[ previous ] [ next ] [ threads ]
 From:  <tech at adaptive dot net>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  "monowall" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Robust enough for heavy duty?
 Date:  Thu, 5 Jan 2006 23:19:52 -0500
In the spirit of the current NIC post as well, is there really any point in 
me going with a Intel Pro 1000 over a Intel Pro 100 in my scenario?


----- Original Message ----- 
From: "Chris Buechler" <cbuechler at gmail dot com>
Cc: "monowall" <m0n0wall at lists dot m0n0 dot ch>
Sent: Thursday, January 05, 2006 4:44 PM
Subject: Re: [m0n0wall] Robust enough for heavy duty?

On 1/5/06, tech at adaptive dot net <tech at adaptive dot net> wrote:
> Our current sonicwall firewall mentions "3328 current connections" on the
> status page.  Would that be the same as states do you believe?

Yup, that's the same as states.  Even less than my guess.  :)

> Lets hope it is! then i would be only at 10% utilization of 30,000 states.
> Assuming that, what would my bottleneck be in the future, assuming the
> current scenario and linear growth:
> - Compact Flash installation boot
> - AMD Duron 1600 at 266 MHz
> - 512 MB 266mhz RAM
> - Intel Pro 1000 dual nic card on standard PCI bus for DMZ/WAN links
> - Motherboard 100mbs NIC for LAN
> - Using 1:1NAT for public IPs on DMZ side
> - 25-50 servers on DMZ
> - Very few things turned on in m0n0wall, simply about a dozen inbound 
> rules
> - All traffic going between DMZ/WAN at currently about 12mbs out, 4mbs in,
> 3000 states
> assume linear growth

Well, if you have, say, a max of 4000 states now (overestimating) with
16 Mb combined traffic, you should be able to increase your traffic
7.5 times over.  So 120 Mb would be roughly what you'd use at 30,000
states.  A less conservative estimate would be 10 times what you're
currently using, or 160 Mb combined in/out traffic.  The hardware you
list will easily push 160 Mb.

So it would appear the state table would become your bottleneck at
somewhere around 7.5-10 times the amount of servers and traffic you
currently have.  If I recall, you have 100+ servers right now.  If you
have 1000+ servers, you're going to want more than one firewall anyway
(that becomes a huge single point of failure at that point).


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.13/221 - Release Date: 1/4/2006