Firewall Speed
Josh Paetzel
josh at tcbug.org
Fri May 19 06:04:06 PDT 2006
On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote:
> On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote:
> > On 2006-05-18 11:03, bc <bc3910 at pcisys.net> wrote:
> >> I want to run 6.1_RELEASE with Packet Filter(PF) configured as
> >> a gateway using 2 identical 10/100 nics, on an old 450mhz
> >> pentium with 256 meg ram and an 8 gig HD.
> >>
> >> In general, should I expect any speed performance issues with
> >> internet access base on the processor, ram and bus speeds of
> >> the MB? Would the PF config cause any speed performance
> >> deficiencies?
> >>
> >> I had same setup as above but with IPF firewall and received
> >> complaints about surfing speed so I put them back on a Linksys
> >> router firewall.
> >
> > We'd have to see the ruleset to be able to reply in an informed
> > manner. I have seen firewalls doing both filtering & NAT on a
> > system, with almost no overhead at all though.
> >
> > This top output:
> >
> > http://keramida.serverhive.com/pixelshow-top.txt
> >
> > shows that a FreeBSD 5.X system with 256 MB of physical memory is
> > happily filtering the traffic and doing NAT for more than 100
> > users, while still being 97% idle.
>
> I would think it is more than CPU speed. The speed of the PCI bus
> and the speed and efficiency of the two network cards being used
> and their drivers may have a bit to do with latency ("surfing
> speed")...
>
> Just a guess
> Chad
>
I had a dual pentium 100 with 96 megs of RAM that did ipf/ipnat for a
10mbps connection with a couple dozen users. CPU usage was usually
around 1% and load averages .03 or so. Latency and throughput were
both acceptable.
The only reason I replaced the box was it was a single point of
failure and the hardware was old enough that I was afraid there would
be some sort of show stopper breakdown.
--
Thanks,
Josh Paetzel
More information about the freebsd-questions
mailing list