Re: Time to let go of ipfilter
On Tue, Feb 22, 2011 at 02:20:59AM -0600, Chris Turner wrote:
> On 02/21/11 07:57, Atte Peltom鄢i wrote:
> > PF is simply too slow. It does have good functionality and it's easy to
> > use, but it doesn't scale beyond small/medium networks. I stress-tested
> > it some time ago and OpenBSD/pf could get a combined throughput of
> > around 1.6Gbps. FreeBSD/pf got a little better, but not so that it would
> > really mean much.
>
> What was the max {memory,pci,processor} bandwitdth on the machine under
> test?
IIRC some 72GB RAM, 2x 8-core cpus and loaded with 8 SSD disks in
RAID10. A box with much less power was ultimately used for that project,
since pf only effectively utilizes one cpu core.
> Have you stress tested NPF?
No; I only first heard of it yesterday. I don't actually even have a box
right now that would be useful for testing NPF's MP capabilities, but
I'm sure I can find one again if and when I need to.
--
Atte Peltom鄢i
atte.peltomaki@iki.fi <> http://kameli.org
"Your effort to remain what you are is what limits you"
討論串 (同標題文章)
完整討論串 (本文為第 17 之 23 篇):