Forums - Firewall that doesn't increase latency

HOME FORUMS BROKERS SOFTWARE BOOKS CONTACT US

Your Account • Become a Member • Help • Search

	Forums ›› Tools of the Trade ›› Backup and Security ›› Firewall that doesn't increase latency

Page 1 of 5: 1 2 3 4 5

mastertrader456

Registered: Aug 2011
Posts: 175

06-09-12 03:51 AM

Anyone know of a good firewall that doesn't increase latency. I am having trouble finding a firewall that doesnt slow down the packets to and from thru my trading software. I dont want a firewall inspecting every packet(order/message) I send. It slows my orders down by nearly a second. Im left with having to turn off my firewall while trading. Anyone have any ideas?

Edit/Delete • Quote • Complain

NetTecture

Registered: Mar 2009
Posts: 1010

06-09-12 05:48 AM

Quote from mastertrader456:

Anyone know of a good firewall that doesn't increase latency. I am having trouble finding a firewall that doesnt slow down the packets to and from thru my trading software. I dont want a firewall inspecting every packet(order/message) I send. It slows my orders down by nearly a second. Im left with having to turn off my firewall while trading. Anyone have any ideas?

Ok, first - EVERY firewall HAS to inspect traffic. Because otherwise it wold not be able to decide what to pass through or not. Simple. You can not have a vegetarian kobe steak. Want to have one router that can do minimal firewall without slowing down? Extreme networks, starting around 10k USD... they do rules processing in hardware. Ok, they are a little large (we talk of routers with 48+ ports full speed), but that is what you want. And you better kno what you talk about when you set them up ;)

Alternative: NO firewall, put your hosting appliance into a dedicated data center, no internet access, you go in via VPN. Pricing starts around 400 USD per month per rack unit height, Chicago.

BUT:

It slows my orders down by nearly a second.

Throw the shit out and get something decent. My own firewall is in the sub 1 ms range, including some routing and putting encrypted traffic on a VPN and doing quality of service. 1 second is NOT a normal operating firewall - it is either hogwash (you know knowing what you talk about), or a broken hardware, or a TERRIBLY overloaded device or a stupid setup. 1 second is AGES for inspecting some small packets.

Anyhow, if you need a decent router / firewall combo. Mikrotik has decent hardware for a low cost. A 450G runs my main office (3 uplinks, oad balancing, ALL traffic VPN's over 3 links), a 1100x2 my data center and I use 750G's when travelling. And virtual RouterOS on Hyper-V may hook my new trading system (tool delivery friday) into this fabric. THe 450G would likely be what you want. BAD news: you better know what you d, that is not an end user device, it is a provider level device.

Edit/Delete • Quote • Complain

WinstonTJ

Registered: Jan 2009
Posts: 1947

06-09-12 11:57 AM

You have two choices... You can run "raw" or without a firewall... Or use a firewall.

Try PfSense on a Dell Optiplex 755 SFF chassis. 2GB of RAM and an E8400 or E8600 will be plenty. Get Intel Pro MT and PT low profile dual or quad NICS and there you go - you have a firewall.

PM me if you have questions.

If you just want a router combo on the cheap then try a Linksys RV042 or RV082 router and run a Dell PowerConnect 2708 or 2716 switch with a Linksys WRT54GS for a wireless router.

What are you using now that could possibly be slowing you down by a second? I don't believe that is possible unless you are trying to run a 10G Ethernet connection through a really old 10mb/sec firewall/router and everything is being queued.

PF Sense will do what you need and be able to give you wifi + LAN and do it safe & secure with minimal to no latency addition.

Edit/Delete • Quote • Complain

NetTecture

Registered: Mar 2009
Posts: 1010

06-09-12 12:24 PM

Winston, have a look at Mikrotik ;) The hardware.

Seriously - likely the only element that is comparable in price to your dells is my data center 12 port router and that has integrated switches.

My office is run - capable of filling u a 1000mbit ocnnection - on a 5 port (switch chip integrated) 450g that costs less than 100 USD and uses nearly no power and is passive ;)

Mikrotik is a littl problematic on Hyper-V (no drivers, closed system) but their hardware is ROCK cheap and their routers are fully capable of running BGP 4 etc. When I move into the new house, I plan to distribute some of their access points in the house to make a high speed good coverage WAN ;)

Edit/Delete • Quote • Complain

WinstonTJ

Registered: Jan 2009
Posts: 1947

06-09-12 01:27 PM

For the home trader what I am suggesting can be had for around $350 with a "no expense spared" attitude.

The Optiplex 755 is cheap with only 2GB of ram and a dual core cpu over 2.5GHz. If you wanted to go crazy you could spend the cash on a low profile Intel Pro PT card but that would run you about $200... And allow 5 ports on the machine

The cisco wireless cards are great and PCI.

With a dual port pci-e card you end up with three interfaces and wifi all for under $350... But even PFSense is going to be way over the head of the basic user/trader.

I will look at your suggestion! I am always willing to try something new. I am running a block of 30 static IP's on pfsense with tripple WAN's and will be implimenting about 15 VPNs this month. So far so good... The biggest use has been low 20% CPu and only 17% ram use... On a dual core with 2GB of ram... Running on ESXi 5.0...

Edit/Delete • Quote • Complain

NetTecture

Registered: Mar 2009
Posts: 1010

06-09-12 07:33 PM

> what I am suggesting can be had for around $350 with

;) Expensive, you know.

a Mikrotik 1100 AHx2 costs 434, a 1200 costs 303 USD.

Both likely kill your part - and have integrated significant switch ports (which are hardware switched).

The 420GL costs about 52 USD and has 4 or 5 ports ;) And enough horsepower as a ROUTER to route 100mbit - gets worse with a LOT of firewall rules (which you do not have) and VPN (due to encryption).

The 450G is a little below 100 USD ; + enclosure (damn, can not find a price in the USA for the integrated part - they do sell that from MIkrotik, though). It has a 680mhz processor, integrated switch for 4 ports and is full passive.

That is why I mean your stuff is expensive. They really kill the price side.

On the upper end there is a nice 12 port gigabit router coming capable of handling FULL SPEED ON ALL PORTS with significant logic behind, thanks to a 36 core special processor ;) Price for that is around the 1500 to 1800 USD level, but then - that really hits large setups with a 1gbit uplink ;) Cloud backbone style for smaller clouds ;)

Edit/Delete • Quote • Complain

Page 1 of 5: 1 2 3 4 5

Receive an email whenever a new post is added to this thread by subscribing to it.

Rate This Thread:

Forum Jump:

Conduct Rules - Privacy Policy - Day Trader - Day Trader Forum - Best Trading Software - Sitemap

WHILE YOU'RE HERE, TAKE A MINUTE TO VISIT SOME OF OUR SPONSORS:
Advantage Futures Futures Brokerage & Clearing AMP Global Clearing Futures and FX Trading Bright Trading Professional Equities Trading CTS Futures Trading Software DaytradingBias.com Professional Trading Analytics ECHOtrade Professional Trading Firm	eSignal Trading Software Provider FXCM Forex Trading Services Global Futures Futures, Options & FX Trading Interactive Brokers Pro Gateway to World Markets JC Trading Group Direct Access Trading MB Trading Direct Access Trading	MultiCharts Trading Software Provider NinjaTrader Trading Software Provider OANDA Currency Trading optionshouse Option Trading & Education Rithmic Futures Trade Execution Platform SpeedTrader Direct Access Trading	SpreadProfessor Spread Trading Instruction thinkorswim by TD Ameritrade Direct Access Trading TradersStudio System Building & Backtesting Trading Technologies Trading Software Provider Trend Following Trading Systems Provider