Bonus! Well, that is good news and brings a smile to my face. As i have said before on this list, just love working with pf!
Thanks for the links, I am going to look into that on Monday at work. Mind me asking what type of machine you are running? Andrew --- Sean <[EMAIL PROTECTED]> wrote: > A wrote: > > Now, I know this question gets asked a lot by newbs but I have a > > commercial reason for asking. Just how many connections can a high > spec > > PC with OBSD and pf handle from a filtering perspective? > > > > The company I work for is currently working on an online game that > will > > potentially have +100,000 concurrent users. We are looking at > different > > firewalls to help on the security side of things. A rather complex > > cluster of different machines will manage these connections but, I > am > > wondering if OBSD would be able to sit in front of this cluster and > act > > as a border firewall. The ruleset itself would be very simple > > (basically it would block everything except for a small number of > known > > UDP ports then "keep state"). > > > > Would a single machine be able to handle that type of load? What > sort > > of CPU+RAM+NIC would be required? Alternatively, if a single > machine > > wouldn't cut the mustard, could an array of firewall be setup? > > > > pf is plenty fast. we use a single pf firewall to filter 650+ > hits/second or about 30 MB/s of sustained traffic. The pf box doesn't > even break the slightest sweat. Others here run intense setups > without > problem, too. > > What's most important is good NIC cards (buffering and interrupt > generation for example) and RAM to hold states. Check out the pf FAQ: > > http://openbsd.org/faq/pf/perf.html > > Mike Frantzen posted a way to calculate the maximum number of states > you > have memory for (at least with 3.5, not sure if this is still true): > > http://marc.theaimsgroup.com/?l=openbsd-pf&m=108576335204963&w=2 > > cheers, > Sean > Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com
