Hi,
Edy Purnomo wrote:
i suggested to my friend to replace his linux box to openbsd.
he uses mailnly for internet gateway : pf + squid proxy
after 2 weeks later he switched it back linux and said : linux much
faster to respond the http requests (he had a same configuration on
openbsd, pf + squid proxy).
is there any program that can proof what he says ?
thanks.
I just did extensive tests for an article that will be published in the
German linux-magazine in December (which is also kind of a 'thank you'
from my side to this list and to all openbsd guys).
It compares the 'default' network performance of a gigabit
openbsd/pf/scrub box to a netfilter 2.4 kernel box. For the tests I used
netperf from HP in different szenarios. Without going into detail here,
the overall impression in my setup (!) was that pf is minimally slower
(~ 7%) with TCP bulk transfers (TCP_STREAM/TCP_MAERTS) whereas TCP_RR,
TCP_CC and UDP_RR performance was better with pf/scrub. With an TCP_CRR
(128byte/16kbyte) test, both systems were almost equally fast.
To cut a long story short: For me the difference in performance doesn't
matter - you get a lot more with openbsd/pf in terms of features,
security, ease of administration and robustness.
And consider, this is no theoretic blabla, I just migrated our entire
firewall infrastructure from netfilter to pf ;)
Have fun,
--
Stephan A. Rickauer
----------------------------
Institut f|r Neuroinformatik
Universitdt / ETH Z|rich
Winterthurerstriasse 190
CH-8057 Z|rich
Tel: +41 44 635 30 50
Sek: +41 44 635 30 52
Fax: +41 44 635 30 53
http://www.ini.ethz.ch
----------------------------
