Paul, i don't know what you are replying to, I was making the point that
the box was massivly overpowered.
David Lang
On Thu, 20 Jan 2000, Paul D. Robertson wrote:
> On Thu, 20 Jan 2000, David Lang wrote:
>
> > 200 person company 2* T-1 (3MB each way)
> > P-233 64 MB ram
> > also running DNS, Mail (full store/forward), a dozen or so low traffic
> > incoming web servers, firewall toolkit FTP/telnet with SNK authentication
> > I never saw this sytem hit more then ~10% CPU, If I had a smaller box i
> > would have used it.
>
> It's not a CPU problem- you'd gain significantly more performance out of
> a faster bus and faster memory than a faster CPU. 2.2 kernels with large
> numbers of masqueraded connections bring about a lot of issues that
> proxies don't have to deal with, and that's very apparent with real-time
> streaming media protocols.
>
> Despite it not being a CPU-oriented problem, the faster you can get
> through context switches the better, and more importantly the faster you
> can hand out the next available socket or find if the packet is destined
> for a current connection the better. I find that's better in machines
> around 250MHz. Then again, I had more than 500 users and I was passing
> mail for more than 3x that.
>
> > Both of these sytems ran 2.0.36 kernels since it came out (one still is,
> > the other has just been replace witha Raptor firewall) I never did get
> > around to upgrading them to the 2.2 series as the 2.0 was working (and
> > from watching the bug reports, i never saw anything to force me to
> > upgrade) and i did not have the time to change to the new firewall
> > config. At this point I may not bother to upgrade the remaining machine
> > until the 2.4 kernels are out.
>
> There's a rather serious lag in the early 2.0.x kernels for TCP
> connections, I think it was on the order of 150ms/connection - I don't
> recall if it was fixed in 2.0.36 or 2.0.38 though. That't be enough to
> get me to upgrade. I think 2.2 also sped up memory managment.
>
> Hopefully the 2.4.x series I/O remapping will speed up interface access
> too.
>
> I'm still not looking forward to testing the hell out of LPF though, too
> much change for me in too short a time to plan on it for infrastructure.
> YMMV.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
> PSB#9280
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
