hugle wrote:
FG> On Mon, 31 May 2004, hugle wrote:

The question in what machine do i need?
What CPU and how much of ram ?

FG> I set up a firewall for more than 300 users, a DMZ with a public webserver, FG> webmail and MX on a PII-350MHz with 128 MB RAM. dammit.. why then my users eats so much CPU? look: CPU states: 0.0% user, 0.0% nice, 0.8% system, 38.0% interrupt, 61.2% idle Mem: 21M Active, 177M Inact, 133M Wired, 1228K Cache, 199M Buf, 1677M Free

I have only 61% idle ?
usualy i have ~50 idle..
now I have P4 2.4GHZ

maybe my setup is bad (kernel I mean)?
ps. what those interrupt means?

It probably means you have a cheapo network card and the OS has to work very hard to keep it moving data.

The vmstat screen of systat will break down the interrupt usage per device,
which will tell you if my guess is right or not.

If I'm right, it would be worth your while to research the particular NIC you're
using to see if there are known problems.  Or, if you know it's a cheap NIC, you
might want to just replace it.

OTOH, if the machine is keeping up with the load, you might want to just leave
that NIC in there and let the CPU do its job.

There's also the option to switch to polling (if that NIC's drivers support it)
See "man polling" for the gory detail.

FG> On another client, I set up a firewall for 50 users with a Pentium 90MHz
FG> with 64MB RAM.

dual or single processor ?

FG> One. Don't waste you money. A firewall isn't very CPU intensive. And given FG> the fact that ipf works at the IP stack level, I don't think you can have FG> more than one thread active at a time messing with the IP data structures.

-- Bill Moran Potential Technologies _______________________________________________ [EMAIL PROTECTED] mailing list To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to