Re: Suggestion for IDS

[Michael Holstein <michael.holstein () csuohio edu>]

> I suspect the argument here has to be cost-for-cost - in the price range for a 
> decent beefy OpenBSD box you aren't going to be using FWSMs, and I can quite 
> believe that the PIXen in that price range don't perform - the PIX 501 is 
> specced at 60MB/s throughput and the cheapest retail price I can find for it 
> is $678 for the unlimited license version - for the same money you can get a 
> beefy PC which will push quite a bit more than 60MB/s

Okay .. I'll bite.

That 501 is also the size of two decks of cards, laid side-by-side .. 
and will run tirelessly without any intervention for years (it dosen't 
even have a fan). I've personally deployed HUNDREDS of these things and 
never yet seen one go bad without help from lightning. PC power 
supplies, on the other hand .. frequently fall victim to dustbunnies.

I can also FedEx a replacement 501 to timbuktu for no more than $30 (its 
like 5lbs well-packaged) .. and get it there by 8am the next day. GROUND 
service on a whole PC is around twice that.

> FWSMs appear to retail around $23,000 - that's on top of the 6500 chassis and 
> line cards you need to use it - not exactly a fair comparison.

Yeah, but who pays retail for Cisco gear? .. Everywhere I've worked, 
we've been at close to half of list -- and you get loads of Cisco people 
that'll happily assist with your (no matter how rediculous) config -- 
they even usually speak English (usually...).

> For that money you could quite easily put together a farm of boxes that would 
> exceed 5GB/s throughput aggregate - whether you'd want to is a different 
> question.

Yeah .. you could fill a 19" rack full of servers and accomplish the 
same thing .. but I highly doubt you'd end up accomplishing the same 
reliability (and to do 5gb, you'd only really need a 6503, SUP-2, and 
whatever interface card you want to use -- although you could get away 
using the two gig ports on the sup).

As for cost .. keep in mind what type of interfaces, RAID, memory, etc 
you've got to have to accomplish 5gb ... you can't just slap a 5 gigE 
cards on your PCI bus and expect not to have interrupt and PCI bandwidth 
issues.

Besides .. when we're talking "enterprise-class" networking, what would 
you rather have? .. two racks of BSD boxes with all sorts of complicated 
tricks to keep them load-balanced and redundant? .. or two 6503s where 
you can upgrade the IOS in 5 minutes and hot-swap anything?.

~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/