From owner-freebsd-hackers  Thu Jan 16 16: 7:57 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 99DA937B401
	for <freebsd-hackers@freebsd.org>; Thu, 16 Jan 2003 16:07:56 -0800 (PST)
Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 32F7F43EB2
	for <freebsd-hackers@freebsd.org>; Thu, 16 Jan 2003 16:07:56 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0197.cvx22-bradley.dialup.earthlink.net ([209.179.198.197] helo=mindspring.com)
	by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)
	id 18ZK35-0000LW-00; Thu, 16 Jan 2003 16:07:52 -0800
Message-ID: <3E274857.DD53F361@mindspring.com>
Date: Thu, 16 Jan 2003 16:03:35 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Josh Brooks <user@mail.econolodgetulsa.com>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	Nate Williams <nate@yogotech.com>, freebsd-hackers@FreeBSD.ORG
Subject: Re: FreeBSD firewall for high profile hosts - waste of time ?
References: <20030116143937.F38599-100000@mail.econolodgetulsa.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a48f9fa1f8aa5aa726169a48e286ed3052350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Josh Brooks wrote:
> You know, I keep hearing this ... the machine is a 500 mhz p3 celeron with
> 256 megs ram ... and normally `top` says it is at about 80% idle, and
> everything is wonderful - but when someone shoves 12,000-15,000 packets
> per second down its throat, it chokes _hard_.  You think that optimizing
> my ruleset will change that ?  Or does 15K p/s choke any freebsd+ipfw
> firewall with 1-200 rules running on it ?

No I'm just plain confused... 15,000 packets/second is just not
that much load:

Minisize	15000 * 64B * 8b	= 7,680,000b/S
...just less than 10 megabits/second.

Maxsize		15000 * 1500B * 8b	= 180,000,000b/S
...just less than 200 megabits/second.

I don't understand where you are spending your CPU time, even
if the packets are being written to disk before they are sent
on...

What's your external link speed to the Internet?  Are you maybe
getting an aplification attack against your router?

That's just not that much in the way of packet processing
overhead.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message