On Tue, Dec 4, 2012 at 11:42 PM, Joel Wirāmu Pauling <j...@aenertia.net> wrote: > Yes CARP/LACP layer2 load balancing was my first preference of design. > > There is a very expensive Alcatel-Lucent 7750 on the upstream(red) > side that these machines are plugged into which does our BGP session > handling to our peer among other carrier things. These boxes whilst > very capable - are esoteric when you want to any sort interactive > inspection of L3 traffic, and I enjoy having the flexibility and > familiarity of OpenBSD on the FW. > > In our existing setup I have noticed that with the existing SUN v215 > OBSD box ends up being the pinch point - especially when we have > multicast running internally it becomes very noticeable wrt Latency > and Throughput.
But actual version of OpenBSD is 5.2 and not 4.9. And A LOT changed between those regarding performance. Is it performing bad even with 5.2? I think that devs will be interested in such a report. > > Sounds like I should retire the v215 - I was hoping I might be able to > prolong it's life as part of the HA setup; it boots very quickly in > comparison to the HP hardware something quite useful in a Firewall - > but seems I should perhaps put a Soekris or something else in-line for > that purpose. > > Kind regards > > -Joel > > > > > > On 5 December 2012 11:27, Loïc BLOT <loic.b...@frostsapphirestudios.com> > wrote: >> Hi Joel, >> You can mix several architectures, that's not a problem for firewall and >> routers, IP is OS arch independant. >> The thing you must consider is packet processing. Some architectures are >> fast to process for packets than other (with equivalent perfs on paper). >> If you doesn't need low latency, you don't have to consider this thing. >> Do you want to make a load balanced infrastructure (like CARP LB) ? >> >> -- >> Cordialement, >> Loïc BLOT, expertise en systèmes UNIX, sécurité et réseaux >> Frost Sapphire Studios >> >> Le mercredi 05 décembre 2012 à 10:15 +1300, Joel Wirāmu Pauling a >> écrit : >> >>> Kia ora/hello, >>> >>> I am currently redesigning one of our border edge Firewalls and want >>> to split the existing SPARC64 v215 into several DL140's in an HA - >>> Active/Load-balanced configuration. >>> >>> The Sparc64 hasn't been without issues - and is currently running 4.9 >>> release + some patches and is due for a re-install in any-case. >>> >>> My question is whether or not it is considered a 'good idea' to mix >>> and match Archs. Effectively The question is if it is worth retaining >>> the v215 alongside the two dl140's as part of the border FW solution. >>> >>> >>> question to determine if : >>> >>> a) Anyone is doing this? (mixing amd64/i386/sparc64) >>> b) Gotcha's >>> c) If this is generally considered a 'good idea'? >>> >>> >>> >>> Kind regards >>> >>> -Joel >>> >>> http://gplus.to/aenertia >>> http://linkedin.com/in/aenertia >>> @aenertia
