Date: Wed, 26 Mar 2008 17:02:03 +0100 From: =?ISO-8859-2?Q?Nejc_=A9koberne?= <nejc@skoberne.net> To: freebsd-pf@freebsd.org Subject: pf and SMP and busy wires Message-ID: <47EA737B.8060009@skoberne.net>
next in thread | raw e-mail | index | archive | help
Hello,
I like pf very much and I was planning to use it as a "central" firewall at one
of the customers like this:
subnet_3
|
|
subnet_1 ---------- PF_firewall --------------- subnet_2
|
|
internet_gw
However, since these are subnets with many computers, these would be gigabit
connections. But, I am afraid that this machine would not be able to process
data with gigabit speeds. So my questions are:
1. Are there any real-life performance evaluations with PF as firewall(s)
(doing also NAT if possible)?
2. How efficiently does PF use SMP (FreeBSD 7.0)?
3. How much would I profit if I had a server with two Dual-Core Intel processors?
This means 4 cores, right? I guess this should be able to process data with
gigabit speed in the situation above?
4. How would PF scale if there were 5 or more such subnets instead of 3 (with
gigabit speeds)?
5. Are there any PF vs Cisco|Juniper|3Com layer3 switches comparisons?
6. What role does the network cards play when looking at performance? Are there
network cards which do more work by themselves to let CPU to do other things?
Thanks.
Nejc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47EA737B.8060009>