Time to let go of ipfilter

Atte Peltomäki atte.peltomaki at iki.fi
Tue Feb 22 01:53:15 PST 2011


On Tue, Feb 22, 2011 at 10:16:48AM +0100, Francois Tigeot wrote:
> On Tue, Feb 22, 2011 at 10:45:35AM +0200, Atte Peltomäki wrote:
> > On Tue, Feb 22, 2011 at 02:20:59AM -0600, Chris Turner wrote:
> > > On 02/21/11 07:57, Atte Peltomäki wrote:
> > > > PF is simply too slow. It does have good functionality and it's easy to
> > > > use, but it doesn't scale beyond small/medium networks. I stress-tested
> > > > it some time ago and OpenBSD/pf could get a combined throughput of
> > > > around 1.6Gbps. FreeBSD/pf got a little better, but not so that it would
> > > > really mean much.
> > > 
> > > What was the max {memory,pci,processor} bandwitdth on the machine under 
> > > test?
> > 
> > IIRC some 72GB RAM, 2x 8-core cpus and loaded with 8 SSD disks in
> 
> This data is not really useful: the important things are
> - memory bandwidth: type and number of RAM DIMMS which can be used in parallel
> - cpu bus speed if memory is not directly attached to the cpus
> - type and speed of the bus on which the network chips are connected (PCI
> something these days)
> 
> If you do not have these details, please tell us the exact model of the cpus
> and/or the machine, this should help us dig the necessary information.

I see. It's been ages, but I found something that's more or less
relevant. It was DELL R710 I spoke of above, but R610 were quite equal in
performance, once I fixed bugs mentioned in these mails:

http://kameli.org/r610-dmesg.txt
http://kameli.org/if_em-fixes.txt

-- 
Atte Peltomäki
     atte.peltomaki at iki.fi <> http://kameli.org
"Your effort to remain what you are is what limits you"





More information about the Kernel mailing list