Hello, I don't think it's overkill and would probably start off with a quad processor for 24 gigabit ports. But I honestly don't know which apps can take advantage of the multiple processors and how the kernel uses smp for networking/routing, etc.
There are other things besides ipsec and routing to consider: deep packet inspection. See http://en.wikipedia.org/wiki/Deep_packet_inspection and http://www.securityfocus.com/infocus/1817. Also, squid can use reg_ex pattern matching to block sites for example. For an acl I accidentally used url_regex instead of dstdomain for a spam blacklist 6.3 MB and simple pages would lock up my processor at 100% utilization for a few seconds at a time. It felt like I was on dialup instead of a T1. I'm using a Via C3 1 GHz. Even if you won't have a large reg_ex blacklist, using dstdomain (normal index lookups) it takes squid about two minutes just to load/index a 6 MB file on my systems. The Via C3 @ 1 GHz are about as fast as a Celeron 500 MHz in the real world, maybe slower. For IPsec without the via padlock hardware encryption driver these 1 GHz C3's can only manage about 10 Mbps using AES 128. With the padlock driver they should be able to do 100 Mbps easily. Sadly the fastest I ever managed using openswan and padlock was about 38-43 Mbps. Either the driver was not well optimized or openswan has too much overhead. Besides that, imagine being able to run a counter-strike server directly on your router. :) -cpu --- Muiz Motani <[EMAIL PROTECTED]> wrote: > Can you tell us where we can order the Nexcom systems from and how much > they cost? Also, has anybody done any analysis to see if these systems > are overkill? LEAF should not need Xeon processors, even for 24 Gbit > ports. > > On Fri, 2008-01-18 at 09:02 +0000, Erich Titl wrote: > > > > cpu memhd wrote: > > > Hey Erich, > > > > > > I haven't tried it. But I thought I should comment on the > architecture. It > > > uses the Xeon Blackford chipset, which uses FB-DIMMS, which run very > hot. > > > I have 4 DIMMS, 4GB RAM in one of my personal servers, a 5000V > Blackford > > > and the DIMMs seem to generate lots more heat than the CPU: a Xeon > 1.86 > > > 5000 series. > > > > > > I have looked at the Nexcom solutions and I've been considering > getting an > > > 8-port 1083 which uses the desktop Q965 chipset. > > > > > > Anyhow, the 2189 would be nicer I think, if it used a 5100 board > because > > > it supports DDR2. Or better yet, the 3200 series (for the most part, > 1333 > > > MHz bus versions of the previous 3000 series Xeon boards... which > are just > > > glorified Conroe boards). The 3xxx Xeon boards are cheap and the > 1333 > > > MHz/3000 Xeons are dirt cheap even at >= 3 GHz speeds > > > > Well, I need it for _many_ ports, but looking at the little specs I > got > > I am a bit worried that LEAF will not support the LAN chips. It all > > depends whether the multi port boards are of the IntelĀ® 82571EB or > > 82546GB chip set. It appears that the 82571EB is only supported in the > > > 2.6 kernel. > > > > Erich > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > ------------------------------------------------------------------------ > > leaf-user mailing list: leaf-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > Support Request -- http://leaf-project.org/ > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
