[ previous ] [ next ] [ threads ]
 From:  Eric Collins <eric at tawifi dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Experiences in 50+ user organizations?
 Date:  Thu, 24 Feb 2005 15:12:53 -0700
We tested the Soekris 4801 and the wrap1d (2lan) and raw throughput is 
about 20-30 but add some extra rules or a traffic shape queues and it 
drops quite a bit and then becomes unstable at that speed. In our case 
we have a 45Mbit DS3 connection running 30-40Mbps 24/7 with anywhere 
from 5-10 VPN sessions going at any 1 time. One of the boxes we did test 
was a PII550 with 256mb ram while it did push traffic the instant you 
add a shaping queue its performance dropped, it was stable but slow.

One of the things I think helped our m0n0 boxes was increasing the  
kern.ipc.nmbclusters sysctl setting as Chris mentions in one of my 
earlier posts, but it takes alot of ram to accomodate higher settings.

Now dont get me wrong the soekris and wrap boards are great, we have 
several of them pushing 5-10mbit 24/7 over wifi links with some of them 
being 5 miles apart. But for the end datacenter they just couldnt keep 
up with the amount of traffic for very long. (and longevity is paramount 
in a datacenter)

And yes a standard FreeBSD server on a P200 could push 100Mbit (i've 
seen it happen) but its just not very responsive during that time. All 
of our servers run FreeBSD and all of them could push gigbit if we 
wanted them too. But with firewalling and shaping you do take a 
performance hit IMHO.


Braden McGrath wrote:

>Jesse spake:
>>I tend to agree with this. I had a Soekris 4801 riding a 
>>saturated T1 in bridge mode doing traffic shaping for about a 
>>week. The webGUI was painfully slow, but the Soekris seemed 
>>to handle the traffic quite well.
>>I wouldn't place a Soekris 4801 on anything larger than a 
>>saturated T1 though.
>Don't the benchmarks show a 4801 capable of routing 20-30mbit/sec
>(without VPN) though?
>My home connection isn't very busy, but I get the throughput I'd expect
>out of it...  3mbit/256kbit cable with Adelphia.
>I'm using shaping/queuing, but not much else.  Net4801 and m0n0 1.2b3.
>CPU is rarely over 25-30%.
>Supposedly a pentium 200 with decent NICs is able to route a 100mbit
>line under GNU.  Is the FreeBSD routing code that bad, or is there
>really that much of a hit from firewalling and shaping?
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Eric Collins
Sr Network Administrator

Downtown Tucson WiFi Network