On Apr 16, 2007, at 2:34 PM, Bryan Vyhmeister wrote:
On Apr 16, 2007, at 8:24 AM, Ronnie Garcia wrote:
Bryan Vyhmeister a icrit :
This brings up a question I have had for a while. Does pfsync
generate enough traffic that running gigabit cards for your
$ext_if and $int_if and a 100base-TX card for your pfsync
interface cause a major bottleneck?
It depends on the rate of the states changes.
Here, we have ~30mbits on pfsync, for ~40mbits of traffic (!)
Based on this, I would say that it is important to have gigabit
cards throughout if you plan on getting much more than 100 Mbps
throughput in your firewall. Has anyone ever experimented with
using a separate VLAN for pfsync traffic on a gigabit card? Is that
even possible?
Of course. You could do a "3-homed" firewall using a single physical
interface with VLANs. Not that you *should*, but you *could*.
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
