On 21/02/10 23:21, Claudio Jeker wrote:
On Sun, Feb 21, 2010 at 08:05:39PM +0100, Pete Vickers wrote:
- 6500/7600 can do HW stateful FWing, e.g. FWSM (which is not a line card) ,
but which is obviously a different budget the a PC running OpenBSD.
This is a special module that costs about $1
On Sun, Feb 21, 2010 at 08:05:39PM +0100, Pete Vickers wrote:
> Hi,
>
> I think you misunderstand me, I was not trying to argue that Cisco's firewall
> offerings are any better or worse than OpenBSD based solutions. I was merely
> pointing out that:
>
> - A _correctly_configured_ Cisco 6500/760
Hi,
I think you misunderstand me, I was not trying to argue that Cisco's firewall
offerings are any better or worse than OpenBSD based solutions. I was merely
pointing out that:
- A _correctly_configured_ Cisco 6500/7600 SUP is not vulnerable to "a few
Mbps of multicast traffic" as alleged by c
a lot of the features you list below are only useful or usable at the
switching layer, and therefore not really fair when compared to what openbsd
can do. eg, the dhcp snooping is done on the switches at the client access
layer to prevent rouge dhcp servers on an l2 network. unless you put openbsd
I'm not an expert in this area, but it looks like OpenBSD can do some
parts too and for much more lower price.
DHCP snooping
>From info on Cisco page it looks like simple combination of
lists/macros for blocking/allowing certain ports. Tables are possible
with OpenBSD too and you can limit flow r
On 17. feb. 2010, at 08.47, Claudio Jeker wrote:
> On Wed, Feb 17, 2010 at 03:35:24AM +0200, Kapetanakis Giannis wrote:
>> On 17/02/10 03:16, FRLinux wrote:
>>
>>> Mmmh, you picked my interest here. You mentioned your cisco 6500 but I
>>> guess you are going to use only gigabit NICs, so you have n
On Wed, Feb 17, 2010 at 03:35:24AM +0200, Kapetanakis Giannis wrote:
> On 17/02/10 03:16, FRLinux wrote:
>
> >Mmmh, you picked my interest here. You mentioned your cisco 6500 but I
> >guess you are going to use only gigabit NICs, so you have no need on
> >the 10gb range? Just asking, not trying to
On Wed, Feb 17, 2010 at 01:47:48AM +, FRLinux wrote:
> On Wed, Feb 17, 2010 at 1:35 AM, Kapetanakis Giannis
> wrote:
> > b) 10G Xenpack for C6500 costs around $25K if I'm not wrong.
>
> Err, the backplane cost us about 10.000 euros for the card and 2500
> euros per xenpack, and we have 4. So
On Wed, Feb 17, 2010 at 1:52 AM, Kapetanakis Giannis
wrote:
> Did you put any openbsd in front/behind that Cisco?
> Bandwidth? packets/sec? What kind of server?
I do, but it is used as a backup, so i am not looking for performance
but rather as a slower replacement able to run (openbsd 4.5 as 4.6
On Wed, Feb 17, 2010 at 1:35 AM, Kapetanakis Giannis
wrote:
> b) 10G Xenpack for C6500 costs around $25K if I'm not wrong.
Err, the backplane cost us about 10.000 euros for the card and 2500
euros per xenpack, and we have 4. So that sounds about right :)
> If future demands for more than 1G I wi
On 17/02/10 03:47, FRLinux wrote:
Err, the backplane cost us about 10.000 euros for the card and 2500
euros per xenpack, and we have 4. So that sounds about right :)
If future demands for more than 1G I will probably bond 1G cards (cheap
solution) or buy a new L2 10G switch to do the link as w
On 17/02/10 03:16, FRLinux wrote:
Mmmh, you picked my interest here. You mentioned your cisco 6500 but I
guess you are going to use only gigabit NICs, so you have no need on
the 10gb range? Just asking, not trying to start a war :)
Cheers,
Steph
:)
Well not at them moment. 10G is a thought bu
On Wed, Feb 17, 2010 at 12:43 AM, Kapetanakis Giannis
wrote:
> perfectly ok for my test case. I'm pretty sure that with Intel network
> controllers the setup will rock and beat the hell out of my Cisco 6500 with
> the features of pf.
Mmmh, you picked my interest here. You mentioned your cisco 650
On 16/02/10 11:41, Jordi Espasa Clofent wrote:
As Claudio has pointed you out, try (if you can) a better driver em(4)
on good Intel hardware NICs.
I use simple Supermicro hardware with Intel NIC PCI-E and em(4) an I
move around 400/500MBps without any problem.
Claudio was right.
Upgrading th
On 02/13/2010 04:44 PM, Kapetanakis Giannis wrote:
I did a binary upgrade to latest snapshot and followed -current.
I've seen huge improvement on server-client performance on the
msk0 (internal side) but packet forwarding didn't change at all.
4.6-release:
server max in: 300Mbps
server max out:
I did a binary upgrade to latest snapshot and followed -current.
I've seen huge improvement on server-client performance on the
msk0 (internal side) but packet forwarding didn't change at all.
4.6-release:
server max in: 300Mbps
server max out: 760Mbps
forwarding max: 400 Mbps
4.7-current
server
On 13/02/10 10:39, Claudio Jeker wrote:
Update to current to get some msk fixes that should make msk(4)
faster. For high performance get a dual em(4) card since those will behave
much better (the interrupt mitigation on msk(4) is somewhat bad and causes
a 4 to 5 times higher delay).
Indeed the
On Fri, Feb 12, 2010 at 08:23:27PM +0200, Kapetanakis Giannis wrote:
> Hi,
>
> I'm not satisfied with the network performance on my OpenBSD
> firewall/router.
> CPU is Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz / with 4G ram
> OpenBSD server 4.6 GENERIC.MP#89 i386
>
Update to current to get some
Hi,
I'm not satisfied with the network performance on my OpenBSD
firewall/router.
CPU is Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz / with 4G ram
OpenBSD server 4.6 GENERIC.MP#89 i386
This pc/router/firewall is directly connected to a Gigabit HP 2810-48G
switch.
Server:
Ext interface: Real
19 matches
Mail list logo
