On 14-05-21 08:27 PM, Joseph H wrote:
Hi Everyone,
I was having a debate with a new network engineer we have and we were
discussing how pfSense performs and how it would handle 10G network
connections, setup as a transparent firewall, using snort and a few
other packages to help monitor and graph traffic.
I was saying that as long as it has plenty of CPU and Memory, plus
Intel NIC's for the 10G then it would not have any problems doing
transparent mode, and there would be no noticeable slowdown or
sluggishness.
Does anyone have any statistics they would share or what size server
to build, using Intel 10G nic cards?
Thanks in advance.
Joe
Jim just had this argument with Henning Brauer at BSDCan... at those
speeds, bandwidth doesn't really matter, packets-per-second matters.
In most normal situations, pfSense can pass almost 10Gbit/sec of
traffic. However, in a DDOS - or VoIP - scenario, its limited PPS rates
(compared to stupidly expensive hardware-accelerated appliances) rapidly
will become a bottleneck.
Depending on your traffic patterns, you will probably max out on PPS
long before you max out on bandwidth.
Transparent mode vs. routed mode probably won't make all that much
difference at the scales you're talking about, but I admit I've never
tried transparent mode at >1Gbps.
--
-Adam Thompson
[email protected]
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
