* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-05-04 09:12]: > Hi, > > I have some time to come up with a new firewall/router/vpn solution > for our datacentre, and I'm considering a shiny new server with > OpenBSD and pf instead of a costly PIX. On the part of our network > that I'm doing this for we might see maximum 20Mbit/s unencrypted > traffic. > > Is anyone using an OpenBSD/pf solution in a production environment > like this? What hardware are you using? How's it holding up? :-)
for breakfast, yeah. with reasonable network cards and a reasonable ruleset pretty much any system made in the last, what, make it 2 years, should able to do several hundred MBit/s. the max I have going thru an OpenBSD box at a customer is in the 750 MBit/s range (and that doesn't max out the machine), but that is without pf and a carefully hand-crafted kernel. with pf, not sure where i have the biggest install... there's certainly customers in the 50 MBit/s range where the machines mostly idle. usually performance is just not a problem, so I don't look at these numbers to closely... our own machines with very big rulesets and pretty mean traffic pattern seldom exceed 50% cpu use either, but desperately need to be upgraded just because of their age (they are in the 1 ghz range) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
