[geeks] Routing problem: solution in progress

[Michael-John Turner]

On Sat, Dec 23, 2006 at 10:52:42AM -0500, Charles Shannon Hendrix wrote:
> Just once, when I screw up, I'd like for it to be something major
> that really is difficult to avoid, rather than something simple and
> blindingly obvious... :)

Heh, happens to the best of us :)

> Of course, I have no complex firewall rules yet, and right now ipfilter
> setup is minimal, and I'm not running a snooper yet.

You should take a look at pf - I switched from IPFilter to pf a few years
back and I'm very happy. NetBSD 3.1 supports it, but not in the GENERIC
kernel - you'll either need to load the lkm or build a custom kernel with
pf support.

> I've read that you generally want 200MHz of USII CPU power per interface
> pair on Sun systems, but that might be assuming a certain level of
> packet processing.

Yep, I've heard something similar. And I think 500Mhz of US-II for each
GigE interface.

> If you can think of something for me to try, let me know.  I don't mind
> running a test for you if you think it would help.

Thanks. I think the biggest concern for me is LAN routing performance -
whether the U1 will be able to achieve close to wire speed with 100Mbpps
interfaces. What's the max rate you've been able to achieve on the LAN
interfaces?

I sometimes think it may be better to just put my (currently unused) U5/360
into use as a firewall/router - it has PCI, which will make it easier to
add GigE support when I upgrade my LAN. The only problem is that I have no
quad FastE PCI cards, whereas I have a plethora of quad hme SBus cards
lying unused. Argh, choices, choices.

-mj
-- 
Michael-John Turner | http://mjturner.net/
mj at turner.org.za    | Open Source in WC ZA - http://www.clug.org.za/