linux firewalls and routers vs professional/enterprise products
I am currently doing personal research for network designs / solutions and evaluating the pros and cons of using open source options for firewalls and routers compared to products by Cisco / Juniper / etc. Some questions I have for people are:
Are you using linux/bsd as a firewall or router in your production network?
What are some of the reasons you decided to use linux/bsd vs Cisco or some other solution?
Is your solution setup to be redundant? If so what are you using?
How stable and reliable have you found your setup to be?
Are there ways to build a linux/bsd firewall / router to be as reliable as an embedded system like a PIX or Cisco Router?
Does a linux/bsd firewall or router solution scale well as the network grows? Mainly is there an easy way to manage multiple systems or do you have to manually adjust each system?
The reason for all the questions is that I am currently building out a network for a small telecom business and when I look at having to rely on Cisco (or other) products for routing and firewall, the prices stack up quickly and I honestly dont need the majority of the features they provide. My goal would be to build a redundant OpenBSD firewall using CARP (yes I know BSD isnt linux) and use CentOS (or other distro) for routing with multi-gigabit NICs to provide redundant gateways for various telephony applications/servers.
My only concerns are how reliable these servers would be in a production environment. Naturally I can use redundant PSU's, RAID-1 mirror (or CF cards) for hdd reliability, ECC memory, and HA cluster applications to ensure high availability. I am just curious how stable people have found these systems to be.
I am under the assumption that if I compiled a very minimal kernel or only installed the bare minimum apps I should come up with a pretty stable system provided my apps are built stable/clean and dont core all the time / memory leaks, etc. I am wondering if its unrealistic to see such a server see uptimes of 2+ years minus any hardware failures. Has anyone out there seen these types of setups run for over a year with no issues?
Any feedback or questions welcome. Thanks