On Fri, Oct 13, 2006 at 05:16:05PM +0200, Toni Mueller wrote: > Hi Claudio, > > first, I'd like to thank you for your comment. > > On Fri, 13.10.2006 at 16:00:55 +0200, Claudio Jeker <[EMAIL PROTECTED]> wrote: > > 500kpps sustained is a crazy amount of packets (especially think about > > possible peaks). Currently you can fine tune a OpenBSD box to do over > > 450kpps but there is not much headroom left for peaks. > > Well, before specifying that packet rate, I skimmed the performance > figures of 7206VXRs which can be made to go up to 2Mpps (using NPE-G2), > and this gear is afair rated for a few 100MBit/s. So... when attempting > to size such stuff, I wanted to make sure that the box holds up in case > of DDoS and (eg.) not crash due to overload. >
Cisco can do 2Mpps on the G2 only in some cases (e.g. you only use the gigabit interfaces and no acls) but honestly the NPE-G2 is currently out of reach for any of BSDs. > > It is better to split the load on two routers that do 250kpps each. > > Erm, how do I do that on a single line?!? > You can't. > > Additionally get a fast single CPU i386 (I would use a AMD Opteron in i386 > > mode) and good network cards. This currently gives you the best bang for > > the bucks. > > Is there anything wrong with using an Opteron chip in amd64 mode? Yes. There is a amd64 specific "bug" hidden somewhere deep down in lowcore that caused my box to saturate at 80kpps instead of 480kpps. I tested it about one year ago but I don't think the situation changed dramatically. > Wrt. network cards, I think I'm looking at bge or sk cards unless you > want to suggest something else. > I tested em(4) and bge(4) both did fine. I was not able to test sk(4) or msk(4) (I don't own such cards). > > Btw. 500kpps traffic as seen on the net is more than 3Gbps. > > Maybe, but it depends on your traffic characteristic... If it's only > web surfing, FTP or email, then I tend to agree. Ok, I relax to > 200kpps, but it needs to do a little pf, carp, and a few BGP sessions > (full table). > You need to test it your self. That's why you have a testlab to gauge your systems. Especially the impact of pf(4) depends on the ruleset, carp and bgpd should not matter. -- :wq Claudio
