Greetings List,

I just wanted to get some recommendations on what other people are using 
as far as tweaks to m0n0 for high throughput systems.
What we have is a customer with a full DS3 (45mbit) plus a backup DS3 
(BGP) that we are re-building a webfarm for and we would like to place 
m0n0 as a filtering bridge in front of the farm. Here is a URL of the 
rough network layout as it currently sits http://www.tawifi.com/ds3net.jpg

We have m0n0 in the diagram where it will be placed, currently it is a 
direct connection and the average throughput as of 10 minutes ago was 
24Mbps sustained, and it runs at this rate pretty consistantly 24/7 but 
it does burst to 30-35 quite regularly in peak usage.

The server that will be used for m0n0 has these specs:
AMD AthonXP 1700
512MB ECC Ram
2 Intel 10/100/1000 NICs (dont know the model right now)
1 3Com 10/100 (dont know the model uses xl driver)
512MB SanDisk CF

At one point they had an OpenBSD box doing filtering over a bridge setup 
but it kept getting tons of mbuf errors...etc so it basically capped the 
whole connection to about 20Mbps.

The plan for m0n0 is a basic filter, we plan to block all ports that are 
un-needed and only allow ports that are needed like 80, 25, 110..etc 
plus if possible add basic shaping to some servers to help maintain the 
bandwidth and give certain boxes limited bandwidth. Shaping is not a 
huge priority right now as some of that can be handled on the server if 
needed. (All servers run FreeBSD anyway)

So what I need to know is what other people have done as far as kernel 
tweaks, sysctl tweaks..etc so I can avoid the same problem that the 
OpenBSD box had with this kind of throughput. OR hardware tweaks if 
needed. We are fully confident in m0n0 as we use it in most of our other 
systems, and have no problems making custom images of m0n0 if needed (I 
do it at least once a week anyway).

Any feedback/help is greatly appreciated.

Thanks,

-- 
Eric Collins
Sr Network Administrator
Tawifi.com

Downtown Tucson WiFi Network
http://www.tawifi.com