well as a rough rule you need 1 cpu to drive a qfe card... so if you are making your two qfe cards push lots of traffic you will need two maybe three cards. I did a test with an ultra10 (440MHz) with one qfe card in it... fairly simple rule base and ftp'ed a 60MB file through it... managed to get about 10100KB/sec (near line speed for 100Mb/s) from qfe0 to qfe1... that took the machine's cpu to 100% in sys according to sar.... so extrapolating (very dangerous!!), to push 10MB/s through the box you need 1 CPU :) > -----Original Message----- > From: Scheidel, Greg [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 17, 2000 3:13 PM > To: 'William J Husler'; [EMAIL PROTECTED] > Subject: RE: [FW1] too many interfaces (was: Large number of Static > Routes ) on a Sun box > > > > We had performance problems on a Sun box running two QFE > cards until we > upgraded to two processors and 1GB RAM. Our hardware guy > said this was a > known issue with the CPU getting pinned trying to handle the > requests from > the QFE cards. Sorry I don't have more details. > > Greg S. > > -----Original Message----- > From: William J Husler [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 17, 2000 2:28 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW1] too many interfaces (was: Large > number of Static > Routes) on a Sun box > > > OK, so having eliminated a Large number of Routes, could it be a large > number of interfaces? This box also had two QFE cards (total of 8 100M > ethernet ports) and all ports are in use. > Bill > > > From: Mystery Guest <[EMAIL PROTECTED]> > > Date: Sun, 16 Jul 2000 21:49:56 -0700 (PDT) > > To: [EMAIL PROTECTED], [EMAIL PROTECTED] > > Subject: Re: [FW1] Large number of Static Routes on a Sun box > > > > > > At one point we were running with ~600-700 static routes > (and that is with > > using route summarization) on our Sun U10 and we didn't > notice any great > > problems. We got fed up with adding and deleting static > routes that we > > changed the Sun box into a FW + router by adding gated. The biggest > problem > > is identifying internal networks in rules. It sure would > be nice if FW-1 > > allowed rules to be put on interfaces or if it was smart enough to > > dynamically figure out what subnets are located internally > so we didn't > have > > to muck about with adding and deleting networks to the > internal networks > > FW-1 group. <sigh> > > > > Cheers, > > > > ./CK > > > > > >> From: William J Husler <[EMAIL PROTECTED]> > > > >> Date: Sun, 16 Jul 2000 10:32:58 -0700 > >> > >> > >> We have a firewall (FW-1 v4) running on a Sun ES450 that connects > numerous > >> subsidiary networks. As a result of the divergent networks > involved (as > >> well > >> as address translation in some cases), we have add a > number of static > >> network routes (and static host routes) to the firewall. > We are currently > >> up > >> to almost 200 lines in the routing table. This firewall is > experiencing > >> through-put problems (at least everyone is pointing > fingers at it) and > the > >> vendor (Sun) tech support has stated that it could be > caused by this > large > >> number of static routes. Has anyone else experienced this > scenerio or > have > >> experience with a large routing table on a Sun box? One comment I > >> particularly did not like was "It's not a router you > know". Just what do > >> they think a firewall does anyway? > >> Bill > >> > >> > >> > >> > ============================================================== > ============== > = > >> === > >> To unsubscribe from this mailing list, please see the > instructions at > >> http://www.checkpoint.com/services/mailing.html > >> > ============================================================== > ============== > = > >> === > > > > > ______________________________________________________________ > __________ > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > > > ============================================================================ == > == > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ == > == ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
