From owner-freebsd-pf@FreeBSD.ORG  Wed Jan 12 21:01:35 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D666016A4CF
	for <freebsd-pf@freebsd.org>; Wed, 12 Jan 2005 21:01:35 +0000 (GMT)
Received: from main.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EC42443D41
	for <freebsd-pf@freebsd.org>; Wed, 12 Jan 2005 21:01:34 +0000 (GMT)
	(envelope-from gofdp-freebsd-pf@m.gmane.org)
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 1CopcT-0002Pn-00
	for <freebsd-pf@freebsd.org>; Wed, 12 Jan 2005 22:01:33 +0100
Received: from ppp-62-245-162-183.mnet-online.de ([62.245.162.183])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <freebsd-pf@freebsd.org>; Wed, 12 Jan 2005 22:01:33 +0100
Received: from berni by ppp-62-245-162-183.mnet-online.de with local (Gmexim
	0.1 (Debian))        id 1AlnuQ-0007hv-00
	for <freebsd-pf@freebsd.org>; Wed, 12 Jan 2005 22:01:33 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-pf@freebsd.org
From: Bernhard Schmidt <berni@birkenwald.de>
Date: Wed, 12 Jan 2005 21:01:14 +0000 (UTC)
Lines: 24
Message-ID: <slrncub40q.f4s.berni@bschmidt.msgid.cybernet-ag.net>
References: <slrnctu80f.aet.berni@bschmidt.msgid.cybernet-ag.net>
	<200501101507.10501.max@love2party.net>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: ppp-62-245-162-183.mnet-online.de
User-Agent: slrn/0.9.8.1 (Linux)
Sender: news <news@sea.gmane.org>
Subject: Re: Scalability of ALTQ
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2005 21:01:36 -0000

Hi Max,

> Generally speaking, 30-40Mbps are no problem.  The limiting factor for pf 
> (as for any packet filter/firewall/etc.) is packets per second (pps).
> In the end there is no alternative to just try it.  In the worst case
> scenario (with 64 byte per packet) this means about 625 kpps, which
> will certainly overload most systems.  An *average* packet size of
> 400-800 byte/packet, however, resulting in 50-100 kpps, should already
> be doable without problems.

I just had a short look, on the busiest encapsulator we're doing 10 kpps
at 40Mbps currently, I don't think it should rise up much more. 

> From a very first glance, I think HSFC is what best suits your application.
> Here again, you must make sure not to overload your parent with the
> client bandwidth.

Hrm, I guess I'll just convert a current Packeteer policy to an pf one
and have a look whether it loads smoothly. I heard today that we already
have a Dell PE750 on stock, I think I'll give it a shot. In the end,
a mirrored switchport to the BSD box should be sufficient to test.

Thanks for your answers
Bernhard