IPFW + BRIDGE: network capacity question

• Previous message: Barney Wolff: "Re: Help Broadcasting a UDP packet on the LAN:URGENT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: <freebsd-questions@freebsd.org>, <freebsd-net@freebsd.org>
Date: Thu, 23 Oct 2003 11:26:48 -0500

Hello everyone. I have an Intel D815EGEW board with a single PIII 1GHZ,
256MEG RAM, 2 Intel Pro 100MB cards. This will be used as an IPFW+bridging
firewall with FreeBSD 4.8 (RELENG_4_8, perhaps RELENG_4_9 when available).
My message is about network capacity.

Assume that it will be processing at peak all of this at once:
        500 TCP connections with long lived sessions (an hour or more at a
time)
        500 UDP 'connections'
        500 web (HTTP port 80 tcp) connections per second (graphics, small
html pages)
                The HTTP sessions will be short lived, so lots of TCP
handshakes
                at *least* a good portion will not utilize persistant HTTP
                
The total bandwidth could be 20-50 megabits, mostly outbound to clients on
the internet.

Should I tweak the kernel at all for this? NMBCLUSTERS or NMBUFS? Something
else?

For IPFW, I figure that adding accept rules that catch most of the packets
up front will help lower CPU usage. Is this correct? Maybe allow TCP if
the session is established, allow setup of outbound TCP, allow setup of
incoming TCP/80, allow outbound UDP packets to be happy, etc.

Does anyone see any possible issues with this configuration and the expected
network load?

Thank you, folks! Any suggestions are very appreciated.

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Barney Wolff: "Re: Help Broadcasting a UDP packet on the LAN:URGENT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]