[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: question about PF performance

To: "'RJ45'" <rj45@slacknet.com>, <misc@openbsd.org>
Subject: Re: question about PF performance
From: "Dom De Vitto" <dom@DeVitto.com>
Date: Sun, 7 Sep 2003 20:36:52 +0100
Cc: <owner-pf@benzedrine.cx>
Organization: Secure Technologies Ltd.

Yes, yes, yes and yes.
PF can filter at this kind of speed, though it's IRQ load that the
bottleneck. Bandwidth management, that's PF too. and just RDR the
layer 7 stuff to something with the grunt to inspect at layer 7
- I wouldn't do it on the same box, though you could.

Maybe this answers your question as to why they told you to use
OpenBSD... :-)

Oh, and you didn't say anything about filtering 802.1q vlans, that's
do-able too, and...and...and...

Dom
PS. I've cross-posted this to the PF list - that's the right place
for these questions.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom@devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
Of RJ45
Sent: Sunday, September 07, 2003 8:29 AM
To: misc@openbsd.org
Subject: question about PF performance


Hello,
I have to build a firewall machine for a university campus.
The firewall will be installed behind the core gigabit switch which is a
Extreeme Black Diamond, and it will be in bridging mode. Don't ask me
why I don't use the black diamond... I will use OpenBSD because of
political reaons about the Network campus management that is beyond the
topic of my question now. Anyway I will have this OpenBSD box ( I Was
thinking about a 3GHz P4 dell power edge), with 2 gigabit interfaces.
The maximum speed will be 1Gbit/sec. What I Want to ask you is if in
your opinion OpenBSD can support such a peak traffic of 1Gbit/s in
bridging mode between its two interfaces filtering the traffic ? Then a
second question. With PF I Can filter up to OSI level 4, and I plan to
do bandwith management also. If I want to filter up to level OSI 7, is
there any particular application I can use to do that ? I know it's very
CPU intensive to filter at application level, but if I need to do it
sometimes, is there any way to do it on OpenBSD?

thanks very much

Rick

References:
- question about PF performance
  - From: RJ45 <rj45@slacknet.com>

Prev by Date: Re: Erase Files
Next by Date: VIRUS IN YOUR MAIL
Prev by thread: Re: question about PF performance
Next by thread: Re: question about PF performance
Index(es):
- Date
- Thread