[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf/altq on a fast link

[email protected] (Kent R. Spillner) wrote in message news:<[email protected]>...
> Dennis wrote:
> > "FREE" isnt really cheaper when you spend $1000's worth of your time
> > to make it work, and then end up with an inferior solution when you're
> > done.
> -1, Troll
> This is a pf list.  pf does not require investing $1000s worth of your
> time to "make it work."  pf is not an inferior solution.
> Go peddle your "p2p sniffer" and your lies elsewhere.
openbsd-pf is a good firewall. But as a bandwidth management tool it's
quite inferior. Priority queuing is an archaic, inferior technology,
if you can call it a technology.
The subject here is "pf/altq" on a fast link. How does it perform on a
gigabit wire with stats gathering and limits configured for 5000
hosts? How does granular, duration controlled bursting work? does it
automatically pace traffic to reduce queue depths when a point of
congestion is reached?
There's nothing wrong with an open-source firewall. But an ISP need a
separate bandwidth management box. Anyone that thinks they can do it
with the free stuff is settling for a trivial solution that will cost
them in the long run. The ethical thing to do, when someone asks about
using pf/altq for a high-volume business, is to tell them the truth.
They need something a bit better.