On 2010-05-10, BARDOU Pierre <bardo...@mipih.fr> wrote: > I'm going to buy hardware to create 4 PF/relayd/openVPN boxes (2 active, 2 > passive). > I have an average of 500 new connections/s, 40k states and 40kpps in PF, 20 > remote concurrent accesses on OpenVPN. > > What CPU would you recommend between Intel and AMD ?
This question is silly, the CPU manufacturer doesn't matter. There is a lot more difference between the various CPUs made by a manufacturer (486, atom, p4, p3, core2, nehalem, ...) than the difference between AMD's fastest CPU and Intel's fastest CPU. > Since PF is mono threaded, I think more than 2 CPU cores are useless. Am I > right ? More than 1 core might be useful for OpenVPN (especially if you can run multiple openvpn processes, for example maybe listening to different ports and distributing between them using a rdr pool). Since any new CPU you get is likely to be multi-core I suggest you benchmark both GENERIC and GENERIC.MP... > For the same reason, I think that the CPU with the highest frequency will be > the best ? Generally yes (but some arch like P4, Atom are much slower for a given clock speed than P3-based arch, for example). Also consider memory bandwidth and cache size. > Would it be useful to replace 15ktpm SAS HDDs by SSDs ? Depends what you're writing to disk. Presumably you won't be doing much in the way of random disk access, but might be doing some sequential writes for logging, so in that case SSDs are more likely to hurt than help. You will probably do better to propose some specific system and ask if anyone knows of problems with that machine.
