From owner-freebsd-questions@FreeBSD.ORG Thu May 27 15:00:15 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D132106568B for ; Thu, 27 May 2010 15:00:15 +0000 (UTC) (envelope-from kevin.wilcox@gmail.com) Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 141618FC0C for ; Thu, 27 May 2010 15:00:13 +0000 (UTC) Received: by gyh20 with SMTP id 20so36115gyh.13 for ; Thu, 27 May 2010 08:00:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=89Kxk+Sl+h/Y9552vvpVHOdqrr/+aftdmwaz0k8THw0=; b=N85EDYUDXe1zV6rQhkSpwOc6jGgnOKBcyDCJ3P+zAbhAeSvlLPlWggH29kkRDyte1c 8sFR2sXYBasYY9PB6lTt6BaPVRcmVdidLf5OFIajOAi5vCTu1oqgQ9JwwZ7qCdgN19rS VJL11H4TJ38XrhfE39QY7Mmxdl8H7EL5ulTJs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=rJbDCIjthfy6B/PWoK+1VQu5GBaDd3sM4JOtE0nH9hBwxVxvHFxAKDNh3ccIX5QDn1 4mSNs/V5WJjtMl/HT8jaX3rn0RqwH2EiMO1wiJrvspq1Ts6tzaISkjOwHggmtgwLt2jM IV2JhcSI9zGFlsu7JRxsfKylWNsSNvPoIX/4g= MIME-Version: 1.0 Received: by 10.91.100.18 with SMTP id c18mr123501agm.151.1274972413047; Thu, 27 May 2010 08:00:13 -0700 (PDT) Received: by 10.90.86.5 with HTTP; Thu, 27 May 2010 08:00:12 -0700 (PDT) Date: Thu, 27 May 2010 11:00:12 -0400 Message-ID: From: Kevin Wilcox To: Free BSD Questions list Content-Type: text/plain; charset=UTF-8 Subject: FreeBSD router - large scale X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 May 2010 15:00:15 -0000 Hello everyone. We're in the very early stages of considering [Free|Open]BSD on commodity hardware to handle NAT *and* firewall duties for (what I consider to be) a sizable deployment. Overall bandwidth is low, only a gigabit connection, but we handle approximately fifteen thousand devices. DHCP and DNS would be passed through to other servers, this hardware would only be responsible for address translation and pf. I've done this on a very, very small scale (small/home office, small business) but I'm curious how many other folks are doing it on this scale, the hardware they are running on and any "gotchas" they may have faced. Does pf on FreeBSD take advantage of multiple cores/SMP? Is it preferable, as with OpenBSD, to go for a very stout processor without much consideration to cores? Would freebsd-net@ be a better place to ask this? I'm getting ready to start digging in to memory and other resources needed based on available documentation but real-world usage is much preferred to my academic assessment. Thanks! kmw -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?