2011/4/18 Richard Toohey <richardtoo...@paradise.net.nz>: > On 18/04/2011, at 1:07 PM, Rodrigo Mosconi wrote: > >> Hi all, >> >> I'm interested on some benchmarks, specially with network/PF. >> > > On the general performance: > > http://www.openbsd.org/faq/pf/perf.html > >> For example: >> >> What's the maximum bandwidth that a soekris (or alix) can handle safely as a >> firewall? (with and without ipsec, how long the rule set are) > > Why limit yourself to (low-end) machines? Budget constraints? Space constraints? Or it might to cool to play with these devices? (I thought so too, but in the end easier to whack in an old Dell Optiplex - as is often recommended on this list.) Space and noise constriants. Also can be cool to play with one ^^.
> >> >> Peter Hallin exposed a configuration that can handle near a 1Gbps on bridge >> mode. Peter, how much traffic your new firewall handle? >> >> On the branded servers (Dell, HP, IBM, etc), how best traffic one firewall >> can handle? > > Which goes fastest? Ford or Holden? > > What NICs are in those machines? > At work (a IDC), we use Dell Rxx series. But its stuck, I think the problems are the broadcom NICs Also some customers have 200MBps or more bandwidth hired. And next, a new one (contract already signed), will use more than 1 GBps >> >> These are some questions. > > What does "traffic" mean? Is your traffic the same as mine? I will avoid to use this word... >> >> Some of these information can help me to advocate OpenBSD based solution at >> work, starting with firewall. Just as comment, some linuxes (argh) fw can't >> handle as much as 100Mbps on Dells (R200 or R400). >> > > pf is fast enough for me at my work. > > It might not be fast enough for you at your work. I agree > > What are your requirements? The biggest goal: A gigabit+ capable firewall > >> Thanks for any comments, >> > > Probably not what you were after, but that's the repeated advice I see around here - only YOU can answer this question. I know, I just want some comments and advices and opinions. > > And don't forget to read this (and buy the book) > > http://home.nuug.no/~peter/pf/en/ I already bought the book, I liked > >> Mosconi
