On Mon, 2005-10-31 at 11:28 -0600, Fleming, John (ZeroChaos) wrote: > FYI a PIX 520 (the 300 mhz version) can not handle 50,000 entries in the > state table. It may on paper, but just because it has enough ram. I want > to say it starts to have problems at about 35,000, but then again all my > PIX firewalls were fully loaded with nics (6 10/100 I think).
Right. I guess number of states is not only issue - packet rate is other thing - the "state" which is having packet passing by once per minute is different than one which constantly needs attention. Number of rules is another ( I had single rule in this test) And I guess 300Mhz CPU is a lot different from 2.4Ghz I have :) > > Kind of funny to boot a 520 and hear a video failure beep code. :) > > > > -----Original Message----- > From: Peter Zaitsev [mailto:[EMAIL PROTECTED] > Sent: Monday, October 31, 2005 10:48 AM > To: support@pfsense.com > Subject: Re: [pfSense Support] Dump states featue > > On Sun, 2005-10-30 at 17:25 -0500, Scott Ullrich wrote: > > If you want to push 50,000 states do you think this box is enough > > juice? With that amount of states it seems you want to use much > > better hardware. > > Well... I'm not going to have 50.000 states - I'm just stress testing > to see the limit. > > Now I see these number of states takes just few MB of memory - I never > got amount of memory used over 15% > > CPU usage in my understanding should grow with number of packets and > rules - states are secondary. It must be implemented as hash table with > semi-constant lookup time. > > And once again - my problem is not amount of packets I can pass at this > point but the way it keeps up with high load. > > > > Also This is better hardware which is included in Most of Firewalls. > For example SonicWall 2040 has 800Mhz x86 CPU, Cisco PIX - 300Mhz > Celeron. They might have some extra hardware offloading but also > have extra features such as deep packet inspections etc. > > > > > > > > On 10/30/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > > On Sun, 2005-10-30 at 15:45 -0400, Scott Ullrich wrote: > > > > If you don't mind me asking, what hardware are you running pfsense > on > > > > for these tests? > > > > > > This is Dell PowerEdge 750 - 512Mb RAM, Celeron 2.4Ghz > > > 2 Intel 1Gbit NICs > > > > > > This seems to be much better than all firewalls below 5K$ have :) > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
