On Mon, Nov 12, 2007 at 01:01:26PM +0000, Stuart Henderson wrote: > On 2007/11/12 12:56, knitti wrote: > > > Looking to manage several webservers I am wondering if anybody uses > > > something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ? > > > (That image shows Wim's net4801-50 plus quadport lan1641 firewall box, > > > giving 7 ports with low powerconsumption - on OpenBSD) >
yes, it works fine. but see below. > what sort of bandwidth / packets per second? > ...that is the point. especially the pps rate and the estimated concurrent TCP sessions (concurrent visitors on the website) are important. a net4801 is able to handle more than 60MBit/s, but the real limitation is the supported number of pf states/sessions/... > > > The standard choice in my datacenter (linux users mostly) seems to be HP > > > Procurve but I'd prefer the power of PF. > > they're most likely switches. (Vantronix have a module for HP 5300xl > switches that runs PF, though). > for the record: http://www.vantronix.com/products/vtfw/xl1/ > > I don't know exactly the 4801, but I use a couple of 4501 as firewalls and > > IPSec-Routers for connections of up to 5 MBit/sec. Seeing the specs of > > the 4801 and knowing the 4501, I wouldn't use them for more than about > > 40-50 Mbit/sec. > > I feel 40-50M would be pushing it, given that you might like some > overhead to allow for occasional heavy numbers of packets. 5501 > might do better (maybe with a nic rather than the on-board vr). > the net5501 is ok and the performance is much better. there was just some more work in the past to fix and optimize the sis driver and to tune OpenBSD support for the 45xx/48xxx. some more work needs to be done for the h/w in the net5501. > I'd normally prefer a standard amd64/i386 box for a datacentre > firewall though. I may change my mind when the net7501 eventually > surfaces... > and it would be great to have soekrises with redundant power supplies ;) it is not just the performance. reyk
