Hallo Guido, * Guido Hennecke schrieb:
> Hallo Janto, > > At 30.07.2001, Janto Trappe wrote: > > * Richard Hoechenberger <[EMAIL PROTECTED]> [30-07-01 19:50]: > > > Ist das Paketfiltern wirklich *so* prozessorlastig? Als Firewall > > Nein, das Masquerading. Fuer ein paar wenige Clients sollten 33 mhz > > aber afaik ausreichen. > > Ist das nicht eher Speicherhungrig (State table halten)? > Ich habe mal im Netz nachgeforscht und folgendes Posting gefunden -------------------- Re: [LRP] 486 vs. P90 To Jonathan Rawson <[EMAIL PROTECTED]>,George Metz <[EMAIL PROTECTED]> From floyd <[EMAIL PROTECTED]> Date Sat, 13 Jan 2001 20:55:53 -0500 CC [EMAIL PROTECTED] References <[EMAIL PROTECTED]> Hello Jonathan, George and others on the list I guess maybe you missed my original post. A 486-25 MHz is a bottleneck when you're expecting to get 400-500 KBytes/sec (which I do get on large downloads from certain sites without a firewall) and the 486 delivers 150 KBytes/sec. Now that is decent thruput for web browsing and most stuff. In my original post I predicted that a 486-66MHz should be able to deliver 400 KBytes/sec, which is right in line with what Jonathan has observed. (159 * 66/25 -> 420, where the 159 and 25 are the thruput and speed of my processor and 66 is for Jonathan's). Also, for George's observations things fall right in line (159 * 33/25 -> 210). The 159 is a mearsured value as reported in my first post. Obviously, it accurate to the last digit -- I made several measurements that ranged from about 157-162. My 486-25 would match a T1 line pretty well (a 33 MHz machine matchs better) and would certainly be great for any DSL connection up to about 1.3 Mbits/sec. (150 MBytes/sec * 8 bits + 10% for overhead -> ~1.3 Mbits/sec) There may very well be some hardware or software tweeking to improve the performance of my 486-25 but I can't see that it would improve enough to be worth while. So, I think that I will just use it as is and if I get hold of a 486-66 some place cheap then I will upgrade the box. I setup a P90 with LRP that gets ~800 KBytes/sec thruput which is way overkill. Besides it is destined for other uses. Just so you know where I am comming from I did my original post so that people could see some hard measured results. There seems to be very little in the way of actual performance characteristics for the various hardware that people are thinking of using for LRP firewall/routers. Wouldn't it be nice to know before you used a certain piece of hardware that it would actually meet your requirements? If your boss says "implement a firewall and oh, by the way you can't buy anything," but you have this old box sitting in the corner doing nothing it would be nice to know if it will handle the load. Most any old box would probably be able to handle a T1. But could it handle a T3? I doubt that a of any kind could but I don't know. So, I say lets get some hard numbers and find out. To my mind this is one area where the LRP group can provide a useful service to the community. What I have done is just a start. I encourage everyone with the resources to do some charaterization of their router/firewall and report it to the list. When there is enough maybe some one would be kind enough to put it up on his web site. Floyd Sykes -------------------- Er schreibt ja, dass ein 486er/25MHz 150 kByte/sec. liefert. Ich habe einen 33 MHz-486er, das sind 32% mehr Power. Wenn nun die Übertragungsrate 486er ---> Netzwerk beim bloßen Routing proportional mit dem Prozessortakt steigen würde, könnte eine 33 MHz-CPU theoretisch fast 200 kByte/sec. liefern. Bei T-DSL fallen aber nur Datenraten von maximal 768kb/8sec. = 96 kB/sec. an. Damit wäre die CPU nur zu ca. 50% ausgelastet. Also bleibt ja noch genug Rechenpower für Masquerading/NAT und Paketfiltern übrig (oder?). Fragt sich nur, ob der Arbeitsspeicher dann noch ausreicht. Die Kiste hat 8 MB RAM. Ist das genug? Und: welche Linux-Distribution setzt man am besten ein? Dabian Potato? Oder vielleicht Smoothwall? Richard -- Gestern standen wir noch kurz vor dem Abgrund, heute sind wir bereits einen gewaltigen Schritt weiter. -- ----------------------------------------------------------- Um sich aus der Liste auszutragen schicken Sie bitte eine E-Mail an [EMAIL PROTECTED] die im Subject "unsubscribe <deine_email_adresse>" enthaelt. Bei Problemen bitte eine Mail an: [EMAIL PROTECTED] ----------------------------------------------------------- 870 eingetragene Mitglieder in dieser Liste.
