currently dev locally on a cobalt RAQ (ollld!) and would like to upgrade this setup.
I'm looking for a simple way of getting a linux system setup for internal dev work with the basics... mysql, apache, php5, and some kind of version control - subversion / cvs.
Are there any linux liveCDs that I could use to make something like this quite easily?
For our production server we use plesk, so a control panel similar to that for setting up new dev domains would be useful. Open source of couse tho.
View 3 Replies
View Related
Feb 13, 2007
to build two 1u rackmount servers, and colocate them to a UK datacentre. Nothing uber spec, just need uber redundancy. One box will be Linux (CentOS or Arch), and the other will be Windows 2003.
They will be webservers, with DNS, MySQL, SMTP and POP3/IMAP services.
Having trawled through google, and loads of junk and seriously out of date websites, I am still no further in my research to find a decent hardware manufacturer, and a UK source to buy the hardware from.
I have seen a few good pages, but there is never any prices on these sites.
BTW. I want to avoid DELL completely, I have had so many problems with Dell before, and if something goes wrong they won't sell you the part to fix it, and charge insane amounts to fix it. Also their configurators are a con, they give you a basic setup to start with for quite cheap - and if you upgrade it you pay the more than the retail amount for the upgraded part and you don't get the part you are replacing it with that you have already paid for in the base price.
Either way, looking to buy the components separately, so the can be upgraded/replaced easily.
For both servers I am looking for:
- redundant hotswappable PSUs, preferably front access, but with power into the back (2)
- redundant nic
- hardware RAID controller (mirror or raid5)
- hotswappable drives (2+)
- dualcore cpu
- hardware for serial terminal access (remote access incase system does not boot, or has a problem booting into the OS)
View 14 Replies
View Related