Gigabit question(s)

  • Ive put together a box running pfsense, a few gigbit nics, etc. I am able to push at most about 22/25MB/sec. If i bypass the sense box i can push upwards of 35MB/sec. Now i know I should even be able to push more then that, but this setup isnt perfect for that.

    Im looking to setup a machine (machines?) to be able to filter multi gigabit traffic, upwards of 5-10gig at a time through various interfaces. Speed is a MUST in this matter.

    Can you guys suggest a setup for this? or if not possible atleast toss that out there too.

    Also im using 1_2 now(its looking good).

    thanks all.

  • You need some nics that don't cause too much cpu load (intels should be preferred). Then you need the fastest PCI bus that you can get for this. On top of this all packets have to be pushed through the cpu so you shouldn't try that with something slow. What are the specifications of the machine that you are using currently?

  • Been using realtek's (to test with since its what i have) with the option to use device polling, even under heavy transfers the cpu doesnt go much above 30%.
    Its a Via c3/c5 1ghz with 256ram, Onboard nic 10/100, and a onboard realtek gigabit, with an add in pci gigabit nic. This isnt the setup i would be going with for the server to push multi gigabit. Ive been eyeing the Intel dual gig nics for that.

  • You can't push more than what you're seeing through a PCI bus, nor with a CPU that slow, nor with Realtek NIC's.

    You need server class hardware, with multiple PCI-X buses, Intel PCI-X gigabit NIC's, and at least a 3 GHz proc.

    Even with that, you may still be disappointed, as I doubt if you'll be able to push 5-10 Mbps through ANY PC hardware running ANY software.

    It's PC hardware, it's not up to the task of pushing many many Gbps of traffic. You need ASIC's for those kinds of speeds (and resultant pps rates), and L3 switching likely. The kind of numbers you're talking about are what very big corporations and ISP's push, and if they're routing and firewalling 2+ Gbps chances are they're doing it with a Cisco Catalyst 6500, with a FWSM for firewalling. A $40K+ setup, minimum. ASIC's aren't cheap, but that's how you get wire speed multi-Gb performance.

    You may be able to get 2-3 Gbps through new server class hardware, but I would guess the resultant pps rates at that speed will limit your throughput.

    CPU usage with polling enabled is misleading. You're CPU bound, a better NIC might help substantially, but your bottleneck at this point is your CPU.

  • good to know before i started beating on this project too much, I will look into other options. thanks for the help guys, saved me alot of time with trials

  • @cmb:

    Even with that, you may still be disappointed, as I doubt if you'll be able to push 5-10 Mbps through ANY PC hardware running ANY software.

    Typo?  I can push 10 Mb/s through my home broadband link (which is a 10 Mb/s link) through a low end (533 MHz) VIA box with ease (FreeBSD 4.7 running IPFilter).  I've got a (cough)Linux(cough) box that's handling double that (though it is a dual 3 GHz Xeon) without any problems.

  • Yes, typo. It can handle much more than that.

Log in to reply