On Thu, 20 Jan 2000, David Lang wrote:
> 200 person company 2* T-1 (3MB each way)
> P-233 64 MB ram
> also running DNS, Mail (full store/forward), a dozen or so low traffic
> incoming web servers, firewall toolkit FTP/telnet with SNK authentication
> I never saw this sytem hit more then ~10% CPU, If I had a smaller box i
> would have used it.
It's not a CPU problem- you'd gain significantly more performance out of
a faster bus and faster memory than a faster CPU. 2.2 kernels with large
numbers of masqueraded connections bring about a lot of issues that
proxies don't have to deal with, and that's very apparent with real-time
streaming media protocols.
Despite it not being a CPU-oriented problem, the faster you can get
through context switches the better, and more importantly the faster you
can hand out the next available socket or find if the packet is destined
for a current connection the better. I find that's better in machines
around 250MHz. Then again, I had more than 500 users and I was passing
mail for more than 3x that.
> Both of these sytems ran 2.0.36 kernels since it came out (one still is,
> the other has just been replace witha Raptor firewall) I never did get
> around to upgrading them to the 2.2 series as the 2.0 was working (and
> from watching the bug reports, i never saw anything to force me to
> upgrade) and i did not have the time to change to the new firewall
> config. At this point I may not bother to upgrade the remaining machine
> until the 2.4 kernels are out.
There's a rather serious lag in the early 2.0.x kernels for TCP
connections, I think it was on the order of 150ms/connection - I don't
recall if it was fixed in 2.0.36 or 2.0.38 though. That't be enough to
get me to upgrade. I think 2.2 also sped up memory managment.
Hopefully the 2.4.x series I/O remapping will speed up interface access
too.
I'm still not looking forward to testing the hell out of LPF though, too
much change for me in too short a time to plan on it for infrastructure.
YMMV.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
