Running iperf -s on the openbsd/ultra10 box (on an fxp(4) card) and running iperf -c from my freebsd desktop (amd64 3200+ with an fxp(4) card) over a bay networks 100mb switch reviels:
[ 3] 0.0-10.0 sec 110 MBytes 92.2 Mbits/sec And with iperf -s on the freebsd desktop and -c on the openbsd box: [ 3] 0.0-10.0 sec 108 MBytes 90.4 Mbits/sec pf enabled, but with a simple rule: pass in on fxp0 all keep state (if-bound) -Ian On 11/28/05, Frank Roessler <[EMAIL PROTECTED]> wrote: > Hi, > > > On 29/11/2005, at 6:19 AM, Ian wrote: > > > >> I run OpenBSD on a sun ultra10 system (sparc64) with four interfaces > > > > Yeah, those sun ultras... great machines for a little price, just two of > my ultra-5 and -10s loose their boot-config all the time :-( > Couldn't find a reason for this yet. > > Anyway: OpenBSD performs great on them compared to linux and solaris: > > > 333MHz in the Ultra 5: pf OFF: 77.0 Mbits/sec pf ON: 74.0 Mbits/sec. > > This meets my statistics: nearly 80% of NIC-Bandwidth compared to 65% on > linux (debian 2.6). > > Just another 2 cents... > > Grüße, > Frank > > >> (one on board hme(4), dual interface fxp(4), and an xl(4) card) > >> serving up my personal test lab on a for a LAN subnet, a server DMZ, > >> and a wireless DMZ. > > > > > > I was going to ask how small this machine needs to be and possibly also > > suggest Sun Ultra 5/10's. My firewall is a Sun Ultra 10 333MHz with the > > on-board hme, another 4 fxp's and boots OpenBSD from a SanDisk CF card. > > I love it. > > > >> You can find these boxes for under $200 used, I got mine for $110 at a > >> local shop in Seattle, it's 440Mhz, 256mb ecc pc133 sdram, and a 20gb > > > > > > They go cheap on ebay at the moment too. I just got 2x U10's with 440's, > > a U5 with a 400 and 2x U5's with 360's (256k L2) for $255 Australian. > > There's a gig of RAM between them but no HDD's. > > > >> ide drive which is plenty fast for packet filtering, dhcp, and dns > >> which I use it for. I imagine it could keep up with a fair amount of > >> traffic without problems. > > > > > > I've noticed that the CPU's with 2MB L2 cache seem to make a bigger > > difference to filtering throughput than clock speed. A 333MHz 2M L2 > > being faster than a 360MHz 256k L2: > > > > > > This was tested with iperf on a Sun Ultra 5 running OpenBSD/pf and a > > very simple rule set... > > > > Direct crossover connection: 94.1 Mbits/sec. (client-client, no FW). > > 360MHz in the Ultra 5: pf OFF: 67.2 Mbits/sec pf ON: 47.3 Mbits/sec. > > 333MHz in the Ultra 5: pf OFF: 77.0 Mbits/sec pf ON: 74.0 Mbits/sec. > > > > > > This is the same machine, but I only swapped the CPU's. Only one memory > > bank was in use, so memory speed might not be as fast as it could be > > without the interleaving of using both banks. > > > > I would like to soon test a 440MHz 2M L2 U10 with 256M RAM across both > > memory banks (4x64's) with the above rule set and my production rules. > > > > > > Shane J Pearson > > > >
