Hi, On 29/11/2005, at 6:19 AM, Ian wrote:
I run OpenBSD on a sun ultra10 system (sparc64) with four interfaces (one on board hme(4), dual interface fxp(4), and an xl(4) card) serving up my personal test lab on a for a LAN subnet, a server DMZ, and a wireless DMZ.
I was going to ask how small this machine needs to be and possibly also suggest Sun Ultra 5/10's. My firewall is a Sun Ultra 10 333MHz with the on-board hme, another 4 fxp's and boots OpenBSD from a SanDisk CF card. I love it.
You can find these boxes for under $200 used, I got mine for $110 at a local shop in Seattle, it's 440Mhz, 256mb ecc pc133 sdram, and a 20gb
They go cheap on ebay at the moment too. I just got 2x U10's with 440's, a U5 with a 400 and 2x U5's with 360's (256k L2) for $255 Australian. There's a gig of RAM between them but no HDD's.
ide drive which is plenty fast for packet filtering, dhcp, and dns which I use it for. I imagine it could keep up with a fair amount of traffic without problems.
I've noticed that the CPU's with 2MB L2 cache seem to make a bigger difference to filtering throughput than clock speed. A 333MHz 2M L2 being faster than a 360MHz 256k L2: This was tested with iperf on a Sun Ultra 5 running OpenBSD/pf and a very simple rule set... Direct crossover connection: 94.1 Mbits/sec. (client-client, no FW). 360MHz in the Ultra 5: pf OFF: 67.2 Mbits/sec pf ON: 47.3 Mbits/sec. 333MHz in the Ultra 5: pf OFF: 77.0 Mbits/sec pf ON: 74.0 Mbits/sec. This is the same machine, but I only swapped the CPU's. Only one memory bank was in use, so memory speed might not be as fast as it could be without the interleaving of using both banks. I would like to soon test a 440MHz 2M L2 U10 with 256M RAM across both memory banks (4x64's) with the above rule set and my production rules. Shane J Pearson
