[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] connection timed out? max connections per second?
 Date:  Tue, 7 Nov 2006 13:22:14 -0500 
On 11/7/06, Kenny Nguyen <kenny at lienket dot com> wrote:
>
> I have a few questions with regards to m0n0wall (version 1.22)
>
>
> 1.  What is the maximum connections per second m0n0wall can handle?
>

As many as your hardware can handle.  I've seen numbers that FreeBSD
can route in excess of a million pps, but that was a very specific
test scenario and didn't include firewalling.  On a big (3+ GHz) box,
you can probably push 300,000 pps (note that this is simply an
educated guess - if you have a SmartBits or some other serious network
testing equipment, I'd like to see what you can get through it).  It's
as fast and scalable as any general purpose OS, and better than most.
If you need more than a few hundred thousand pps, you really need to
be looking at something ASIC-based (Cisco, Juniper).


> 2.  What is the maximum simultaneous/persistent connections at a given time?
>

30,000 is the state table size.


> 3. To change the values in question 1 and 2, which file can I edit?
>

For #1, that's hardware dependent.  For #2, you have to recompile the
kernel to increase the state table size.  See the developer
documentation for info.


> 4.  I have a system with only 2 ethernet cards,  is it possible to one for
> the WAN and the other for Opt so I can Opt as a bridge.  Since our servers
> are the colocation with a few public IP's.
>

Not really, you'll need a third NIC, though you could probably setup a
nonexistant VLAN as your LAN interface.


> Did anyone do any benchmarks on these?
>

You should be able to push a gig through a 3 GHz machine, but I've
never tested anything that fast.  You'll almost certainly exhaust the
default state table before you get up to gig speeds.


> I have a dual 3.0ghz system with 2 gigs of memory.
>

m0n0wall doesn't have SMP in the kernel, so you'll only be using one
proc.  On FreeBSD 4.x, networking doesn't scale with SMP anyway, so
the difference would be negligable if it was in the kernel.  That
won't be an issue anymore with future versions, as the massive changes
in FreeBSD 5.x included scaling the network stack across mutiple CPU's
and 6.x improved greatly upon that.

-Chris