BARDOU Pierre <[email protected]> wrote on Mon, 10 May 2010 17:24:21 >Subject: Hardware for a PF box
>I'm going to buy hardware to create 4 PF/relayd/openVPN boxes >(2 active, 2 passive). >I have an average of 500 new connections/s, >40k states and 40kpps in PF, 20 >remote concurrent accesses on OpenVPN. >What CPU would you recommend between Intel and AMD ? As other people have said, models/versions vary much more over each vendor than overall between vendors. >.... >For the same reason, I think that the CPU with the >highest frequency will be the best ? As other people have said, memory access time, cache size, and integer arithmetic performance matter. For any specific CPU version/architecture, faster clocks are better up to the point where CPU utilization is under (for instance) 50%. Choice of memory speed is also important. There are non-intuitive interactions between CPU clocks and RAM clocks - sometimes lower clock speeds can mean fewer clock cycles. If you lower the clock speed 10% and reduce access time from 6 cycles to 5, you get 6% improvement. Choice of network interfaces can make as much impact as CPU choice. Many of the gigabit chips have better performance and better driver interaction than older 10/100 chips. I use the gigabit RE (Realtek) because they're very cheap and quite fast. I can't say which other gigabit ones are as good or better but as a rule the 10/100 interfaces are expensive in CPU time. >Would it be useful to replace 15ktpm SAS HDDs by SSDs ? If there are local servers available, what about running the firewalls as diskless machines? Cheaper, cooler, and if you are running a backed up RAID on your servers, more reliable. I currently run a lightly loaded firewall on a 1.5 GHz VIA CPU with 3 interfaces - most packets traverse 2 bridged interfaces. Running 20 Mbit/sec the CPU loading is 25%. There are usually 500 states or so with a moderately complex (200+ lines) pf rule set and 20-50 connections/sec. The VIA is very slow but also runs quite cool & low power. Total power with a local SATA laptop disk is 24W. I have run that system with a USB flash stick as the only local disk for more than a year with no problems. I hope this helps. geoff steckel omnivore technology
