On 03/28/2017 08:41 AM, WebDawg wrote:
It seems to me that NAT and general firewalls should be easily handled? Am I wrong here? I mean, how much hardware do you need for pf to function at 1gbps?? Would not offloading help here too?
Ive run tests on AMD and Intel cpus that I happened to have in stock using BSDRP. This is simple, router only software based on BSD. It has no services running, (nat, snort, ect) so no overhead to slow it down.
To get the full bandwidth of gig ethernet required using Intel nics. I also found that sending or receiving full gigabit was easy even for low-power cpus. But routing it, meaning in one port and out another, required a more powerful cpu.
Of the cpus I had to test, only an Intel i5-2400 (sandy bridge) and a newer model AMD APU could keep up. All these tests were using standard x86_64 desktop hardware. No server-based parts were needed.
However, I think that router-boards can route full Gig ethernet without such powerful cpus. Even cheap gigabit network switches can pump gig ethernet in one port and out another, at full speed. I'm not sure how router-boards and network switches do this. Im guessing its done using specialized hardware.
None of the urls or examples posted in this thread so far address the actual throughput of the equipment being used, so dont assume everything suggested will work at the speed you want.
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
