DragonFly kernel List (threaded) for 2011-02
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: Time to let go of ipfilter

From:	Atte Peltomäki <atte.peltomaki@xxxxxx>
Date:	Tue, 22 Feb 2011 10:45:35 +0200

On Tue, Feb 22, 2011 at 02:20:59AM -0600, Chris Turner wrote:
> On 02/21/11 07:57, Atte Peltomäki wrote:
> > PF is simply too slow. It does have good functionality and it's easy to
> > use, but it doesn't scale beyond small/medium networks. I stress-tested
> > it some time ago and OpenBSD/pf could get a combined throughput of
> > around 1.6Gbps. FreeBSD/pf got a little better, but not so that it would
> > really mean much.
> 
> What was the max {memory,pci,processor} bandwitdth on the machine under 
> test?

IIRC some 72GB RAM, 2x 8-core cpus and loaded with 8 SSD disks in
RAID10. A box with much less power was ultimately used for that project,
since pf only effectively utilizes one cpu core.

> Have you stress tested NPF?

No; I only first heard of it yesterday. I don't actually even have a box
right now that would be useful for testing NPF's MP capabilities, but
I'm sure I can find one again if and when I need to. 

-- 
Atte Peltomäki
     atte.peltomaki@iki.fi <> http://kameli.org
"Your effort to remain what you are is what limits you"

Follow-Ups:
- Re: Time to let go of ipfilter
  - From: Francois Tigeot <ftigeot@wolfpond.org>

References:
- Re: Time to let go of ipfilter
  - From: Atte Peltomäki <atte.peltomaki@iki.fi>
- [no subject]
  - From: Unknown

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]