Re: Time to let go of ipfilter

[Francois Tigeot <ftigeot@xxxxxxxxxxxx>]

On Tue, Feb 22, 2011 at 10:45:35AM +0200, Atte Peltomäki wrote:
> On Tue, Feb 22, 2011 at 02:20:59AM -0600, Chris Turner wrote:
> > On 02/21/11 07:57, Atte Peltomäki wrote:
> > > PF is simply too slow. It does have good functionality and it's easy to
> > > use, but it doesn't scale beyond small/medium networks. I stress-tested
> > > it some time ago and OpenBSD/pf could get a combined throughput of
> > > around 1.6Gbps. FreeBSD/pf got a little better, but not so that it would
> > > really mean much.
> > 
> > What was the max {memory,pci,processor} bandwitdth on the machine under 
> > test?
> 
> IIRC some 72GB RAM, 2x 8-core cpus and loaded with 8 SSD disks in

This data is not really useful: the important things are
- memory bandwidth: type and number of RAM DIMMS which can be used in parallel
- cpu bus speed if memory is not directly attached to the cpus
- type and speed of the bus on which the network chips are connected (PCI
something these days)

If you do not have these details, please tell us the exact model of the cpus
and/or the machine, this should help us dig the necessary information.

For good network performance, you do not need so much raw cpu power but
tons of bandwidth.
PCI-Express vs plain old PCI(-X) can make a real difference.

-- 
Francois Tigeot