[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Just how fast is pf?
Bonus! Well, that is good news and brings a smile to my face. As i have
said before on this list, just love working with pf!
Thanks for the links, I am going to look into that on Monday at work.
Mind me asking what type of machine you are running?
--- Sean <[email protected]> wrote:
> A wrote:
> > Now, I know this question gets asked a lot by newbs but I have a
> > commercial reason for asking. Just how many connections can a high
> > PC with OBSD and pf handle from a filtering perspective?
> > The company I work for is currently working on an online game that
> > potentially have +100,000 concurrent users. We are looking at
> > firewalls to help on the security side of things. A rather complex
> > cluster of different machines will manage these connections but, I
> > wondering if OBSD would be able to sit in front of this cluster and
> > as a border firewall. The ruleset itself would be very simple
> > (basically it would block everything except for a small number of
> > UDP ports then "keep state").
> > Would a single machine be able to handle that type of load? What
> > of CPU+RAM+NIC would be required? Alternatively, if a single
> > wouldn't cut the mustard, could an array of firewall be setup?
> pf is plenty fast. we use a single pf firewall to filter 650+
> hits/second or about 30 MB/s of sustained traffic. The pf box doesn't
> even break the slightest sweat. Others here run intense setups
> problem, too.
> What's most important is good NIC cards (buffering and interrupt
> generation for example) and RAM to hold states. Check out the pf FAQ:
> Mike Frantzen posted a way to calculate the maximum number of states
> have memory for (at least with 3.5, not sure if this is still true):
Find local movie times and trailers on Yahoo! Movies.