From owner-freebsd-questions@FreeBSD.ORG Fri May 28 11:32:02 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE92B106564A for ; Fri, 28 May 2010 11:32:01 +0000 (UTC) (envelope-from svein-listmail@stillbilde.net) Received: from mail.stillbilde.net (d80.iso100.no [81.175.61.195]) by mx1.freebsd.org (Postfix) with ESMTP id 764C78FC0A for ; Fri, 28 May 2010 11:32:01 +0000 (UTC) Received: from [IPv6:2002:51af:3dc3:0:c0a2:a8c9:7901:475f] (unknown [IPv6:2002:51af:3dc3:0:c0a2:a8c9:7901:475f]) (Authenticated sender: svein-listmail) by mail.stillbilde.net (Familien Skogens mail) with ESMTPSA id 6A64722 for ; Fri, 28 May 2010 13:31:26 +0200 (CEST) Message-ID: <4BFFA988.7020807@stillbilde.net> Date: Fri, 28 May 2010 13:31:20 +0200 From: "Svein Skogen (Listmail Account)" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100317 Lightning/1.0b1 Thunderbird/3.0.4 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: X-Enigmail-Version: 1.0.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig71B66978C79371C4F31EE75B" Subject: Re: FreeBSD router - large scale X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 May 2010 11:32:02 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig71B66978C79371C4F31EE75B Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 27.05.2010 17:00, Kevin Wilcox wrote: > Hello everyone. >=20 > We're in the very early stages of considering [Free|Open]BSD on > commodity hardware to handle NAT *and* firewall duties for (what I > consider to be) a sizable deployment. Overall bandwidth is low, only a > gigabit connection, but we handle approximately fifteen thousand > devices. DHCP and DNS would be passed through to other servers, this > hardware would only be responsible for address translation and pf. >=20 > I've done this on a very, very small scale (small/home office, small > business) but I'm curious how many other folks are doing it on this > scale, the hardware they are running on and any "gotchas" they may > have faced. Does pf on FreeBSD take advantage of multiple cores/SMP? > Is it preferable, as with OpenBSD, to go for a very stout processor > without much consideration to cores? Would freebsd-net@ be a better > place to ask this? >=20 > I'm getting ready to start digging in to memory and other resources > needed based on available documentation but real-world usage is much > preferred to my academic assessment. >=20 Actually, I'd find an answer from the FreeBSD Networking gurus useful as well. My trusted Cisco 3640 is getting old (had it's ten-years-of-service birthday a little while ago), so I guess I must be prepared to replace it with something new. Preferrably something that can do proper NAT port mapping to the inside servers in an RFC1918-adressed DMZ, proper NAT mapping for the client net, incoming VPDN (virtual private dialin network, such as PPTP+MPE and L2TP+IPSEC tunelling), sane IDS in the border-gateway, GRE or IPinIP tunelling with crypto for remote-sites, etc If somebody has a good starting-point for documentation on these features, I'm more than willing to "do a procject on it" to create a mini-howto/handbook-section on "setting up FreeBSD as your border gateway", provided I have someone to ask when the documentation is ... flaky. ;) It would be interesting to see what kind of performance modern hardware could get, compared to dedicated hardware a decade old. :) //Svein --=20 --------+-------------------+------------------------------- /"\ |Svein Skogen | svein@d80.iso100.no \ / |Solberg =C3=98stli 9 | PGP Key: 0xE5E76831 X |2020 Skedsmokorset | svein@jernhuset.no / \ |Norway | PGP Key: 0xCE96CE13 | | svein@stillbilde.net ascii | | PGP Key: 0x58CD33B6 ribbon |System Admin | svein-listmail@stillbilde.net Campaign|stillbilde.net | PGP Key: 0x22D494A4 +-------------------+------------------------------- |msn messenger: | Mobile Phone: +47 907 03 575 |svein@jernhuset.no | RIPE handle: SS16503-RIPE --------+-------------------+------------------------------- If you really are in a hurry, mail me at svein-mobile@stillbilde.net This mailbox goes directly to my cellphone and is checked even when I'm not in front of my computer. ------------------------------------------------------------ Picture Gallery: https://gallery.stillbilde.net/v/svein/ ------------------------------------------------------------ --------------enig71B66978C79371C4F31EE75B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) iEYEARECAAYFAkv/qY0ACgkQODUnwSLUlKS7JACfbB5QqUN6QLlpvmELx6UZqqzE XH8An1WTV54Us+x90OVHPb4Gk2dPmgt4 =sIGD -----END PGP SIGNATURE----- --------------enig71B66978C79371C4F31EE75B--