Hi Mike,
We run an openstack with VPP NFV setup with fortigate virtual firewalls.
To get to competitive performance we also use mellanox ConnectX NICs to
offload processing to this hardware.
A lot of effort has to be put into this setup to get good performance.
We have tested upto 10G bi-dir and 30k+ sessions, we are planning on
testing with higher speeds/more sessions soon.
Jac
On 23/09/2019 21:15, harbor235 wrote:
> Looking for real word experiences virtualizing router and firewall services
> with rates above 1Gbps on x86 platforms. Most testing I have been involved
> with virtualizing routers and firewalls, performance drops
> dramatically above 1Gbps.
>
> Connections per second are critical for a firewall in particular, can a
> virtual firewall handle high connections per second as appliances?
>
> Anyone experience good results at 10GigE with a virtual firewall?
>
> Where do you draw the line for router based virtualization?
>
>
>
> Mike
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Jac Kloots
Teamlead Network Services
Network Department
SURFnet
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
We run an openstack with VPP NFV setup with fortigate virtual firewalls.
To get to competitive performance we also use mellanox ConnectX NICs to
offload processing to this hardware.
A lot of effort has to be put into this setup to get good performance.
We have tested upto 10G bi-dir and 30k+ sessions, we are planning on
testing with higher speeds/more sessions soon.
Jac
On 23/09/2019 21:15, harbor235 wrote:
> Looking for real word experiences virtualizing router and firewall services
> with rates above 1Gbps on x86 platforms. Most testing I have been involved
> with virtualizing routers and firewalls, performance drops
> dramatically above 1Gbps.
>
> Connections per second are critical for a firewall in particular, can a
> virtual firewall handle high connections per second as appliances?
>
> Anyone experience good results at 10GigE with a virtual firewall?
>
> Where do you draw the line for router based virtualization?
>
>
>
> Mike
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Jac Kloots
Teamlead Network Services
Network Department
SURFnet
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp