Hi all, in order to put in place a firewall system capable of handling a multi-gigabit connection, my company is also considering OpenBSD. I've been using it for my firewall setups since OpenBSD 3.5, but I have no experience on how will it perform on a multi-gigabit link.
My company already uses OpenBSD. It had been a rock solid and high performance system on a 100 Mbps link to Internet since some years ago. The memory usage, as well as the load on the system are extremely low even when faced with an almost saturated 100 Mbps link. The server is a DELL PE 1950, equipped with Intel PRO/1000 PT dual port gigabit (PCI Express) network cards, and the idea is to use the same server model to implement the multi-gigabit firewall. Some information on the actual system (on the 100 Mpbs link): state table entries average ~ 120000 state table lookups average rate ~ 30000/s state table inserts average rate ~ 600/s state table removals average rate ~ 600/s The traffic profile - mainly HTTP traffic to several http/https servers - will be the same as we have now, which we expect to increase a lot in the next months. Also, we are considering to use ALTQ to implement traffic shapping. My questions: Did someone implement this kind of system before? Is it performing well? Is it impossible at all? Could the traffic shapping subsystem configuration be a bottleneck on such a system configuration? Thanks
