Date: Tue, 17 Jun 2014 16:03:00 +0100 From: Tom Evans <tevans.uk@googlemail.com> To: Peter Jeremy <peter@rulingia.com> Cc: Chris Nehren <cnehren+freebsd-stable@pobox.com>, FreeBSD stable <freebsd-stable@freebsd.org> Subject: Re: Suggestions for low-power gigE firewall? Message-ID: <CAFHbX1K0D%2B0KCeZdU1wm5DiFv4E_FsuR6QwFAsLUrdg4RdiUcg@mail.gmail.com> In-Reply-To: <20140615090845.GB42502@server.rulingia.com> References: <20140613121732.GA61092@behemoth> <20140615090845.GB42502@server.rulingia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 15, 2014 at 10:08 AM, Peter Jeremy <peter@rulingia.com> wrote: > On 2014-Jun-13 08:17:33 -0400, Chris Nehren <cnehren+freebsd-stable@pobox.com> wrote: >>Speaking of Soekris elsethread, I'm presently interested in >>picking up a small device to use as a router + firewall for my >>home network. > > One thing to keep in mind is that 'gigE firewall' is fairly meaningless by > itself. Most of the load is per-packet and GigE could be anywhere between > (roughly) 80kpps and 1.5mpps. > > That said, since you mention 'home network', I presume you don't need complex > packet manipulation at wire-speed. Note that whilst the re(4) driver doesn't > have the same comments as the rl(4) driver, you will still need significantly > more CPU power to get the same thruput from a RTL8111 as (eg) an em. This is quite interesting to me; I'm very fortunate in that my ISP provides synchronous gigabit, which comes in to my block of flats as fibre and then is presented to me as ethernet. The ISP provided a router; they also noted that the router was not capable of utilizing the whole connection, and the most that I could achieve out of it would be ~ 800-900Mbit. Plus, although it's a pretty good router, I want to run my own dhcpd settings, configure tunnels and VPNs etc. Ideally, I'd replace it with my home server, but there is not enough space in the "comms room" (aka the washing machine closet) to put that there, and not enough wiring to route the WAN connection to where the server is now and then back to the patch panel in the comms room to distribute throughout the flat. The next best would be to replace it with a small Soekris style box running BSD that can fit in the comms room - but how to know what will be sufficient, or even where the bottlenecks would be - is it pps that is the issue, or is NAT at high throughput going to be a problem? And how to measure my current usage? If I'm "filling" my GigE, then it is probably because I am downloading something, which means it's unlikely to be hundreds of thousands of small packets, right? Talk about first world problems! Cheers Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFHbX1K0D%2B0KCeZdU1wm5DiFv4E_FsuR6QwFAsLUrdg4RdiUcg>