On Thu, Oct 04, 2007 at 05:48:50PM -0700, Florin Andrei wrote: > Dual-homed firewall, web server on the private network, firewall is > doing 1:1 NAT for the web server to the public interface of the > firewall. em0 is the public interface, em1 is the private one. > > In the exact same setup (same hardware even) I am comparing Linux and > OpenBSD for a firewall. Installed Linux on a hard-disc, OpenBSD on > another disc, and I'm just swapping discs while I'm testing. > All firewall rules are written as stateless as possible - I don't need > stateful filtering, the setup is very simple (allow HTTP inbound, allow > a few ICMP types, and that's it). > > With Linux, I achieve gigabit transfer speeds through the firewall > (saturating the network ports), but the firewall refuses to let any new > connection through when I flood it with a bunch of small UDP packets > with random source addresses. > > I expected OpenBSD 4.1 to do better. But the thing is, even without the > UDP flood, the OpenBSD firewall is very slow. I am downloading a huge > file through it, via HTTP, and all I get is 4 Mbyte / sec. With Linux I > get 112 Mbyte / sec. > > Something's wrong. Or I'm doing something wrong. > > The hardware is AMD64, Tyan Transport, 2 CPUs 2 cores each. I am using > the SMP kernel. The network card is Intel Pro/1000 PCI Express 4x dual > gigabit port, it carries both em0 and em1. >
I guess you need to "enable acpi" with config(8) as the system is quite new and most newer system have busted MP BIOS infos. The effect is bad interrupt routing and other crazyness -- which is often felt as slow systems. -- :wq Claudio
