Re: Debian

To: Erik Persson <erik-maillist@djingis.se>
Cc: debian-isp@lists.debian.org
Subject: Re: Debian
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Fri, 25 Aug 2006 11:03:42 -0300
Message-id: <[🔎] 20060825140342.GC8974@khazad-dum.debian.net>
In-reply-to: <[🔎] 44EE1DE1.3020703@djingis.se>
References: <[🔎] 44EE1DE1.3020703@djingis.se>

On Thu, 24 Aug 2006, Erik Persson wrote:
> Is there anyone who has any experience regarding running debian on an 
> Athlon 64 3200+, with dual 1gb/s lan, as a router and firewall?

I'd expect you'll need some kernel patches (netfilter ipsets or netfilter
hf-hipac, for example) for the firewall part, unless it is a very very
simple firewall with almost no rules.

> Anything special to think about?

Yeah, packet filtering at 1GB/s at full wirespeed can mean up to 3M
packets/s, which is NOT something trivial to do. At all.

The same goes for routing.

> What throughput is it possible to reach?

I guess you will have to test this yourself, I didn't find many up-to-date
studies on this.  If you do, please tell us the results :-)

> How is throughput affected by packet filtering?

It is *very* affected, see the pages for ipsets and hf-hipac, they have
studies on this area.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Debian
  - From: Erik Persson <erik-maillist@djingis.se>

Prev by Date: Re: NETDEV WATCHDOG error. Net dies. Why?
Next by Date: =?utf-7?b?QW50aWdlbiBlbmNvbnRyK0FQTS0gZWwgZmljaGVybyBGSUxFIEZJTFRF?==?utf-7?b?UitBRDAtICArQUNvLS4rQUNvLSA=?=
Previous by thread: Re: Debian - Should be: Experience of Debian as 1gb/s router?
Next by thread: NETDEV WATCHDOG error. Net dies. Why?
Index(es):
- Date
- Thread