thanks for the reply guys, I currently run CARP and pfsync on both boxes (upgrade can be done with less downtime) though i haven't tried to stress test my setup, i guess this upgrade is do-able. instead of coding (im not a coder).
regards, -beavis On 10/22/07, Paul de Weerd <[EMAIL PROTECTED]> wrote: > On Mon, Oct 22, 2007 at 10:20:41AM -0600, Beavis wrote: > | hi folks, > | > | I saw this performance issue with pf on a AMD64firewall: below is the > link > | > | > http://www.nabble.com/firewall-is-very-slow%2C-something%27s-wrong-t4572653i20.html > | > | it states that pf on 4.2 performs much better than in 4.1. having said > | this, is it possible to be able to just update pf's feature instead of > | going through the entire OS upgrade? since im really going after the > | features of pf, and happy with how 4.1 is. > > Some of the improvements are outside of pf (some drivers have had > drastic improvements), so only updating pf may not even get you all > the new performance improvements that were made between 4.1 and 4.2. > However, since pf is part of the kernel, the short answer to your > question is no. You must upgrade the kernel to be able to use the new > pf. The new kernel requires new userland, so that too must be > upgraded. > > If you really want, and are a highly qualified coder, you could > try to backport the improvements to 4.1. You'll find that upgrading is > way (and i do mean *WAY*) easier than doing this work. If you are such > a skilled programmer, your time is probably better spent doing other > useful stuff (maybe improve pf even more). The upgrade will take you a > coupe of minutes to an hour, depending on your exact situation. The > backport will take you probably about six months and a team of > dedicated OpenBSD developers. You will at the end be left with > something that is not OpenBSD 4.1 anymore. How (and when) are you > going to upgrade that ? > > Unless you consider this backport-thing a fun excercise, I would > recommend against doing it. > > Cheers, > > Paul 'WEiRD' de Weerd > > -- > >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ > +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] > http://www.weirdnet.nl/