[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Speed issues with bridge firewall



Damn straight.
That's 94% of wire speed!
I believe the fastest appliance out there currently is the Cisco PIX535,
coming in at a max of 1.7gb/s, but the other firewall appliances around
are waaaaay behind that and are well sub-1gb/s.
Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:[email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf
Of Henning Brauer
Sent: Monday, September 01, 2003 8:47 PM
To: [email protected]
Subject: Re: Speed issues with bridge firewall
On Mon, Sep 01, 2003 at 12:20:04PM -0500, Mathew Binkley wrote:
> The firewall box is a SuperMicro 1U box with ServerWorks GC-LE 
> chipset,
> dual 1.8 GHz Xeons, 1 GB RAM, 40 gig hard drive, and two gigabit NIC's
> (one Intel, the other NatSemi 83820).  OpenBSD doesn't support SMP, so
> only one of the processors is being used.
dmesg would help.
my bet is on the nge(4), tho. at GigE - esp. when you run jumbo frame 
- it is not very efficient. I'd be interested in figures with a second 
em(4).
> Results:
> 
>     No firewall:    939 Mbits/sec thoroughput
>     Firewall:       785 Mbits/sec thoroughput
that's already pretty impressive...
check systat vmstat while doing the tests. I bet the interrupt #s kill 
you. check especially which device causes how many.
-- 
Henning Brauer, BS Web Services, http://bsws.de
[email protected] - [email protected]
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)