* Florin Andrei <[EMAIL PROTECTED]> [2007-10-09 19:34]: >> then, an i386 kernel should perform considerably better than amd64 for >> firewalling/routing/... > > That is surprising. What is the reason?
we dunno really. it hasn't been benched in sometimesoit might not even be true nay more, but last time the difference was dramatic. > How much RAM can the i386 kernel use on an amd64 machine? 4GB minus pci space >> next, you don't want SMP for such tasks. take out the second CPU and give >> it to somebody who can use it, and run the uniprocessor kernel. > So, assuming the box is a pure firewall / static router (so just pf and > static routes), even with multiple interfaces, all those tasks run in a > single kernel thread? yup > Now here's the second thing: if this firewall needs to be integrated in an > environment with dynamic routing, it will need to run some kind of dynamic > routing daemon(s). For that, I'd like to have at least two cores on the > system, and a kernel that can take advantage of them. the required locking will cost you more than the second cpu/core will ever gain you. > If the SMP kernel does not actually hurt performance, I might have to use > it. it does. seriously. locking is not free. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
