[100778] in North American Network Operators' Group
RE: cpu needed to NAT 45mbs
daemon@ATHENA.MIT.EDU (David Schwartz)
Thu Nov 8 17:59:14 2007
From: "David Schwartz" <davids@webmaster.com>
To: <nanog@merit.edu>
Date: Thu, 8 Nov 2007 14:52:20 -0800
In-Reply-To: <CBE22E5FF427B149A272DD1DDE1075240184E4A9@EX2K3.armc.org>
X-MDaemon-Deliver-To: nanog@merit.edu
Reply-To: davids@webmaster.com
Errors-To: owner-nanog@merit.edu
> From my experience, a fast P4 linux box with 2 good NICs can NAT
> 45Mbps easily. I am NAT/PATing >4,000 desktops with extensive
> access control lists and no speed issues. This isn't over a 45Mb
> T3--this is over 100 Mb Ethernet.
>
> --Patrick Darden
> --ARMC, Internetworking Manager
A second CPU or core will help tremendously. We used to use single-CPU
boxes for this and we noticed that traffic sometimes stalls when the machine
has to do some task other than NATting, such as expiring idle flows. Having
a second CPU or core will help keep latency much more uniform.
We have a few dual 3.2Ghz Xeon boxes (not the ones based on Core, the older
ones) that NAT/FW across two GE interfaces. They do quite well up to about
300Mb/s, then we start to see issues. We believe the issues are due to
overloading the NB-SB link. A more modern mobo probably wouldn't have this
problem.
DS
