* Aaron Glenn <aaron.glenn@gmail.com> [2008-03-26 03:14]:
On Tue, Mar 25, 2008 at 6:15 PM, Patrick Clochesy <patrick@chegg.com> wrote:
Very interesting study I had not seen, and a bummer. That really puts a cramp in my advocation of our CARP+pf load balancers/firewalls/gateways. Than again, what's a PIX box capable of?
I'd rather tweak a whitebox than pay through the nose for a PIX.
I also had to switch to OpenBSD as there was a fatal crash with the bridge device in FreeBSD when used with my paticular OpenVPN/CARP/pf combination.
AFAIK pf/forwarding only takes place on one core and wouldn't take advantage of the other 3 cores, correct?
Correct. There has been some great speed and efficiency improvements in pf and other networking parts of OpenBSD; though from anecdotal evidence, 10GbE is not ready for 'primetime' (for certain definitions of 'primetime').
actually I'll just skip making an ass out of myself and hope henning@ chimes in, since I believe he reads NANOG as well.
occasionally. as with all other OSes constructed benchmarks would show 10GE to work at wirespeed with reasonable hardware. I would not use it (yet) if I truly need 10 GBit/s forwarding rate, and that goes for any OS. -- Henning Brauer, hb@bsws.de, henning@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam