Debian routers + firewalls for large ISP?

Hi all,

I'm looking for experts advice about possible firewalling with debian. I'm
needing to serve a very heavy load of clients/bandwidth and I'm not sure if
it is do-able with Linux based OSs and today's machine, due to my test results.

Here's the specs:

1. Serving video + audio streaming only, clustered environment pushing the stuff
2. 10GB/second sustained bandwidth, 40GB/second peaks (long peaks, sometimes hours), growing fast
3. 200 000 simultaneous clients, growing, expecting 0.5 million within a year
4. Service responding on a specific port, serving through established non-priv ports
5. Need redundancy on the firewalling and interfaces.
6. We would prefer to be able to manage Linux boxes rather than Cisco routers.

We are looking at Cisco 6500 series routers + redund. options that we can add to it,
cause what we've tried with linux so far "dies under the load".

The firewall ruleset is small as we're listening to 1 port for this service,
but it seems that no matter the "super computers" we tried, they would all crawl
to their death due to heavy processor usage by iptables.

Should it be doable to serve such traffic through iptables on debian, if yes,
what would be the best way to approach this. I cannot fail, this is 24/7 operations.
Maybe we had too many connections per adapters, filling the 65k ports, didn't have
much time to look at it, we had to put the original routing back on fast when our tests
failed.

Thanks in advance for any help you may provide, guidance to accomplish this with success
would be very appreciated.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

BTW, $$$ for required hardware is not an issue... so if you suggest pricey stuff, I don't care.

Martin H.

-- 
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org