Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Jun 2008 09:22:40 -0600
From:      Chad Perrin <perrin@apotheon.com>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   firewall high-load performance
Message-ID:  <20080610152240.GB66787@kokopelli.hydra>

next in thread | raw e-mail | index | archive | help

--7ZAtKRhVyVSsbBD2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

My preferred firewall these days, for general use, is pf.  I seem to
recall someone who has used it in high-load scenarios that it can kinda
choke at high loads, though I don't recall whether that was due to pf
itself or the fact he was running it on OpenBSD.  Until now, this has not
been a concern for me.

I may be getting involved in a commercial project in the near future that
could very well involve handling very large numbers of connections
dealing with potentially high bandwidth demands, however.  The
circumstances would require some QOS, and I'm thinking of using pf/ALTQ
for this project, but I don't want to discover after we're well underway
that large numbers of connections would cause problems.  Should I
consider ipfw or ipfilter instead, or are my concerns with relation to
pf's ability to handle extremely high loads of legitimate traffic
unfounded?

--=20
Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ]
H. L. Mencken: "Democracy is the theory that the common people know what
they want and deserve to get it good and hard."

--7ZAtKRhVyVSsbBD2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAkhOnEAACgkQ9mn/Pj01uKW9lACg82CuQXZNSpGZQPXLAzR/l2N3
ZRIAn3Wq+jTIxP1Gz0hSlHYA1seOpfmM
=j00r
-----END PGP SIGNATURE-----

--7ZAtKRhVyVSsbBD2--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080610152240.GB66787>