I maintain about 6 efw firewalls, and they like ram. For smaller numbers of users, I give it 768 Megs, and for about 30 users with heavy usage, including day-long openvpn sessions, (but limited to a 7 Mbit link) it wants at least 1 Gig. Ram is often used to cache lookups, etc., so the more the better. What sort of disk I/O is happening when it's at full speed? The largest efw firewall (the one with 30 users) runs in a xenserver vm. It has 1 Gig ram, and two cpus assigned. Snort is enabled on Red. The cpu usage shows both cpus tend to be used evenly, and can peak to 80% usage, but normally runs 10% or less throughout the day. Disk I/O isn't measurable. I have to say, pumping 30mbps through a port, while scanning the data for virus, spam, intrusion, etc. and keeping the natting straight, all while providing services like DHCP, etc, is no small feat for any router. That's a lot of data and a lot of scanning. I don't think 2 cpus are a lot for a router, and in your case, I'd think that's the minimum. Also, it needs to buffer all that data somewhere while its being scanned. Give it a lot more ram. There is also the possibility it's not liking the vm's hardware. Network cards in particular, but not necessarily limited to that. Even the way you've set up vmware's networking might not be optimal. If you want to be successful at making a VM like this work, you need to get to know the OS running natively on a decent cpu. Got a spare pc you can play with? It's the only way to judge any OS, and to judge if there's a problem with the vm.
I find that OSes run faster on xenserver... From: Bart Heinsius [mailto:bheins...@gmail.com] Sent: Monday, March 30, 2009 2:20 PM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Snort CPU load limits download speed > Snort is almost maxing out your processor here. You aren't swapping, but there > is not enough processor time left to go much higher. You said this is a > virtual machine. Can you add more processor and see if it improves? Add more processor? Like assigning 2 processors to Endian? Sounds like a lot for a router. I would think that one of the four cores in my Dell R200 Quad Core X3230, 2.66GHz/2x4M 1066FSB is enough for a 30mbps link. Or are there parameters that prevent the VM from getting the max CPU? -Bart __________ Information from ESET NOD32 Antivirus, version of virus signature database 3975 (20090330) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
------------------------------------------------------------------------------
_______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
