I am currently running a Dell Poweredge 350 with FreeBSD 4.7 as a network firewall for one of our sites. This site sees about 3 megabits of traffic.
per some unit of time, I presume? ;-) maybe 3Mbit/s?
The average firewall ruleset runs around 600-800 rules, running on IPFW.
That's a huge number of rules -- do you have any idea what number of packets are checked against how many rules before being accepted or denied? A histogram would be nice....
Could this be a direct cause of why my system's interrupt usage is over 50% at many times, as well as sending ICMP source quenchs from time to time?
Can anyone suggest a performance tweak to help this box along?
Without seeing the ruleset, I'd venture a guess that IPFW2 would help reduce the number of rules, and that a clever refactoring (with poss. use of skipto rules) might reduce the load.
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent man requires only two thousand five hundred."
- The Mahabharata_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
