* ML mail mlnos...@yahoo.com [2015-02-18 23:32]:
Stupid question but if you would have to choose between two different
Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24
networks behind and around 50-60 Mbit/s average traffic would you
rather choose the CPU with higher
* ML mail mlnos...@yahoo.com [2015-02-19 09:07]:
I might also experiment if I should use bsd.mp or the standard non
SMP bsd.
you'll want amd64, not i386. MP vs SP should make little difference, I
use the MP kernels these days.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web
Thanks to all of you for this interesting discussion. My OpenBSD firewall will
only be doing PF as I totally agree that a firewall should have the least
userland application running as possible of course if your budget permits it.
So far I have around 340 rules (as the number of lines in the
On 19.02.2015 10:51, Peter Hessler wrote:
:choose the CPU with higher Frequency and less cores or for a CPU with
:lower frequency but more cores?
Higher frequency. Period.
That is why I chose an i3-4000 as they go up to 3,8Ghz. i5-4000 only go
up to 3,5Ghz. If you want to go even faster
On 2015 Feb 18 (Wed) at 22:30:31 + (+), ML mail wrote:
:Hi,
:
:Stupid question but if you would have to choose between two different
:Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24
:networks behind and around 50-60 Mbit/s average traffic would you rather
Either
2015-02-19 10:58 GMT+01:00 Alexander Salmin alexan...@salmin.biz:
Good luck, when you have time I also recommend that you read this.
https://calomel.org/network_performance.html
The consensus here seems to be to warn against any tweaks etc. by calomel.
Good luck, when you have time I also recommend that you read this.
https://calomel.org/network_performance.html
On 2015-02-19 08:05:54, ML mail wrote:
Thanks to all of you for this interesting discussion. My OpenBSD firewall
will only be doing PF as I totally agree that a firewall should have
Am 2015-02-19 10:51, schrieb Peter Hessler:
:choose the CPU with higher Frequency and less cores or for a CPU with
:lower frequency but more cores?
Higher frequency. Period.
Right now, network and PF processing is limited to CPU0. You want that
as fast as possible.
Additionally, you want
On 2015-02-19, Nick Holland n...@holland-consulting.net wrote:
On 02/18/15 17:30, ML mail wrote:
Hi,
Stupid question but if you would have to choose between two different
Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all
/24 networks behind and around 50-60 Mbit/s average
Markus Kolb wrote:
Am 2015-02-19 10:51, schrieb Peter Hessler:
:choose the CPU with higher Frequency and less cores or for a CPU with
:lower frequency but more cores?
Higher frequency. Period.
Right now, network and PF processing is limited to CPU0. You want that
as fast as
On 2015-02-19, Alexander Salmin alexan...@salmin.biz wrote:
Good luck, when you have time I also recommend that you read this.
[snip link to calomel]
Half of that page is obsolete. It keeps jumping between megabytes/sec and
megabits/sec which is confusing. Various things are recommended without
On 2015 Feb 19 (Thu) at 10:58:21 +0100 (+0100), Alexander Salmin wrote:
:Good luck, when you have time I also recommend that you read this.
:https:// calomel.org [snip dangerous url]
:
don't follow *any* recommendation from that site
--
All I want is a warm bed and a kind word and
Stuart Henderson said:
Half of that page is obsolete.
[...]
Various things are recommended without explaining that they are a
trade-off or can cause problems. There are
It includes tweaks which may improve performance of an end host (but
have trade-offs) in a page mostly talking about
2015-02-19 16:33 GMT+01:00 Dmitrij D. Czarkoff czark...@gmail.com:
It would be nice if someone with expertise could write a detailed
explanation of the issues with that article...
Thou art not supposed to twiddle with your config.
On Thu, Feb 19, 2015 at 10:33 AM, Dmitrij D. Czarkoff
czark...@gmail.com wrote:
Stuart Henderson said:
Half of that page is obsolete.
[...]
Various things are recommended without explaining that they are a
trade-off or can cause problems. There are
It includes tweaks which may improve
On 2015-02-19 06:26 AM, Stuart Henderson wrote:
Modern Atoms (avoton, rangeley) will do just fine for this amount
of normal traffic. If the ruleset is super-complicated or if there
are very high PPS counts (which is by *far* more important than
absolute bandwidth) _or_ if there is a reasonable
On 2015-02-18 07:07 PM, System Administrator wrote:
Actually, at this time and the near future, passing traffic (i.e. the
kernel network stack) happens entirely on CPU0. The network gurus *are*
working on making the network layer multiprocessor capable, but my
impression from watching the tech@
Hi,
Stupid question but if you would have to choose between two different Intel
CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks
behind and around 50-60 Mbit/s average traffic would you rather choose the CPU
with higher Frequency and less cores or for a CPU with lower
On 02/18/15 17:30, ML mail wrote:
Hi,
Stupid question but if you would have to choose between two different
Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all
/24 networks behind and around 50-60 Mbit/s average traffic would you
rather choose the CPU with higher Frequency and
I might start a flame now but the higher freq and less core model is the
better choice unless your firewall will do other things than packetfiltering
and routing.
On 2015-02-18 22:30:31, ML mail wrote:
Hi,
Stupid question but if you would have to choose between two different Intel
CPUs
To expand on Alexander's point, look at the FAQ:
http://www.openbsd.org/faq/pf/perf.html
If you aren't doing a lot of filtering, just passing traffic over multiple
interfaces, more cores might be beneficial.
-Eugene
On Wed, Feb 18, 2015 at 2:50 PM, Alexander Salmin alexan...@salmin.biz
wrote:
On 19-02-2015 01:12, Eric Furman wrote:
A firewall should be a firewall. Period.
It's your first line of defense against attack.
Each and every additional thing you run on it just
makes it that much more vulnerable to attack.
Of course it does. But since not all of us have the budget for this
On Wed, Feb 18, 2015, at 07:54 PM, Giancarlo Razzolini wrote:
On 18-02-2015 20:30, ML mail wrote:
Stupid question but if you would have to choose between two different Intel
CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks
behind and around 50-60 Mbit/s average
On 18-02-2015 20:30, ML mail wrote:
Stupid question but if you would have to choose between two different Intel
CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks
behind and around 50-60 Mbit/s average traffic would you rather choose the
CPU with higher Frequency and
On 18 Feb 2015 at 15:18, Gene wrote:
To expand on Alexander's point, look at the FAQ:
http://www.openbsd.org/faq/pf/perf.html
If you aren't doing a lot of filtering, just passing traffic over
multiple interfaces, more cores might be beneficial.
-Eugene
Actually, at this time and the
25 matches
Mail list logo