[ previous ] [ next ] [ threads ]
 From:  Brett Dikeman <brett at cloud9 dot net>
 To:  Adrian Padilla <selage at sbcglobal dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] question about maxiumun through put it can handle
 Date:  Sun, 20 Mar 2005 14:45:21 -0500
Adrian Padilla wrote:
> have a question, i have a t-1 line, now this comes with 20 ip's, can Monowall handle the up/down
 > of a t-1 line, what i guess i am asking, is what are the limits that 
the single inbound nic cardfrom
 > modem to monowall can handle,

To give you a ballpark in terms of commodity PC hardware, on an 
overclocked celeron (-original- celeron!) at 450mhz with 64MB
installed and two network interfaces (tulip and intel) running m0n0wall
with NAT and maybe a dozen port forwards, I get the full capacity of my
cablemodem (4mbit/down), and that is more than twice
a full T1.  CPU load is around 8% or so during this if it's from only a
few hosts.  Memory usage started at 54%, has been slowly creeping up
about 1-2% for the 2-3 days it has been running thusfar.  I suppose if
you assumed that CPU usage was linear (a wild assumption given only one
data point and data coming mostly from one host) then you could 
extrapolate that this lowly celeron 450 could
handle a T3 with a limited number of hosts.

The numbers go up slightly if traffic is coming from a large number of
hosts. For example, a BitTorrent download where a dozen or so hosts are
giving  around 10-20KB/sec and I'm uploading to another 5-6 at
30KB/sec total will push things up to maybe 12% or so.

I don't know if FreeBSD (and hence m0n0wall) support them, but linux
drivers take advantage of hardware in certain cards to offload TCP
checksumming to the card, which drops CPU requirements even further.
Some of Intel's gigabit adapters have this, for example.  The Linux
kernel also offers some further options for very high bandwidth
situations on specific drivers, but requires a kernel recompile.  I
don't know anywhere near enough about the BSD's to say if they have the

A lot will depend upon how many rules you have, what kind of traffic you 
expect (mostly TCP, or UDP?  How many connections per second?  What kind 
of utilization?) and so on.

"They that give up essential liberty to obtain temporary
safety deserve neither liberty nor safety." - Ben Franklin