There is an optimization coming for pfsense. There is a new user space routing daemon. netmap I think, that can reach line rate on 10G NICs (14.88 Mpps). There was a BSDCon that talked about a future version of pfsense using this system. It uses ipfw, so there a bit a work to adapt it to pfsense.
Walter On Thu, Feb 18, 2016 at 9:26 AM, Giles Davis <[email protected]> wrote: > Hello PFSense Collective, > > At the risk of sounding slightly 'cheap', does anyone (else) on this > list have experience of 'good combinations' of hardware for PFSense > appliances that will handle high-traffic levels and comments on > reasonable max-levels of throughput to expect from it? > > We've been using PFSense for quite some time for large events and these > days are pushing up to 4Gbit/sec to the internet via our PFSense boxes, > to 2-3k clients - with expectation of bigger events in the reasonably > near future. > > Using Intel E3-1270s and Intel 10G NICs (forget the exact model, but > they use the BSD ix driver) we start seeing packet loss and a general > maximum throughput at around 1-1.2Gbit. Our 'solution' so far of just > adding more appliances and splitting the load really won't scale > forever, so if anyone has any suggestions of 'better hardware' or BSD > optimizations that would let us push more through a single appliances, > i'd love to hear it. We've got a reasonable set of BSD networking tweaks > and optimizations that certainly help, but we still can't manage to push > more than our little-over-a-gigabit maximum before things start wobbling. > > We're not asking a huge amount of traffic inspection from our > envrironment (used to do a fair bit of traffic shaping, but have managed > to provide sufficient bandwidth to meet natural demand for a while now) > - but historically PFSense has been a great appliance to have in the > network for firewalling and monitoring. > > Thanks in advance for any suggestions and thanks to the maintainers for > such a great firewall implementation. :) > > Cheers, > Giles. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
