Samer Y. Azmy wrote:> Hello > > Can I use iptables with 1Gbps, I do not mean here the compatibility with the operaitng system > > what I mean, can I acheive 1Gbps traffic through a pc based firewall ? > > What you think Tom ? >I have no clue -- You should search the archives of the Netfilter list for this sort of information. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Quoting "Samer Y. Azmy" <samer_symantec@hotmail.com>:> Hello > > Can I use iptables with 1Gbps, I do not mean here the compatibility with the > operaitng system > > what I mean, can I acheive 1Gbps traffic through a pc based firewall ? > >I think you will be hard pressed to get a full 1GB of traffic through a PC even if you are not using any firewalling software. The standard PCI bus is limited to 133MB/s (IIRC). I believe that 64-bit PCI, PCI-X, and possibly even PCI Express increase this limit, but I don''t have specific numbers (Google around a bit). From what I recall seeing in the past (sorry, no specific references - Google is your friend again), I seem to remember seeing somewhere in the 300-700MB/s type of transfer rates with 1GB cards (wide variance due to no firewall/with firewall/other factors). As with anything, YMMV. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
> Quoting "Samer Y. Azmy" <samer_symantec@hotmail.com>: > >> Hello >> >> Can I use iptables with 1Gbps, I do not mean here the compatibility with >> the >> operaitng system >> >> what I mean, can I acheive 1Gbps traffic through a pc based firewall ? >> >> > I think you will be hard pressed to get a full 1GB of traffic through a PC > even > if you are not using any firewalling software. The standard PCI bus is > limited > to 133MB/s (IIRC). I believe that 64-bit PCI, PCI-X, and possibly even > PCI > Express increase this limit, but I don''t have specific numbers (Google > around a > bit). From what I recall seeing in the past (sorry, no specific > references - > Google is your friend again), I seem to remember seeing somewhere in the > 300-700MB/s type of transfer rates with 1GB cards (wide variance due to no > firewall/with firewall/other factors).With good hardware, you can get much closer to wire speed than the 700MB/s. However, I never made tests with iptables involved. On the other side, you can''t really call the hardware I tested pc hardware.
Hello Can I use iptables with 1Gbps, I do not mean here the compatibility with the operaitng system what I mean, can I acheive 1Gbps traffic through a pc based firewall ? What you think Tom ? Kind Regards Samer
> what I mean, can I acheive 1Gbps traffic through a pc based firewall ?Yes, But NOT with a "standard" PC, and not with "standard" Card. You _will_ need 64-bit PCI@66MHz and a GOOD NIC (since PCI32@33 has a maximum throughtput of just over 1Gbps). But I know for a fact that an institution in Gothenburg uses a PC-based iptables-firewall on a multi-Gbps line. They are using a pair of Intel PWLA8490LX cards on a Dual Opteron 246 (Tyan Thunder K8W). Actually they are using two of these systems in a hot-standby configuration. CPU-performance isn''t as much an issue as I/O-bandwidth is.
On Thu, 2004-07-15 at 22:08, Simon Matter wrote:> > Quoting "Samer Y. Azmy" <samer_symantec@hotmail.com>: > > From what I recall seeing in the past (sorry, no specific > > references - > > Google is your friend again), I seem to remember seeing somewhere in the > > 300-700MB/s type of transfer rates with 1GB cards (wide variance due to no > > firewall/with firewall/other factors). > > With good hardware, you can get much closer to wire speed than the > 700MB/s. However, I never made tests with iptables involved. On the other > side, you can''t really call the hardware I tested pc hardware.looking at the numbers i guess you are talking about 10Gbps cards; 1Gbps =~ 128MB/s. realistic values fot a gigabit nic on current hardware are around 100MB/s with no disk IO involved. regards m
> On Thu, 2004-07-15 at 22:08, Simon Matter wrote: >> > Quoting "Samer Y. Azmy" <samer_symantec@hotmail.com>: >> > From what I recall seeing in the past (sorry, no specific >> > references - >> > Google is your friend again), I seem to remember seeing somewhere in >> the >> > 300-700MB/s type of transfer rates with 1GB cards (wide variance due >> to no >> > firewall/with firewall/other factors). >> >> With good hardware, you can get much closer to wire speed than the >> 700MB/s. However, I never made tests with iptables involved. On the >> other >> side, you can''t really call the hardware I tested pc hardware. > > looking at the numbers i guess you are talking about 10Gbps cards; > 1Gbps =~ 128MB/s. realistic values fot a gigabit nic on current hardware > are around 100MB/s with no disk IO involved.We were talking about Mbits/s. Right, there is always confusion with MB.> > regards m > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >
>They are using a pair of Intel PWLA8490LX cards on a Dual Opteron 246 >(Tyan Thunder K8W). Actually they are using two of these systems in a >hot-standby configuration. > >By some slim chance you wouldn''t have any more information as to how to set this kind of thing up would you? (a hot-standby that is) Or even some links with more information? The sys admin inside of me is very much wanting more info :-D