I was still wondering what could be considered "maximum" session concurrency that I could expect, with various hardware combinations? Is anyone that can tell me if it could be feasible with OpenBSD and better hardware? Even if we have to move to a different platform than i386, like maybe a Sun Fire T1000, as I don't see that as being a problem if it solves our issues. What we would like most if possible is to find something that could scale in the million concurrent sessions, but with a couple of thousands of new sessions per second. I know it's something very hardware demanding and even most enterprise class firewalls like Juniper and Fortinet don't scale much more than a million even on their higher end models, so that's why I'm curious as to what I could expect a PF setup to scale.
?A million concurrent sessions with a couple of thousands of new sessions per second? They're high values.... I think the current highest value in PF is 750k packets per second and all PF's behaviour/performance will be conditioned by it.
Please, feel free to correct me if I'm wrong. -- Thanks, Jordi Espasa Clofent
