On Tue, Aug 07, 2001 at 07:33:34AM -0400, Jeremy Rumpf wrote:
> Heh, I have one firewall with 4 fast ethernet NICs in it. Celeron 466. The
> PCI backplane isn't good enough to saturate all 4 NICs, but it will slam two
> of them no problem. Amazingly, cpu utilization really isn't an issue.
If you test this with 'top' you're being fooled. Time spent in interrupt
handlers and bottom halves is accounted to the task currently running, which
is usually the idle task, so it'll show up as idle time. ksoftirqd changes
this somewhat, but still doesn't cause an accurate view of the cpu utilisation
being given.
> When
> you load test your network make sure your packets are as close to the maximum
> ethernet framse size as you can get. Especially with giga-ethernet, as it's
> pretty inefficient for small packets. Something like
>
> ping -f -s 1470 hostx.blah.com would do.
Firewalling (and routing, in general) overhead is 'per-packet' and not really
'per-megabit'. So.. it all depends on your load. If you need to firewall X
Mbs of small packets, and have verified you can firewall X Mbs of big packets,
that might not say a lot..
> With your setup, I would say that you should absolutely have no problem
> getting 200Mbs. Of course, my setup is still running 2.2.16 also.
Testimonial? :)
cheers,
Lennert
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
