ok, thanks for the reply : I'm no longer worried about performance. I'm not too familiar with xBSD, but I am with Linux, I did lotsa kernel compiles back in the days of 1.3/2.0, I still do some for stress-testing, So there is a chance that it won't be so hard/different. Anyways, I'll have to sort pro's and con's of everything (and test ;-) before going live with either solution.I'll have one last curiosity about the linked graph : how come ipfilter always has a better throughput regardless of polling (ipf and ipf-polling almost have the same curve at the top of the graph, when enabling polling either on pf or "nofilter" has dramatical effect. And how can ipfilter perform better than "nofilter" ? regards
> Date: Mon, 13 Aug 2007 19:02:17 -0400> From: [EMAIL PROTECTED]> To: > [email protected]> Subject: Re: [pfSense Support] performance on a PE860> > > > > On 4.X based versions, yes. We are faster than 6.X versions of m0n0wall.> > > > > That partially remains to be seen. I measured around 15% faster on a > > 4801, but then later 3-5% slower on a Xeon 2.0 GHz. It's roughly equal > with > routing and NAT.> > But not with bridging. The if_bridge that we use measures > drastically > slower than the old bridge that m0n0wall (even 1.3) still > uses.> > On a Xeon 2.0 GHz:> http://pfsense.org/~cmb/graphs/6.2-bridge.png> > (and another illustration that polling in 6.x is *seriously* broken)> > > m0n0wall 1.3 can push almost twice as much traffic when bridging, though > > they're roughly equal in similar NAT and routing tests.> > But, I still > wouldn't let performance be the primary differentiator in > most > circumstances even with bridging. You mentioned 500 Mb, I could > push > roughly 500 Mb through my test box, which is much slower than a > PE860, with > either one. So look at the other features and functionality > and choose > based on that.> > One major consideration with the kind of state load you're > talking about > is with m0n0wall you would have to build a custom image > because its > state table size is 30,000 and you can't change it without > recompiling > the kernel (ipfilter limitation). Depending on your level of > familiarity > with FreeBSD, that could be a very time consuming endeavor. > With > pfsense, it's a simple GUI option to immediately increase it, not even > a > reboot required.> > > > ---------------------------------------------------------------------> To > unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: > [EMAIL PROTECTED]> _________________________________________________________________ Besoin d'un e-mail ? Créez gratuitement un compte Windows Live Hotmail et gagnez du temps avec l'interface à la Outlook ! http://www.windowslive.fr/hotmail/default.asp
