On Sun, 2005-10-30 at 17:25 -0500, Scott Ullrich wrote: > If you want to push 50,000 states do you think this box is enough > juice? With that amount of states it seems you want to use much > better hardware.
Well... I'm not going to have 50.000 states - I'm just stress testing to see the limit. Now I see these number of states takes just few MB of memory - I never got amount of memory used over 15% CPU usage in my understanding should grow with number of packets and rules - states are secondary. It must be implemented as hash table with semi-constant lookup time. And once again - my problem is not amount of packets I can pass at this point but the way it keeps up with high load. Also This is better hardware which is included in Most of Firewalls. For example SonicWall 2040 has 800Mhz x86 CPU, Cisco PIX - 300Mhz Celeron. They might have some extra hardware offloading but also have extra features such as deep packet inspections etc. > > On 10/30/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > On Sun, 2005-10-30 at 15:45 -0400, Scott Ullrich wrote: > > > If you don't mind me asking, what hardware are you running pfsense on > > > for these tests? > > > > This is Dell PowerEdge 750 - 512Mb RAM, Celeron 2.4Ghz > > 2 Intel 1Gbit NICs > > > > This seems to be much better than all firewalls below 5K$ have :) > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
