From owner-freebsd-questions  Thu Oct  7 18:20:19 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
	by hub.freebsd.org (Postfix) with ESMTP id 8DD0314E91
	for <questions@freebsd.org>; Thu,  7 Oct 1999 18:20:07 -0700 (PDT)
	(envelope-from mike@sentex.net)
Received: from ospf-mdt.sentex.net (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id VAA15963; Thu, 7 Oct 1999 21:20:03 -0400 (EDT)
From: mike@sentex.net (Mike Tancsa)
To: beowulf@sns-access.com (Chad Monteith)
Cc: questions@freebsd.org
Subject: Re: THree NIC's -> filter/firewall/router
Date: Fri, 08 Oct 1999 01:20:03 GMT
Message-ID: <37fd4450.79331512@mail.sentex.net>
References: <MAILPine.SOL.3.95.991007154404.3791A-100000@pickwick>
In-Reply-To: <MAILPine.SOL.3.95.991007154404.3791A-100000@pickwick>
X-Mailer: Forte Agent .99e/32.227
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 7 Oct 1999 18:47:52 -0400, in sentex.lists.freebsd.questions you wrote:

>Hello,
>        If somebody has done this could you contact me?  I am trying to
>assess its feasability.
>        We want to use one FreeBSD system with three NIC's in it running
>at 100 MB/s (all three to a different switch).  The machine will need to
>router between the three interfaces (it will server as a gateway/router),
>filter
>packets ala a firewall, and all www/ftp/SSL traffic will need to be
>process by our Squid/SmartFilter system, i.e. block that traffic unless
>its from itself.
>	Also have you had performance problems?  Three 100 MB/s NIC's
>running at full speed will probably kill the PCI bus...

Thats three at 100 Mbits, not Bytes right ?  I have a router with 4 Intel
fxp cards in it, 3 in 100Mb full duplex, one in 10BaseT.  I have seen it
spike upwards of about 10Mb (which is the maximum coming into it from a
cross over cable to a Cisco 4700), have 4 going out, 1 and 1 on another,
and 1Mb on the third, and 14 going out the other end, as well as running
gated and 22 ipfw rules to process.  It does us well.  Remember, cdrom.com
saturates a single 100Mb connection.  

	---Mike
Mike Tancsa  (mdtancsa@sentex.net)		
Sentex Communications Corp,   		
Waterloo, Ontario, Canada
"Given enough time, 100 monkeys on 100 routers 
could setup a national IP network." (KDW2)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message