North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 10GE router resource

  • From: Aaron Glenn
  • Date: Tue Mar 25 22:15:25 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=6beUuX6t0n8oRzkM3M0pVxzII0rU8i+jRmmz0ASDjjA=; b=f+eOUTMXw3XzZKIbhMne2hDlsAirk6XOF2Gzm0z8R75rXVA/6nPM5h0SoVMwklbhkeQjgRznQVpW3uY/2ZhEHTdz2KP2DwMB9k2bR++NpgzyC7d+D5714Hb82oJXaA+LXD8Tqy3/xUeaRmZxAsdM179nZ5Tt7rzRBBfIwDu904g=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jNN9gh9DD3KvhhGSu8W0P04VsLVWsRX3g8WIj+sDp1q/whCtzS9qjb9Zlb9AWtDqksGsZKQNrL4B10EN+7+9ViMaqRjsvsPiGu88KK5I/V77N/rNClPDMgHGB/OL/mZu5xjUmw0qPPXG6saSeDY7LQNb+LH8dD23NvAjjrwn7lA=
On Tue, Mar 25, 2008 at 6:15 PM, Patrick Clochesy <[email protected]> wrote:
> Very interesting study I had not seen, and a bummer. That really puts a
> cramp in my advocation of our CARP+pf load balancers/firewalls/gateways.
> Than again, what's a PIX box capable of?

I'd rather tweak a whitebox than pay through the nose for a PIX.

> I also had to switch to OpenBSD as there was a fatal crash with the bridge
> device in FreeBSD when used with my paticular OpenVPN/CARP/pf combination.
>
> AFAIK pf/forwarding only takes place on one core and wouldn't take advantage
> of the other 3 cores, correct?

Correct. There has been some great speed and efficiency improvements
in pf and other networking parts of OpenBSD; though from anecdotal
evidence, 10GbE is not ready for 'primetime' (for certain definitions
of 'primetime').

actually I'll just skip making an ass out of myself and hope [email protected]
chimes in, since I believe he reads NANOG as well.

aaron.glenn