> > I'm looking for a NAT/firewall/VPN solution with failover for a > private enterprise TV system. While my gut reaction is PF, I'm > wondering if anybody here has done this before. > > I might start a capabilities war, but we've seen OpenBSD become CPU > bound with about 150k packets per second with some pretty fast hardware. > This is without PF running. I'm sure there are a million tweaks that > can be done to improve this, but expecting OpenBSD + PF to process small > packets (lets say 128 byte packets on average), resulting in 1 million > packets per second on a "full" 1Gbps connection, is probably not going > to happen.
Are you running -current? There have been some massive tweaks in networking performance in -current. Try out and report back.
