sangprabv wrote: >Thanks alot for the suggestions. Another issue that makes me want >to assign each IP on to one dedicated ethernet card is because when >partner did stress test by sending around 100.000 requests via ISP >A. Shorewall failed to process all, there are some traffics lost >here. Do you have any setup suggestion to avoid this?
<8k of excess quoting trimmed> You still haven't given any idea whatsoever of the scale - for starters, what speed and type of connection are you running ? At work I have a Debian box as our boundary router. 6mbps symmetric uncontended line with an entire class C (/24) subnet behind it. Watching the stats, it runs mostly at 99% idle. It's not doing much by way of filtering, and there's no NAT, but it is doing accounting for every one of those IPs and storing the data in RRD databases. It's also doing traffic shaping with around 25 tc classes and the tc rules to filter traffic accordingly. We're almost certainly turning up the speed shortly to 20 or even 25 Mbps - I'm not anticipating any performance issues. It only runs on an old PIII we had lying around. I've also built boxes with 32 VLAN based internal interfaces - for a business centre sharing an 8M ADSL line between different tenants. That does do NAT, plus a lot of rules to keep all the different users apart from each other. At home, I run a 2 port router as a Xen guest - about 6.5Mbps ADSL. Again, no performance issues at all, and that's as just a VM on an AMD64-2000 that's also running several other VMs (one runs MythTV). Unless you have a connection that's reaching 100Mbps, then you do not need more than one interface for your WAN - and in fact, using multiple interfaces is more likely to cause performance issues due to the extra rules/processing to make it all work. And don't forget, people run routers in small appliances with low powered ARM processors and limited RAM. You really don't need a lot of horsepower for most normal setups. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
