On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > On Sun, 2005-10-30 at 17:25 -0500, Scott Ullrich wrote: > > If you want to push 50,000 states do you think this box is enough > > juice? With that amount of states it seems you want to use much > > better hardware. > > Well... I'm not going to have 50.000 states - I'm just stress testing > to see the limit. > > Now I see these number of states takes just few MB of memory - I never > got amount of memory used over 15% > > CPU usage in my understanding should grow with number of packets and > rules - states are secondary. It must be implemented as hash table with > semi-constant lookup time. > > And once again - my problem is not amount of packets I can pass at this > point but the way it keeps up with high load.
We use a stock FreeBSD w/ PF. If you want to go into these type of details I would suggest sending messages to the freebsd-pf list where the PF authors actively monitor it. Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
