* BARDOU Pierre <bardo...@mipih.fr> [2010-05-10 17:27]: > Hello, > > I'm going to buy hardware to create 4 PF/relayd/openVPN boxes (2 active, 2 > passive). > I have an average of 500 new connections/s, 40k states and 40kpps in PF, 20 > remote concurrent accesses on OpenVPN.
that's not much. a PIII @ 1GHz probably easily suffices. > What CPU would you recommend between Intel and AMD ? doesn't matter all that much. > Since PF is mono threaded, I think more than 2 CPU cores are useless. Am I > right ? > For the same reason, I think that the CPU with the highest frequency will be > the best ? you want to run GENERIC, not GENERIC.MP, unless you also do lots of stuff in userland on the pf box, then MP might pay out. and since you'll be using one core only anyway you want as few and as fast cores you can. > Would it be useful to replace 15ktpm SAS HDDs by SSDs ? yes. harddisks don't matter on pure firewalls. what is written to disks? logs. not all that much. read? after boot, not much. so using your expensive SAS-disks elsewhere is a good idea. a cheap 40..64G SSD will do fine. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
