From owner-freebsd-stable@FreeBSD.ORG Tue Jun 17 15:55:31 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 152492FC for ; Tue, 17 Jun 2014 15:55:31 +0000 (UTC) Received: from mail-oa0-x236.google.com (mail-oa0-x236.google.com [IPv6:2607:f8b0:4003:c02::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D03F52E01 for ; Tue, 17 Jun 2014 15:55:30 +0000 (UTC) Received: by mail-oa0-f54.google.com with SMTP id eb12so8947742oac.27 for ; Tue, 17 Jun 2014 08:55:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=eVG6n7gD6tG5qY34Wx0W0kl0c9ThdjW4dqFHwol4x4M=; b=H/M4O8T9xpH+n06MdeAy7Sb3SjhCc9rwP7BIf7nYMMAbJpyhL9Y9bakRLEcACOqbWd KG4DbX0UhwYNHlEX641FTz+FPQhBB5/7UmzofFN4SKR6lBiBZLY0WrsdpuJJySmqamen v1V6QeaGSTHPFL+/EOXR+JjOr4uoZbWTcferj6McC+TyFO9+v3CNsSpdzzNNGXlpgoga fjKw3T1BaN5Bt9eCLrGr8nYVutc+lOIvHymcjcMpBJK0SREf2OuZTz09tBpgf+bTx2cH t/Kbj8GT6QCNOzytoWe6WVFTHTZF+zSOC7tLq5f/5i/3nnd5lcpMQlSkmQHkcaJPJi2J PVjg== MIME-Version: 1.0 X-Received: by 10.182.58.98 with SMTP id p2mr17193559obq.36.1403020530026; Tue, 17 Jun 2014 08:55:30 -0700 (PDT) Received: by 10.76.170.39 with HTTP; Tue, 17 Jun 2014 08:55:29 -0700 (PDT) In-Reply-To: References: <20140613121732.GA61092@behemoth> <20140615090845.GB42502@server.rulingia.com> Date: Tue, 17 Jun 2014 17:55:29 +0200 Message-ID: Subject: Re: Suggestions for low-power gigE firewall? From: Andreas Nilsson To: Tom Evans Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: FreeBSD stable , Chris Nehren , Peter Jeremy X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jun 2014 15:55:31 -0000 On Tue, Jun 17, 2014 at 5:03 PM, Tom Evans wrote: > On Sun, Jun 15, 2014 at 10:08 AM, Peter Jeremy wrote: > > On 2014-Jun-13 08:17:33 -0400, Chris Nehren < > cnehren+freebsd-stable@pobox.com> wrote: > >>Speaking of Soekris elsethread, I'm presently interested in > >>picking up a small device to use as a router + firewall for my > >>home network. > > > > One thing to keep in mind is that 'gigE firewall' is fairly meaningless > by > > itself. Most of the load is per-packet and GigE could be anywhere > between > > (roughly) 80kpps and 1.5mpps. > > > > That said, since you mention 'home network', I presume you don't need > complex > > packet manipulation at wire-speed. Note that whilst the re(4) driver > doesn't > > have the same comments as the rl(4) driver, you will still need > significantly > > more CPU power to get the same thruput from a RTL8111 as (eg) an em. > > This is quite interesting to me; I'm very fortunate in that my ISP > provides synchronous gigabit, which comes in to my block of flats as > fibre and then is presented to me as ethernet. > > The ISP provided a router; they also noted that the router was not > capable of utilizing the whole connection, and the most that I could > achieve out of it would be ~ 800-900Mbit. Plus, although it's a pretty > good router, I want to run my own dhcpd settings, configure tunnels > and VPNs etc. > > Ideally, I'd replace it with my home server, but there is not enough > space in the "comms room" (aka the washing machine closet) to put that > there, and not enough wiring to route the WAN connection to where the > server is now and then back to the patch panel in the comms room to > distribute throughout the flat. > Without knowing the exact cabling arrangement, have you considered buying a small switch that understands vlan? Then you could do some trickery with that to have your server elsewhere (with just one ethernet cable)? > > The next best would be to replace it with a small Soekris style box > running BSD that can fit in the comms room - but how to know what will > be sufficient, or even where the bottlenecks would be - is it pps that > is the issue, or is NAT at high throughput going to be a problem? And > how to measure my current usage? > We haven't done any testing of the different NAT solutions available so I can't give any specific numbers there. But I don't think it will help throughput, especially old school natd in userspace. A colleague of mine also has 1Gbit/s home, and he hade to tweak the settings and buy a decent intel card to get 900+Mbit/s on his old dell entry level desktop. > > If I'm "filling" my GigE, then it is probably because I am downloading > something, which means it's unlikely to be hundreds of thousands of > small packets, right? > Sure, they shouldn't be. Best regards Andreas > Talk about first world problems! > > Cheers > > Tom > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >