Sinosuke Noara <capitan.shinc...@gmail.com> wrote: > Hi guys, > > I've rented a virtual private server with some friends and we would like to > deploy a firewall. I suggested packet filter and OpenBSD because I have it > at home, but really don't know about the performace of the OpenBSD packet > filter into a virtual machine. The idea is to have some (6-9) different > virtual machines running at the same time, 2 of then (apart from the > firewall) will have a lot of incoming traffic and at least 1 will have a > lot of outgoing network traffic, so my mates are thinking that PF into a > virtual machine running OpenBSD is not going to have a good performance, > maybe because (as far as I know) PF can't work using more than one core.
That's true. PF doesn't work on more than one core. But I doubt that your VPS I/O will be able to saturate the one core-slice you get. Are all of these VPSs on the same physical machine? If so it seems best to run it on the host. That means no OpenBSD since OpenBSD will not host VMs. If they're not on the same machine then all the bouncing around the packets will do (especially going in and out on the same interface) will have a performance impact. > Any of you have some experience about this? Could you give me some info > about performance or some nice arguments to convince them? > > Thanks in advance! > > Excuse my english, but I don't practice it regularly. Looks better than some native speakers I know. - Martin
