1

We have a small data center we're finishing. We have a core+spline and then redundant TOR switches. Everything is basically whitebox 10gb switches running Cumulus; although, we will upgrade the core within the next 12 months to be 40gb, but this gets us going for now.

Obviously there's a lot of traffic that winds up just being east-west type traffic specially in our OpenStack cluster. But we're having issues deciphering just how much traffic will wind up hitting the Firewall/ddos device that we're looking to buy.

We planned on using the Firewall to handle BGP, dDos and of course network entrance and exit firewall policy. But we simply do not know how much to calculate..

I've seen people use the Internet pipe to size the entire firewall, but this is really misleading since there's traffic not looking to entire or exit that might still hit a firewall policy; so I am hoping people who have gone before me have some sage advice on how to size firewalls.. For reference; here is our network setup...

Network Diagram

Ethode
  • 200
  • 10
  • Will you terminate openstack vlans at the firewall? – Sum1sAdmin Apr 19 '16 at 12:28
  • I would like the Firewall to be out of the picture as much as possible when it comes to OpenStack network orchestration, and then also internal L3 routing for the DC. I really only want it to handle the multihoming (BGP) of the WAN connections and then handle ddos and basic port management, but I really don't want the vLans to terminate at the Firewall as I plan on creating vLans are the core level and the firewalls will be the uplinks for the core switches. – Ethode Apr 19 '16 at 13:49

0 Answers0