We've found the best gateway box -- pf, sshd for "ssh -w" vpn and ipsec clients, spamd, etc. -- is non-MP, as follows.
A) Use a box with the fastest memory bandwidth (and latency) your budget -- cash or time spent scrounging -- can afford/acquire. (e.g. on a P-III 1 GHz machine, we saw meaningful better top-end results on our stress tests between using PC133 vs PC100 and again between PC133 CL2.5 vs CL3 memory sticks.) B.1) Server-class motherboards usually have multiple PCI buses (say again, "buses," not "slots"). Opposing the em(4) nics on separate buses, with regard to in-to-out flows, helps quite a bit too. e.g internet --- (em0)(bus1)(pf)(bus2)(em1) --- LAN. B.2) Once a while back, we did see some positive affect by trying to share the driver-IRQ for the like em(4). But not too sure about this one. C) We found, on 4.2, if your mb will play nicely, expressly enabling ACPI (vs. default APM) functionality seemed to improve the the boxes throughput too. In our case, INTEL MOTHERBOARDS. Your mb may not like this, though, so use with care and/or wait to 4.3 release. -----Original Message----- From: Stuart Henderson <[EMAIL PROTECTED]> To: misc@openbsd.org Subject: Re: 4.2 and em(4) Date: Mon, 14 Apr 2008 16:23:24 +0000 (UTC) Mailer: slrn/0.9.8.1 (OpenBSD) Delivered-To: [EMAIL PROTECTED] On 2008-04-14, Joe Warren-Meeks <[EMAIL PROTECTED]> wrote: > > If the box was only doing pf stuff, then that would be correct. If you > were to put a bunch of ftp-proxys on there too, then MP would help, no? very little, the bulk data handling is done in kernel by nat/rdr rules added to the anchors, ftp-proxy only touches the control connections.
