[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 6.1 Port
 Date:  Thu, 27 Jul 2006 14:05:37 -0400
On 7/27/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> Yes, there are only two possible speeds of the result...  The new m0n0 will
> be slower than 4.11, but faster than pfSense.

Network throughput wise, that's not possible.  There's no difference
in how m0n0wall performs and how a stock FreeBSD 4.x box performs.
There's no difference in how pfsense performs and how a stock FreeBSD
6.x box performs.  Hence, once m0n0wall is on 6.x, it will also
perform identical to a stock FreeBSD 6.x box, and therefore be
identical to pfsense.

The only way that won't end up being true is if there's a substantial
performance difference between ipf and pf, which is highly unlikely
(in fact last I tested, pf was faster, but that was back in the nasty
days of FreeBSD 5.x where everything really sucked).

I'd love to agree with you, but I don't see how it's even remotely possible.

> It will also run in less
> memory, and with less CPU.

Less memory is possible, but I don't think it's likely.  m0n0wall will
almost certainly use more RAM on 6.x than it does now.

I'm not sure what chews up RAM on pfsense, or if it's still an issue.
There was a change made this week on anything with < 65 MB RAM, so
fast CGI does not get enabled.  This causes a performance hit in the
GUI, but frees up much needed RAM on those systems.

Personally, I haven't seen a huge difference in memory usage between
m0n0 and pfs.

As for CPU difference, I can't imagine an appreciable one there either.

Granted, the above is out if you're enabling all kinds of things on
pfsense that m0n0wall doesn't have, but you have to expect that.

case in point:
my primary firewall is a 4501 running m0n0 1.22.  basic two interface
setup, doing nothing but NAT and firewalling.  Memory usage stays
steady at 44% of 64 MB.

I have two WRAP WPA AP's running a recent pfsense version, with
atheros cards.  They stay steady at 26% of 128 MB RAM.

That means my m0n0wall is using ~28.16 MB RAM, and pfsense boxes are
using ~33.28 MB RAM.  5 MB difference.  My m0n0wall doesn't have
wireless, much less WPA, which attributes for some of that difference.
 My point is, it's not a huge difference.  All of them are near idle
right now.

I can't compare CPU between them because their workloads are
dramatically different, but they all run pretty low most of the time.
pfsense will use more CPU for the same amount of network throughput,
but m0n0wall will end up being the same on 6.x.

> Especially Chris, who is active in both projects.  Why would he do that if
> m0n0 had nothing to offer?

I was here first, and if anything right now I lean towards m0n0 (for
embedded at least), but I find myself recommending pfsense more and
more to people on this list just because m0n0wall can't do what
they're after.  I still deploy m0n0wall in new installs in production
environments today, because I use embedded hardware and pfsense can't
be upgraded without re-flashing the CF.