|
||||||||
On 9/14/05, Bryan K. Brayton <bryan at sonicburst dot net> wrote: > I run a constantly saturated 100Mbit line through a filtering bridge based on OpenBSD and PF...it hasn't failed once on over 2 years of constant uptime, so I wouldn't say it will crash under very heavy load. > absolutely right. One of the core devs of pfsense manages several hundred firewalls around the world running OpenBSD and PF, with loads as heavy as gigabit and as much as 1000+ state table inserts *per second*. That's a very, very serious load. They handle traffic on very large volumes and dollar amounts of financial transactions where failure isn't an option (they run CARP too for redundancy). They wouldn't be running PF if it wasn't rock solid, because they can't afford downtime or network glitches. -Chris |