On Wed, Feb 21, 2007 at 05:17:22PM -0600, Alex Thurlow wrote:
> So anywhere I look for router performance on OpenBSD, all the benchmarks
> are on small lines or old machines. I also see mentions of people using
> it in large scale installations, which is what I'm looking to do. I
> thought I'd ask here and see what people have done.
>
> I have 2 GigE lines from different providers balanced via BGP with full
> routes from both providers. Currently, these are running through a
> Linux/Quagga/Iptables router/firewall with a P4 3.2 GHz. The distro is
> Gentoo, and we've stripped it down quite a bit.
>
> We're pushing streaming video, so it's almost all outbound traffic by
> about a 30:1 factor, and our average packet size is quite large - around
> 1200 bytes. At the moment, when we hit about 350Mbps, the router gets
> to ~30% CPU usage, and it appears that we stop being able to pass all
> the traffic at full speed. I don't see packet loss, but our traffic
> graph flattens a good bit. At those rates, we also start to see
> crashing, but we haven't been able to figure out the exact cause of
> those either.
>
> So, long story short, I need a new router. We've looked at Cisco, etc.
> and for what we're doing, it looks like we need a carrier class router.
> I can get a decked out 12008 for about $8k, but I'd rather not spend
> that much, or use the 2 feet of rack space.
>
> I've used OpenBSD/PF for firewalls in the past, and loved them, so I'd
> like to use it for a router if it can handle what we need. Basically, I
> need to be able to saturate both of those GigE lines. I'm willing to
> buy the brand-newest hardware - the PCI express bus should be able to do
> 2.5 Gbps, but I can't find anything that says I can push that much
> through software.
>
> I was also looking at the Intel I/O Accelerator, but I didn't see if
> there was OpenBSD support for it. I'm sure if there is, that would help
> get me to be able to push the traffic I want to.
>
> A long explanation, but I'm just hoping someone could give me some
> insight here.
I don't have the faintest clue about that kind of speed, and the old box
next to me would probably faint if showed these numbers. Still, some of
the stuff below, while tangential, might be useful.
OpenBGP, by any right, should not be a problem if you are not doing
anything grossly stupid (like trying to run this in 8 MB of memory). The
intel accelerator you mention is not supported, so that wouldn't help
any.
The one point I miss is failover capability; both the Cisco and OpenBSD
should be able to do this, but it's worth noting - and having.
Joachim
