[103385] in North American Network Operators' Group
Re: 10GE router resource
daemon@ATHENA.MIT.EDU (Chris Marlatt)
Thu Mar 27 10:28:49 2008
X-Antivirus-RXSEC-Mail-From: cmarlatt@rxsec.com via core.rxsec.com
Date: Thu, 27 Mar 2008 10:12:27 -0400
From: Chris Marlatt <cmarlatt@rxsec.com>
To: Patrick Clochesy <patrick@chegg.com>
CC: nanog@nanog.org
In-Reply-To: <4116134.186351206494157370.JavaMail.root@protozoa>
Errors-To: owner-nanog@merit.edu
Patrick Clochesy wrote:
> Very interesting study I had not seen, and a bummer. That really puts a cramp in my advocation of our CARP+pf load balancers/firewalls/gateways. Than again, what's a PIX box capable of?
>
> I also had to switch to OpenBSD as there was a fatal crash with the bridge device in FreeBSD when used with my paticular OpenVPN/CARP/pf combination.
>
> AFAIK pf/forwarding only takes place on one core and wouldn't take advantage of the other 3 cores, correct?
>
> -Patrick
>
http://pf4freebsd.love2party.net/pflock/ is worth a quick read. 7.0
already supports some SMP networking but when the pflock changes are
done you'll likely see some pretty serious performance from those devices.
Regards,
Chris
