We tested the Soekris 4801 and the wrap1d (2lan) and raw throughput is
about 20-30 but add some extra rules or a traffic shape queues and it
drops quite a bit and then becomes unstable at that speed. In our case
we have a 45Mbit DS3 connection running 30-40Mbps 24/7 with anywhere
from 5-10 VPN sessions going at any 1 time. One of the boxes we did test
was a PII550 with 256mb ram while it did push traffic the instant you
add a shaping queue its performance dropped, it was stable but slow.
One of the things I think helped our m0n0 boxes was increasing the
kern.ipc.nmbclusters sysctl setting as Chris mentions in one of my
earlier posts, but it takes alot of ram to accomodate higher settings.
Now dont get me wrong the soekris and wrap boards are great, we have
several of them pushing 5-10mbit 24/7 over wifi links with some of them
being 5 miles apart. But for the end datacenter they just couldnt keep
up with the amount of traffic for very long. (and longevity is paramount
in a datacenter)
And yes a standard FreeBSD server on a P200 could push 100Mbit (i've
seen it happen) but its just not very responsive during that time. All
of our servers run FreeBSD and all of them could push gigbit if we
wanted them too. But with firewalling and shaping you do take a
performance hit IMHO.
Braden McGrath wrote:
>>I tend to agree with this. I had a Soekris 4801 riding a
>>saturated T1 in bridge mode doing traffic shaping for about a
>>week. The webGUI was painfully slow, but the Soekris seemed
>>to handle the traffic quite well.
>>I wouldn't place a Soekris 4801 on anything larger than a
>>saturated T1 though.
>Don't the benchmarks show a 4801 capable of routing 20-30mbit/sec
>(without VPN) though?
>My home connection isn't very busy, but I get the throughput I'd expect
>out of it... 3mbit/256kbit cable with Adelphia.
>I'm using shaping/queuing, but not much else. Net4801 and m0n0 1.2b3.
>CPU is rarely over 25-30%.
>Supposedly a pentium 200 with decent NICs is able to route a 100mbit
>line under GNU. Is the FreeBSD routing code that bad, or is there
>really that much of a hit from firewalling and shaping?
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
Sr Network Administrator
Downtown Tucson WiFi Network