On 2015-02-19, Nick Holland <n...@holland-consulting.net> wrote: > On 02/18/15 17:30, ML mail wrote: >> Hi, >> >> Stupid question but if you would have to choose between two different >> Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all >> /24 networks behind and around 50-60 Mbit/s average traffic would you >> rather choose the CPU with higher Frequency and less cores or for a >> CPU with lower frequency but more cores? > ... > actually, I'd ask more useful questions. > Realistically, most modern "fast" CPUs (let's leave out "special cases" > like the Intel Atom, though even that might do it for you) will do the > job just fine.
Modern Atoms (avoton, rangeley) will do just fine for this amount of "normal" traffic. If the ruleset is super-complicated or if there are very high PPS counts (which is by *far* more important than absolute bandwidth) _or_ if there is a reasonable chance of that happening during the expected life of the machine, then you might need faster. Just choosing between the two suggested CPUs and taking only the basic description of workload into account I'd probably choose the lower-power one. >> Or asked differently, which are the importants criteria to look at >> first for a CPU intended to be used in an OpenBSD firewall? > > Discussing the merits of a CPU that's 95% idle vs. one that's 90% idle > really misses a few points. If I were looking for a box, I'd look at > more important issues: > (in no particular order. And your criteria WILL differ from mine) > * How fast a machine boots. > * Availability of repair and upgrade parts > * Low cost, so I can get a second machine and CARP 'em together. > * General usability of the system and support by OpenBSD > * Good bus structure for application > * Well-supported NICs > * Power consumption. > * Quiet > * Simple Availability of out-of-band console access. Working IPMI SOL with a dedicated NIC as a minimum, but preferably a standard serial port. Non-idiotic rack mounting hardware.
