Our current sonicwall firewall mentions "3328 current connections" on the
status page. Would that be the same as states do you believe?
Lets hope it is! then i would be only at 10% utilization of 30,000 states.
Assuming that, what would my bottleneck be in the future, assuming the
current scenario and linear growth:
- Compact Flash installation boot
- AMD Duron 1600 at 266 MHz
- 512 MB 266mhz RAM
- Intel Pro 1000 dual nic card on standard PCI bus for DMZ/WAN links
- Motherboard 100mbs NIC for LAN
- Using 1:1NAT for public IPs on DMZ side
- 25-50 servers on DMZ
- Very few things turned on in m0n0wall, simply about a dozen inbound rules
- All traffic going between DMZ/WAN at currently about 12mbs out, 4mbs in,
assume linear growth
----- Original Message -----
From: "Chris Buechler" <cbuechler at gmail dot com>
Cc: "monowall" <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, December 30, 2005 3:46 PM
Subject: Re: [m0n0wall] Robust enough for heavy duty?
On 12/30/05, tech at adaptive dot net <tech at adaptive dot net> wrote:
> Thanks for your guidance, my only concern with the original request, is
> that that 12 mbps is coming from some 20,000 email users and 4,000 web
> sites, so it not necessarily big chunks of datam, but perhaps a lots of
> small chunks, which may eat up the 30,000 states is what i fear.
unless you have some facility on your current firewall where you can
tell how many states you're using, it's hard to tell. If out of
20,000 email users, they all have their mail client setup to hit their
POP/IMAP every minute, it should be spaced out enough, and the states
short lived enough, that it probably won't be an issue. 20,000 mail
users likely only maintain a max of 1K states at any given time.
They're short lived - maybe 2-5 seconds - so even having 1 out of 20
users with a state at a given time could be far more than it really
Web sites vary so much that it's difficult to say how much 4,000 of
them will use. Unless there are a number of very high traffic sites
amongst those, I seriously doubt if you would exceed an average of one
state per website, so 4,000 there maybe.
that's only 5,000 states, and I couldn't imagine it being more than 6
times that much unless something was really wrong. Even a
Slashdotting won't get you anywhere near 30K states for a web server
(speaking from experience).
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/2005