From owner-freebsd-questions@FreeBSD.ORG Thu Apr 8 12:38:13 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B63716A4CF for ; Thu, 8 Apr 2004 12:38:13 -0700 (PDT) Received: from digitalis.areallycool.com (208.184.37.60.auragan.com [208.184.37.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C8F443D4C for ; Thu, 8 Apr 2004 12:38:12 -0700 (PDT) (envelope-from b@bjwcs.com) Received: from SAMBA ([192.168.190.24]) by digitalis.areallycool.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 8 Apr 2004 15:38:11 -0400 From: "Brent Wiese" To: Date: Thu, 8 Apr 2004 12:38:01 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcQdoMb4cXY20FefSCSw8EceYz3JFg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: X-OriginalArrivalTime: 08 Apr 2004 19:38:11.0858 (UTC) FILETIME=[070EFF20:01C41DA1] Subject: Dual p3 or single xeon for ipsec X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: b@bjwcs.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2004 19:38:13 -0000 Which do you think would be more effective as an IPSEC tunnel gateway? A dual p3 1.26ghz server or a single 2.6 ghz (800mhz fsb) Xeon? Things that would be common to both: FreeBSD 4.9 (maybe possibly 5.3 release when its officially out), SMP kernel on dual Intel 64bit dual gig-e 1000bTX nic RAM (up to 2GB if it'll make a difference) IDE drives (we're just pushin bits so I wouldn't think drives would be too important) What I'm most interested in is pushing the most bits possible between points A and B, which will be separated by the public internet. Encryption doesn't need to be insanely high. The files being pushed aren't "sensitive" and user/pass info won't be exchanged via plaintext. I noticed the Intel gig-e server nics have encryption offloading (sticker on the last box I got). Anyone know how effective? I can't seem to find info about it on their site. One more question related to this, and I apologize if this is dumb or poorly worded... Can I use jumbo frames on the "public" side of the gateways? My understanding is that everything between would need to be able to deal with jumbo frames and I don't know the answer to that. Again, this may be a weird question, but can the gateway "store up" a few frames from its internal side and send it as 1 jumbo frame out the public side? Does that question even make sense? And, last question, anyone played with the pci-x stuff? If that's all its cracked up to be, it somewhat makes this email moot.