Re: Sun Ultra 5 as a firewall?
On 11/10/2005, at 7:54 AM, Matthew Weigel wrote: Why not look at quad-port GigE cards? I know for sure em(4) has available quad-port cards. I will for the future. It doesn't make it any faster as a server, either. ;-) I've got an Ultra-Wide or Ultra2 SCSI card in my Ultra 10, and it seems to make a world of difference; the IDE controller is only used for the DVD drive. Yeah I've heard that using SCSI in U5/U10's makes them run like whole new machines. An old PII 300 I had gets about double the transfer rates over the U10 with the same old 20G drive. Both running OpenBSD at the time. I think the U60/80 would be overkill, since you won't get the extra processors... and I'm not sure how much the extra cache will help. Cache isn't always a winning way to go faster; it's only useful while instructions and data that get cached get accessed multiple times. Once your cache gets large enough, adding more doesn't accomplish anything. I'll hold off on that E5500 purchase then. ; ) I had thought that 4Mb L2 would be beneficial for making release. U5's and 10's are so cheap at the moment on Ebay. I picked up the U5 for about $40 Aussie. I've seen U60's go pretty cheap too. I don't mind overkill if the price is right (except when overkill is 25 amps, 3 phase at 3.5kW, putting out more heat than your typical central heating). ; ) Shane J Pearson
Re: Sun Ultra 5 as a firewall?
Shane J Pearson wrote: > Hi Matthew, > > On 11/10/2005, at 7:03 AM, Matthew Weigel wrote: >> >> Have you considered a multi-port card...? > > I did. I was hoping to find a quad port fxp, but couldn't find one. Why not look at quad-port GigE cards? I know for sure em(4) has available quad-port cards. > seem to find it this time. I will be avoiding the 256k and 512k L2 > cache UltraSPARC's from now on. 256k L2 and the awful IDE > performance make this little U5 pretty slow as a desktop. It doesn't make it any faster as a server, either. ;-) I've got an Ultra-Wide or Ultra2 SCSI card in my Ultra 10, and it seems to make a world of difference; the IDE controller is only used for the DVD drive. > 300MHz macppc is WAY faster than my U10, out of interest. Would > people recommend a U60 or U80? Having the decent L2 caches which > they can come with? I think the U60/80 would be overkill, since you won't get the extra processors... and I'm not sure how much the extra cache will help. Cache isn't always a winning way to go faster; it's only useful while instructions and data that get cached get accessed multiple times. Once your cache gets large enough, adding more doesn't accomplish anything. -- Matthew Weigel hacker [EMAIL PROTECTED]
Re: Sun Ultra 5 as a firewall?
Hi Matthew, On 11/10/2005, at 7:03 AM, Matthew Weigel wrote: Have you considered a multi-port card...? I did. I was hoping to find a quad port fxp, but couldn't find one. I know of the quad port dc's, but I've heard a few times of problems with them. Since I already had an Ultra 10, I just ordered a 5 pack of cheap fxp's (so I have one a spare too). I know I've got an Ultra5's 400MHz processor in my Ultra10, and it works fine. A quick Google turned up http://docs.sun.com/app/docs/doc/805-7763-12/6j7a690su?a=view too. Thanks for that. I looked at a few docs at sun.com which showed conflicting info about the CPU modules the U5 could take. I thought I had seen somewhere once that the U5 could take the 440, but I couldn't seem to find it this time. I will be avoiding the 256k and 512k L2 cache UltraSPARC's from now on. 256k L2 and the awful IDE performance make this little U5 pretty slow as a desktop. I'd like something nice and quick to compile OpenBSD sparc64. My 300MHz macppc is WAY faster than my U10, out of interest. Would people recommend a U60 or U80? Having the decent L2 caches which they can come with? Are they much quicker than Blade 100/150's? Thanks, Shane J Pearson
Re: Sun Ultra 5 as a firewall?
On Tue, Oct 11, 2005 at 06:18:31AM +1000, Shane J Pearson wrote: > I need for my current desired config. The U10 apparently can also go > to 440MHz with 2Mbyte L2. I wonder if the U5 could take this anyway? > Moved such a cpu from an ultra 10 machine to an ultra 5 without any issues at all for at least a year now. Works great. -- People usually get what's coming to them ... unless it's been mailed. [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Sun Ultra 5 as a firewall?
Shane J Pearson wrote: > I'm using a U10 for the extra PCI slot allowing me to have the 5 NICS > I need for my current desired config. Have you considered a multi-port card...? > The U10 apparently can also go > to 440MHz with 2Mbyte L2. I wonder if the U5 could take this anyway? > I currently am only using 1 memory bank in my U10 and U5. I'd be > curious to see if these numbers change using both banks interleaved. I know I've got an Ultra5's 400MHz processor in my Ultra10, and it works fine. A quick Google turned up http://docs.sun.com/app/docs/doc/805-7763-12/6j7a690su?a=view too. -- Matthew Weigel hacker [EMAIL PROTECTED]
Re: Sun Ultra 5 as a firewall?
Hey Joe (where are you goin' with that OpenBSD CD in your hand?), ; ) On 10/10/2005, at 11:02 AM, Joe S wrote: > > After doing my own tests, I found that the Ultra 5 was too slow to > perform near wire-speed throughput. > > TEST 1 - Sun Ultra 5 360MHz > dc0 and dc1 are Phobos 430TX quad nic, PCI card > [ 4] 0.0-10.0 sec 42.1 MBytes 35.3 Mbits/sec > > > TEST 2 - Supermicro, Intel P4 3GHz > em0 and em1 Intel PRO/1000CT (82547EI), onboard nics > [ 4] 0.0-10.0 sec 96.1 MBytes 80.7 Mbits/sec Your Ultra 5 iperf results were so far off my 333MHz Ultra 10 firewall, that I decided to do some testing with my 360MHz Ultra 5. I previously thought the 360MHz had 512kbyte of L2 cache, but it's actually 256kbyte in my U5 and it seems there is a 256k 360MHz (for the U5) and also a 2Mbyte 360MHz (for the U10). I thought that maybe that much more L2 would be much better for pf than a few extra MHz. The end point machines running iperf are FreeBSD 5.4 RELEASE. One is a 2.13GHz Pentium M Sony notebook with a GigE Realtek and the other is an AMD XP 2800+ desktop with an fxp. Nothing else changed except for the CPU module. Here are the results: Direct crossover connection: 94.1 Mbits/sec. 360MHz in the Ultra 5: pf OFF: 67.2 Mbits/sec pf ON: 47.3 Mbits/sec. 333MHz in the Ultra 5: pf OFF: 77.0 Mbits/sec pf ON: 74.0 Mbits/sec. Seems like that little 256k L2 in the 360 hurts pf performance badly. According to http://sunsolve.sun.com/handbook_pub/Systems/U5/spec.html you can put a 333MHz or 400MHz CPU with 2Mbyte L2 in the Ultra 5. I've seen these on Ebay. I'm using a U10 for the extra PCI slot allowing me to have the 5 NICS I need for my current desired config. The U10 apparently can also go to 440MHz with 2Mbyte L2. I wonder if the U5 could take this anyway? I currently am only using 1 memory bank in my U10 and U5. I'd be curious to see if these numbers change using both banks interleaved. Shane J Pearson
Re: Sun Ultra 5 as a firewall?
On Oct 10, 2005, at 2:16 AM, Joe S wrote: Jason Dixon wrote: Unless you've got a DS-3 or better, why does it matter? 1 interface is for the ADSL connection. I'm not worried about that. 2 interfaces are local networks. It's the throughput between those 2 that I noticed a bit of a bottleneck. It's not *that* bad. It's more suprising than anything else. Good point. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Sun Ultra 5 as a firewall?
On Friday 07 October 2005 21:28, Joe S wrote: > Is anyone on the list running an Ultra 5 as firewall? I would like to > move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. Yes. My Sun Ultra 5 isn't just a firewall, but an NFS server with a relatively large disk for my home network. Runs great. (It actually powers my Alcatel Speedtouch USB ADSL modem with the userland drivers).
Re: Sun Ultra 5 as a firewall?
On 10/7/05, Marco Peereboom <[EMAIL PROTECTED]> wrote: > I ran an Ultra-5 for 2 years straight as my home firewall. It got replaced > with an hppa just because I could :-) My mailserver is still an ultra-5 that > has run for 3 years. The only time it has been down is when my ups gave out. > Sparc + OpenBSD = bliss > until a botched netboot install turns your Netra 105 into a paperweight. not that openbsd was at fault; it just sucked and I'm still quite bitter about the whole ordeal. aaron.glenn
Re: Sun Ultra 5 as a firewall?
Jason Dixon wrote: Unless you've got a DS-3 or better, why does it matter? 1 interface is for the ADSL connection. I'm not worried about that. 2 interfaces are local networks. It's the throughput between those 2 that I noticed a bit of a bottleneck. It's not *that* bad. It's more suprising than anything else.
Re: Sun Ultra 5 as a firewall?
On Oct 9, 2005, at 9:02 PM, Joe S wrote: Joe S wrote: questions on the list. Why not just setup a test network and run iperf against it? After doing my own tests, I found that the Ultra 5 was too slow to perform near wire-speed throughput. TEST 1 - Sun Ultra 5 360MHz dc0 and dc1 are Phobos 430TX quad nic, PCI card [ 4] 0.0-10.0 sec 42.1 MBytes 35.3 Mbits/sec TEST 2 - Supermicro, Intel P4 3GHz em0 and em1 Intel PRO/1000CT (82547EI), onboard nics [ 4] 0.0-10.0 sec 96.1 MBytes 80.7 Mbits/sec Unless you've got a DS-3 or better, why does it matter? -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Sun Ultra 5 as a firewall?
Joe S wrote: questions on the list. Why not just setup a test network and run iperf against it? After doing my own tests, I found that the Ultra 5 was too slow to perform near wire-speed throughput. TEST 1 - Sun Ultra 5 360MHz dc0 and dc1 are Phobos 430TX quad nic, PCI card [ 4] 0.0-10.0 sec 42.1 MBytes 35.3 Mbits/sec TEST 2 - Supermicro, Intel P4 3GHz em0 and em1 Intel PRO/1000CT (82547EI), onboard nics [ 4] 0.0-10.0 sec 96.1 MBytes 80.7 Mbits/sec
Re: Sun Ultra 5 as a firewall?
Hi Joe, On 08/10/2005, at 6:28 AM, Joe S wrote: Is anyone on the list running an Ultra 5 as firewall? I would like to move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. My main concern is wondering if the Ultra 5 is slow enough to become a bottleneck from one interface to another interface. However, I know some of you run Soekris boxen and 486's for firewalls, so I may be just fine. My firewall is a Sun Ultra 10, which uses the same mainboard as the Ultra 5. Mine is the 333MHz 2Mb L2 cache model with 128Mb RAM. I have 4 fxp's in addition to the built in hme. Between fxp's, with FreeBSD 5.4-RELEASE i386 at both end points of an iperf test, I get about 66Mbit/s with pf ON and about 76Mbit/s with pf OFF. My ruleset is pretty bare at the moment and I just did an iperf -s at one end and an iperf -c $IP at the other. At one end the NIC is a GigE Realtek. So this was using: fxp<--->fxp|fxp<--->realtek GigE I don't know if having an fxp in place of that Realtek would have been better. I've heard the GigE Realteks are actually not too bad as compared with what you could expect from their older rl abominations. I also have an Ultra 5 with I think a 360MHz 512k L2 cache CPU lying around doing nothing at the moment. I might test it too as I'd like to know whether the MHz or cache size matters more here. Shane J Pearson
Re: Sun Ultra 5 as a firewall?
On 07 Oct 2005 18:07:30 -0700, Byron Morton wrote: >Well, I have successfully run my Ultra5 (270ghz) as a natting firewall >with caching dns, apache, ices, mysql, php(6 dynamic sites) sendmail >w/auth smtp (also for the 6 domains) and never saw problems or >bottlenecks. I ran it with the hme($ext_if on dsl), and a couple of xl's >and was totally happy with it. > Gee, I'd reckon a 270ghz unit could do that and calculate a few more large primes every second. _I'd_ never make a tyop like that! ;-) >From the land "down under": Australia. Do we look from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: Sun Ultra 5 as a firewall?
Joe S <[EMAIL PROTECTED]> writes: > Is anyone on the list running an Ultra 5 as firewall? I would like to move my > firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. > > My main concern is wondering if the Ultra 5 is slow enough to become a > bottleneck from one interface to another interface. However, I know some of > you > run Soekris boxen and 486's for firewalls, so I may be just fine. > > Any thoughts? Well, I have successfully run my Ultra5 (270ghz) as a natting firewall with caching dns, apache, ices, mysql, php(6 dynamic sites) sendmail w/auth smtp (also for the 6 domains) and never saw problems or bottlenecks. I ran it with the hme($ext_if on dsl), and a couple of xl's and was totally happy with it. It moved only a couple months ago to get replaced with 3.7-current on an x86 to do some java/mod_jk bits, but after that's done, 3.8-current will probably go on it and it will resume its place in the corner. Building /usr/src is normally something started before a 9pm movie on this box with the new binaries done for a morning reboot... HTH -- byr0n
Re: Sun Ultra 5 as a firewall? <- clarification
On Fri, 7 Oct 2005 19:15:29 -0400 Bill <[EMAIL PROTECTED]> spake: > On Fri, 07 Oct 2005 13:28:28 -0700 > Joe S <[EMAIL PROTECTED]> spake: > > > Is anyone on the list running an Ultra 5 as firewall? I would like to > > move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. > > > > My main concern is wondering if the Ultra 5 is slow enough to become a > > bottleneck from one interface to another interface. However, I know some > > of you run Soekris boxen and 486's for firewalls, so I may be just fine. > > > > Any thoughts? > > I dunno know about a Sun 360Mhz, but I just set up a AMD 350Mhz with > two 100MB cards and can filter at about 70Mb/sec (9,000 pkt / sec) > across it (100Mb networks). This is with two FA311 cards. If your > firewalling an internet connection it should be more than fine. > Turning on PF caused a bit of a drop (to the above stats) but after > that not much seemed to phase it. I did some tests turning on and off > quick / scrub / etc / etc if anyone is interested. > > * tests done using iperf, netstat and two cross over cables. hitech > stuff here :) > The stats using PF are those listed above... they were slightly higher before turning on PF.
Re: Sun Ultra 5 as a firewall?
On Fri, 07 Oct 2005 13:28:28 -0700 Joe S <[EMAIL PROTECTED]> spake: > Is anyone on the list running an Ultra 5 as firewall? I would like to > move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. > > My main concern is wondering if the Ultra 5 is slow enough to become a > bottleneck from one interface to another interface. However, I know some > of you run Soekris boxen and 486's for firewalls, so I may be just fine. > > Any thoughts? I dunno know about a Sun 360Mhz, but I just set up a AMD 350Mhz with two 100MB cards and can filter at about 70Mb/sec (9,000 pkt / sec) across it (100Mb networks). This is with two FA311 cards. If your firewalling an internet connection it should be more than fine. Turning on PF caused a bit of a drop (to the above stats) but after that not much seemed to phase it. I did some tests turning on and off quick / scrub / etc / etc if anyone is interested. * tests done using iperf, netstat and two cross over cables. hitech stuff here :) -- Bill Chmura Director of Internet Technology Explosivo ITG Wolcott, CT p: 860.621.8693 e: [EMAIL PROTECTED] w. http://www.explosivo.com
Re: Sun Ultra 5 as a firewall?
I ran an Ultra-5 for 2 years straight as my home firewall. It got replaced with an hppa just because I could :-) My mailserver is still an ultra-5 that has run for 3 years. The only time it has been down is when my ups gave out. Sparc + OpenBSD = bliss On Fri, Oct 07, 2005 at 02:58:45PM -0700, Joe S wrote: > >There's no way for anyone to know without describing your throughput. > > My apologies. I forgot to include that information. This is stricly a > home network. I am not concerned about the throughtput between my > network and the internet, but rather between local networks. I'll post > my iperf results later. > > >P.S. Not to rant, but I've never understood why people ask these > >questions on the list. Why not just setup a test network and run iperf > >against it? > I'm doing that now. I wanted to find out what others' experiences were > and if this was a bad idea to start with.
Re: Sun Ultra 5 as a firewall?
There's no way for anyone to know without describing your throughput. My apologies. I forgot to include that information. This is stricly a home network. I am not concerned about the throughtput between my network and the internet, but rather between local networks. I'll post my iperf results later. P.S. Not to rant, but I've never understood why people ask these questions on the list. Why not just setup a test network and run iperf against it? I'm doing that now. I wanted to find out what others' experiences were and if this was a bad idea to start with.
Re: Sun Ultra 5 as a firewall?
On Oct 7, 2005, at 4:28 PM, Joe S wrote: Is anyone on the list running an Ultra 5 as firewall? I would like to move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. My main concern is wondering if the Ultra 5 is slow enough to become a bottleneck from one interface to another interface. However, I know some of you run Soekris boxen and 486's for firewalls, so I may be just fine. There's no way for anyone to know without describing your throughput. That said, I've run OpenBSD/PF firewalls on old Sparc IPX (SS2) boxes. An Ultra 5 should certainly handle quite a bit, considering a Soekris can handle a T1. P.S. Not to rant, but I've never understood why people ask these questions on the list. Why not just setup a test network and run iperf against it? -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Sun Ultra 5 as a firewall?
> Is anyone on the list running an Ultra 5 as firewall? I would like to > move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. > > My main concern is wondering if the Ultra 5 is slow enough to become a > bottleneck from one interface to another interface. However, I know some > of you run Soekris boxen and 486's for firewalls, so I may be just fine. > > Any thoughts? Sure. What size network? Home? Small company? All of Microsoft corporate? ;-) A ltle more info here would go a long way. -- http://www.ebiinc.com : Background Screening / Drug Testing from EBI corporate background screening, worldwide.
Re: Sun Ultra 5 as a firewall?
Joe S wrote: > Is anyone on the list running an Ultra 5 as firewall? I would like to > move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. > > My main concern is wondering if the Ultra 5 is slow enough to become a > bottleneck from one interface to another interface. However, I know some > of you run Soekris boxen and 486's for firewalls, so I may be just fine. > > Any thoughts? I don't have any problems running my (home) firewall on an old SparcStation 20. It's a damn shame that I can't take advantage of the dual 100 mhz processors with OpenBSD... then maybe it would be powerful enough to serve websites, svn, postgresql and email too... or not. But if there's no (noticeable) bottleneck between the Happy meals on my box, I can't imagine any problems for you on the Ultra5. Unless the U5 is the one that uses RFC 1149 ethernet adapters... Good luck.
Re: Sun Ultra 5 as a firewall?
From: Joe S [mailto:[EMAIL PROTECTED] > Is anyone on the list running an Ultra 5 as firewall? I would like to > move my firewall from an overpowered P4-3GHz box to a Sun > Ultra 5 360MHz. > > My main concern is wondering if the Ultra 5 is slow enough to > become a > bottleneck from one interface to another interface. However, > I know some > of you run Soekris boxen and 486's for firewalls, so I may be > just fine. Your traffic requirements determine that. DS
Re: Sun Ultra 5 as a firewall?
> Is anyone on the list running an Ultra 5 as firewall? I would like to > move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. > > My main concern is wondering if the Ultra 5 is slow enough to become a > bottleneck from one interface to another interface. However, I know some > of you run Soekris boxen and 486's for firewalls, so I may be just fine. I ran my home firewall off an Ultra5/333mhz... it was plenty fast for passing packets (used an fxp pci card for the second interface). Felt kinda sluggish for compiling, and disk I/O was pretty bleh. Not sure how it'd scale in terms of packets per second. cheers, Matt
Re: Sun Ultra 5 as a firewall?
On Fri, 7 Oct 2005, Joe S wrote: Is anyone on the list running an Ultra 5 as firewall? I would like to move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. My main concern is wondering if the Ultra 5 is slow enough to become a bottleneck from one interface to another interface. However, I know some of you run Soekris boxen and 486's for firewalls, so I may be just fine. Any thoughts? You'll be fine. Crazy people run Checkpoint-1 on Solaris on these machines and filter at wire-speed. ~BAS l8* -lava x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
Sun Ultra 5 as a firewall?
Is anyone on the list running an Ultra 5 as firewall? I would like to move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. My main concern is wondering if the Ultra 5 is slow enough to become a bottleneck from one interface to another interface. However, I know some of you run Soekris boxen and 486's for firewalls, so I may be just fine. Any thoughts?
