On Wed, 9 Apr 2008, Rainer Duffner wrote: > Andy Dills schrieb: > > On Wed, 9 Apr 2008, Volker Kuhlmann wrote: > > > > > > > I am looking to get more Ethernet ports into a pfsense box, and can see 2 > > > options. > > > > > > > Can I ask why you don't want to instead use VLANs? It will be cheaper and > > easier to manage...unless you're dealing with a bandwidth issue, in which > > case you're probably better just using multiple boxes. > > > > > > I don't think pfSense can do Multi-GB-Packet-Routing (on i386) - unless > somebody claims the opposite. About the only reason I can see for using > dedicated cards over a VLAN-trunk is policy. If policy demands that > network-segmentation has to be done via dedicated NICs, then I'd get a > really big box with lot's of PCIe slots ;-)
http://lists.freebsd.org/pipermail/freebsd-current/2008-January/082469.html Quote: --- Forwarding (routing between multiple interfaces) and filtering (ipfw) IIRC with quad Intel e1000 NIC: Dual Intel Xeon 2.8GHz: 240Kpps 12k L1 cache Single Intel Xeon 2.8GHz: 380Kpps 12k L1 cache Core 2 Duo 1.8Ghz: 420kpps 12k L1 cache Single Pentium-M 1.8GHz: 550Kpps 32k L1 cache Dual AMD opteron 2GHz: 890Kpps 64k L1 cache Single AMD opteron 2GHz: 970Kpps 64k L1 cache All these hosts had 255 vlan interfaces with about 3000 routes and about 30000 firewall rules, with a good spread of packets between the interfaces with polling and fastforwarding. I struggled to generate enough packets to load the AMD routers. --- So, given that you can get 3GHz opterons with twice the L1 cache...I would expect to see >1.5mpps, especially since in the real world nobody has 255 vlans and 30k firewall rules. That'll do a few gig-e's no problem, ignoring edge cases like floods of 64kb packets. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
