On 08/05/11 20:50, Stuart Henderson wrote: > On 2011-08-05, System Administrator <ad...@bitwise.net> wrote: >> Looking to build a firewall for a fairly busy (25+mb) site. Hardware is >> Dell PE2850, 2 Xeon 64-bit CPUs, 4GB RAM, 6 em(4) interfaces. Software >> is primarily pf(4) and relayd(8). >> >> Not so long ago the recommendation was to use the i386 build for a >> slight perfomance and stability benefit. Is that still the case? What >> are the advantages and shortcomings of amd64? >> >> Thanks in advance. >> >> > > 25Mb/s isn't much for the hardware you have. If you're really bothered > then benchmark/test it *in your setup* but either will probably work fine.
heh. yeah. You are trying to optimize the stickers for wind resistance on a race car stuck in rush hour traffic. Either way, you will be in the idle state the vast majority of the time. I did a 45mbps line with 800 users with a Celeron 600 (w/384M RAM, if I recall properly. No more than 1G) about five years ago. Never broke a sweat. I can assure you not a dime was spent on the project, it was tossed together as a "this will hold us until we figure out what we need", turned out to be all we needed until MISmanagement decided they wanted to buy a couple Juniper firewalls (which never got implemented because that guy got fired) and then Cisco firewalls (which supposedly did, AFTER the guy who fired the previous guy got fired). Probably well over $100k in hardware to replace the junk system which did every bit as well. It was NEVER the case that amd64 vs. i386 mattered for a modest needsbandwidth, over-powered system like yours. Remember: you can't drive faster than the guy ahead of you. There is zero REAL benefit in tuning and balancing and blue-printing your engine when that's not your limiting factor. Sure, you may want to do it Because You Can, but then, part of the fun is figuring it out yourself...so you know you splatted yourself against his bumper harder and faster than anyone else could have. But it just doesn't matter. Nick.
