Date: Wed, 9 Oct 2002 07:41:35 -0500 (CDT) From: Andy Walden <andy@tigerteam.net> To: Christopher Smith <csmith@its.uq.edu.au> Cc: questions@freebsd.org Subject: Re: High interrupt load on firewalls Message-ID: <Pine.LNX.4.44.0210090737270.31059-100000@vision.tigerteam.net> In-Reply-To: <B9C9E292.30E56%csmith@its.uq.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Oct 2002, Christopher Smith wrote: > We have two firewalls sitting on gigabit links. Each has 2 Netgear GA620 > (ti driver) fibre cards with about 7 vlans spread across them. Both these > machines run at *very* high interrupt loads (95 - 100% during business hours > (mostly 100%), 80 - 90 % during off hours). They are 1GHz P3 machines (Dell > 1550s) with 256MB of RAM. They're actually dual machines, but enabling the > second CPU doesn't help in terms of load, it just halves the numbers top > reports. > What hardware are other people using to firewall high-volume gigabit > links ? Sometime you need to get the right tool for the job. When the CPU is processing every packet, the CPU will always be a bottleneck. To solve this problem people starting putting the logic in hardware and creating ASICs, which are only limited by the speed of the wire. I believe Netscreen puts their firewall functionalty in ASICs and supports Gig interfaces. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0210090737270.31059-100000>