[EMAIL PROTECTED] dixit (2007-05-04, 09:30:06): > Hi, > > I have some time to come up with a new firewall/router/vpn solution > for our datacentre, and I'm considering a shiny new server with > OpenBSD and pf instead of a costly PIX. On the part of our network > that I'm doing this for we might see maximum 20Mbit/s unencrypted > traffic. > > Is anyone using an OpenBSD/pf solution in a production environment > like this? What hardware are you using? How's it holding up? :-) > > I'm fascinated to hear about anyone who has put the house on this > combination and succeeded, and whether they've implemented hot > failover etc.
Hello Andrew.
We are testing a pair of 4.0-stable CARPed SunFire v20z on a 34Mbit line
as a redundant gateway for a /20 at this moment. This pair also does
queuing. What I am a bit worried is the high interrupt rate I see on the
main box during the day.
This is some data on the main box while it is handling regular traffic
for you and everyone on this list to have a look at.
Any pointers for extra tweaking and possible performance improvements
are _extremely_ welcome.
# uptime
10:14AM up 32 days, 13 mins, 1 user, load averages: 0.26, 0.18, 0.11
# vmstat -i
interrupt total rate
irq5/bge0 6707273072 2425
irq3/bge1 6002797432 2170
irq11/mpi0 298795 0
irq10/em0 2584465021 934
irq5/em1 1 0
irq10/xl0 128526329 46
irq0/clock 276563835 100
irq8/rtc 353966358 127
Total 16053890843 5805
# netstat -m
1484 mbufs in use:
1479 mbufs allocated to data
2 mbufs allocated to packet headers
3 mbufs allocated to socket names and addresses
953/1070/6144 mbuf clusters in use (current/peak/max)
2532 Kbytes allocated to network (89% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
(systat -w 1 if output)
/0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10
Load Average |||
Iface State Ibytes Ipkts Ierrs Obytes Opkts Oerrs Colls
bge0 up:U 4284083 7192 1 2018074 6966 0 0
bge1 up:U 1344383 4085 0 2770698 3958 0 0
em0 up:U 408956 1226 0 1385299 1503 0 0
em1 up 0 0 0 0 0 0 0
xl0 up:U 390 1 0 89850 164 0 0
pflog0 up 0 0 0 0 0 0 0
pfsync0 up 0 0 0 0 0 0 0
enc0 dn 0 0 0 0 0 0 0
lo0 up 0 0 0 0 0 0 0
carp0 up:U 4284071 7190 0 140 1 0 0
carp1 up:U 1344383 4084 0 140 1 0 0
carp2 up:U 408956 1225 0 140 1 0 0
Totals 12075222 25003 1 6264341 12594 0 0
--
Digitally yours,
Florin Iamandi (Slippery)
Reason is the first victim of emotion. -- Scytale, Dune Messiah
pgppiNoSLZbSV.pgp
Description: PGP signature
