Firewall Wizards mailing list archives
Re: FW-1 throughput question
From: Aaron Turner <aturner () vicinity com>
Date: Wed, 17 May 2000 14:52:14 -0700 (PDT)
People who know more than I tell me so. :) I think I found it mentioned once on SunSolve as well, but damned if I can remember where. Let me be clear here though. If you're doing a lot of host (like a ftp server) traffic, then yes, multiple CPU's will help you. That does not hit the routing "engine" of the Solaris kernel. However in a firewall application like FW-1, it does route packets between interfaces, which would incurr the scaleablity hit. -- Aaron Turner aturner () vicinity com 650.237.0300 x252 Security Engineer Vicinity Corp. Cell: 408-314-9874 http://www.vicinity.com On Sat, 13 May 2000, Darren Reed wrote:
In some email I received from Aaron Turner, sie wrote:The part of the Solaris kernel that routes packets (FW-1 is a router) is single threaded. Hence, max throughput is determined more by the speed of the CPU than the number of CPU's. Two CPU's is probably the sweet spot in terms of price/performance for sites needing a lot of throughput. (The other CPU would be dedicated to other OS/Firewall tasks such as logging.)Hmmm. What makes you believe it is single threaded ? I've not seen any evidence which would support that theory. I've definately seen crashes where there have been numerous threads coming up through hmeread(). One CPU per interface. Darren
Current thread:
- Re: FW-1 throughput question, (continued)
- Re: FW-1 throughput question Darren Reed (May 15)
- Re: FW-1 throughput question Dameon D. Welch-Abernathy (May 17)
- Re: FW-1 throughput question Darren Reed (May 17)
- Re: FW-1 throughput question Dameon D. Welch-Abernathy (May 17)
- Re: FW-1 throughput question Darren Reed (May 17)
- Re: FW-1 throughput question Dameon D. Welch-Abernathy (May 17)
- Re: FW-1 throughput question Darren Reed (May 17)
- Re: FW-1 throughput question Aaron Turner (May 19)
- Re: FW-1 throughput question Ryan Russell (May 19)
- Re: FW-1 throughput question Shaun Moran (May 21)
- Re: FW-1 throughput question Darren Reed (May 15)
- Re: FW-1 throughput question Aaron Turner (May 19)