On 2009/05/27 16:09, Simon Morvan wrote: > Le 27/05/2009 15:38, Stuart Henderson a icrit : >>> I tought I'd better run pfsync over a direct connection rather that >>> > through the switches. In case of failure of a switch, the sync has a >>> > chance to be complete and the failover "cleaner", but maybe I'm wrong... >>> >> >> If your firewalls are connected to different switches, that does make >> sense (unless your CPUs are saturated, in which case em(4) might indeed >> be a bit better). >> >> > Does the pfsync traffic lead to CPU overload before the business > traffic do ?
I think that would depend on the specific interfaces and the traffic characteristics. In your case, since you're limiting pfsync to 100 Mb/s by hardcoding the port speed, I don't think you'll max out the cpu with pfsync traffic even on an Atom.
