Hi Adam, Thanks for the response, I wonder if I setup a pfsense and use a packet generator maybe I can find out an answer. Once I get a couple of servers freed up which has dual 10G nics, I might give this a try. I have a couple of HP servers with I think 48 cores and 128G of ram being decommed from their current role in the next month, so I might use them to test this before we reload and redeploy them.
Joe On Wed, May 21, 2014 at 9:44 PM, Adam Thompson <athom...@athompso.net>wrote: > On 14-05-21 08:27 PM, Joseph H wrote: > >> Hi Everyone, >> >> I was having a debate with a new network engineer we have and we were >> discussing how pfSense performs and how it would handle 10G network >> connections, setup as a transparent firewall, using snort and a few other >> packages to help monitor and graph traffic. >> >> I was saying that as long as it has plenty of CPU and Memory, plus Intel >> NIC's for the 10G then it would not have any problems doing transparent >> mode, and there would be no noticeable slowdown or sluggishness. >> >> Does anyone have any statistics they would share or what size server to >> build, using Intel 10G nic cards? >> >> Thanks in advance. >> >> Joe >> >> > Jim just had this argument with Henning Brauer at BSDCan... at those > speeds, bandwidth doesn't really matter, packets-per-second matters. > In most normal situations, pfSense can pass almost 10Gbit/sec of traffic. > However, in a DDOS - or VoIP - scenario, its limited PPS rates (compared > to stupidly expensive hardware-accelerated appliances) rapidly will become > a bottleneck. > Depending on your traffic patterns, you will probably max out on PPS long > before you max out on bandwidth. > > Transparent mode vs. routed mode probably won't make all that much > difference at the scales you're talking about, but I admit I've never tried > transparent mode at >1Gbps. > > -- > -Adam Thompson > athom...@athompso.net > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list