Time to let go of ipfilter
Francois Tigeot
ftigeot at wolfpond.org
Tue Feb 22 01:19:39 PST 2011
On Tue, Feb 22, 2011 at 10:45:35AM +0200, Atte Peltomäki wrote:
> On Tue, Feb 22, 2011 at 02:20:59AM -0600, Chris Turner wrote:
> > On 02/21/11 07:57, Atte Peltomäki wrote:
> > > PF is simply too slow. It does have good functionality and it's easy to
> > > use, but it doesn't scale beyond small/medium networks. I stress-tested
> > > it some time ago and OpenBSD/pf could get a combined throughput of
> > > around 1.6Gbps. FreeBSD/pf got a little better, but not so that it would
> > > really mean much.
> >
> > What was the max {memory,pci,processor} bandwitdth on the machine under
> > test?
>
> IIRC some 72GB RAM, 2x 8-core cpus and loaded with 8 SSD disks in
This data is not really useful: the important things are
- memory bandwidth: type and number of RAM DIMMS which can be used in parallel
- cpu bus speed if memory is not directly attached to the cpus
- type and speed of the bus on which the network chips are connected (PCI
something these days)
If you do not have these details, please tell us the exact model of the cpus
and/or the machine, this should help us dig the necessary information.
For good network performance, you do not need so much raw cpu power but
tons of bandwidth.
PCI-Express vs plain old PCI(-X) can make a real difference.
--
Francois Tigeot
More information about the Kernel
mailing list