On Mon, Apr 13, 2009 at 6:13 AM, Lenny <[email protected]> wrote: > Hi guys, > first of all, thanks for all the support! > > Anyway, unfortunately, after all the hell I've been through with this, our > CEO is not interested in buying a new server:(
heh.. How about "sorry, but there is no other option"? Maybe quote some big commercial firewalls adequately sized to handle that traffic. They'll come in at 10* or more the cost of a new server box and see if that changes his tune. > But let's put all the "smart" decisions aside as I have to figure out what > can I replace it with. > The first thing I thought about was m0n0wall, as I want to stay as close to > pfSense and FreeBSD as possible. > So the question is: will the x335 server with 2x3.06GHZ Xeons be enough for > my traffic? To remind you, I have to handle around 150kpps, which is about > 300Mb. > > From my first look at this distro I saw that it doesn't have SMP, shell > access and it defaults to 30000 states, which is impossible to change unless > you rebuild the whole thing from scratch. Yeah that's going to be the primary issue there. > I was looking at 1.25, because as I understand it's built on FreeBSD 4, > which should be faster. And even if you went as far as recompiling the kernel and making a custom image, I suspect you're not going to get that kind of traffic through it still. On the high end hardware, the newer FreeBSD versions are as fast or possibly faster in some scenarios. On low end, single proc hardware, 4.x is considerably faster. > If I stand no chance with dealing with such traffic via m0n0wall, is there > anything you could advise that would actually run on this old machine? > It's more of a hardware limit than a software limit. If you disable the packet filter I'm sure you can push your traffic load through the hardware you have. Probably defeats the purpose though. Been a couple years since I've tested, but last I ran any tests, there was minimal difference between FreeBSD 7.x and Linux 2.6.x. OpenBSD is considerably slower than FreeBSD. Bottom line - it's highly unlikely you're going to push the kind of load you need through that box no matter what you're running on it. PCI-e or 10 Gb NICs would perform better, but in the former case I'm pretty sure your server doesn't have PCI-e slots, and in the latter, it would be cheaper to buy a new server than 10 Gb NICs. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
