Date: Mon, 1 Jun 1998 19:31:01 -0600 From: match@ee.utah.edu To: Julian Elischer <julian@whistle.com>, Michael Hope <michaelh@earthling.net> Cc: Malartre <malartre@aei.ca>, small@FreeBSD.ORG Subject: Re: i386 has a Firewall Message-ID: <199806020129.AA018960956@ee.utah.edu> In-Reply-To: <Pine.LNX.3.95.980601112640.11920J-100000@heartofgold.pcmedia.nzl.com> References: <Pine.BSF.3.95.980531160402.11289G-100000@current1.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Date sent: Mon, 1 Jun 1998 11:31:07 +1200 (NZST) From: Michael Hope <michaelh@earthling.net> To: Julian Elischer <julian@whistle.com> Copies to: Malartre <malartre@aei.ca>, small@FreeBSD.ORG Subject: Re: i386 has a Firewall All valid points. You reach saturation pretty quickly with a 386sx-16, but... Just as a data point. Our department network at the U of U EE department had grown to about 350 computers... PC's, Suns, HP's, Macs, etc. All on one wire. Periods of high network traffic would bring it to it's knees. In an effort to improve throughput, I built a 486-66 with 5 ISA ethernet cards (NE2000 clones-the cheapest of the cheap) and configured it to be a router using FreeBSD. We broke our one wire into 4 segments geographically (roughly one segment per floor) and the improvement was MORE than dramatic. Originally, this was just an experiment to demonstrate that it could be done. I feared that a lowly 486-66 would run out of horsepower during peaks (such as lunchtime when everyone seems to want to surf while eating lunch at their desks, we even NFS-mount disks on our Suns through it) and I'd soon be replacing it with a Pentium, but so far we've not been able to overwhelm this little router, even when we try to. For what it's worth... I know that this is not a valid comparison, yet I'd suggest trying the 386sx-16 if it's not being used. What have you got to lose? And, you'll learn a lot. You can still prove the concept, then look around for a faster machine if needed. Marvin match@ee.utah.edu > > a 386sx16 would be so much faster than the ppp link that doing packet > > filtering on the way through is hardly likeley to change much :-) > > Unfortunatly not in my experiance. While on the face of it 16MHz is a > hell of a lot faster than 33.6kHz, the time taken to service an interrupt, > process the packet and send it on combined with the margin needed so that > you dont loose any bytes while doing something else means that you need a > 486 to do it safely. The best I've ever gotten out of a 386SX-20 with a > 16450 UART was 1.0k/second. It actually ran better with the port speed > set to 9600 as not no many bytes were lost! > > -- Michael > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-small" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806020129.AA018960956>