[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: system requirements



In article <20030817055201.GG12573@cerberus> jcollins@asgardsrealm.net writes:
>I didn't see the bit about gigabit ethernet, came in late to the thread.
>But gigabit or not, if you're merely routing the traffic the CPU is not
>going to be your bottle neck in most cases.

The only time I've seen a pentium-III 1.1ghz firewall with seven
100mhz interfaces cpu-bound was when one of the systems behind it got
infected with the sql slapper worm and was sending small udp packets
to random destinations as fast as it could.  The system in question
needed to be unplugged from the network to make the firewall respond
to the console.

The amount of cpu time used depends on a lot of factors.  If almost
all of your traffic is handled by the first rule that allows existing
connections you need a lot less system than you do a lot of udp to
millions of differnet destintions that needs to go through dozens of
differnt rules.

-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
With Microsoft, failure is not an option.  It is a standard feature.



Reply to: