On Fri, Apr 28, 2006 at 07:46:13AM -0400, Juan Pablo Abuyeres wrote: > Hi guys, Hi, please follow up to the netfilter mailinglist, since this is not a kernel [development] question. > I've been using an old single processor / linux 2.4 iptables based firewall for a few years. > > Now it's time to upgrade that machine, so, I am wondering, would it be of real benefit if I put a > two-processor system for a firewall? This machine is going to have 4 NICs, it's going to make > routing (lots of routes), and firewall (iptables). I don't know if these kind of tasks take > advantage from a multiple-processor architecture. Please enlighten me :) some notes: 1) 2.6. network stack scales better on smp 2) iptables and routing both scale very good on smp systems, if you use multiple interfaces and distribute the interrupts over multiple cpus 3) connection tracking inherently scales less good on SMP systems -- - Harald Welte <[email protected]> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgpYzoiTWkCb1.pgp
Description: PGP signature
- References:
- linux/iptables + smp question
- From: Juan Pablo Abuyeres <[email protected]>
- linux/iptables + smp question
- Prev by Date: [PATCH]: powerpc/pseries: Print PCI slot location code on failure
- Next by Date: PCI init vs. memory init
- Previous by thread: linux/iptables + smp question
- Next by thread: initcall warnings in 2.6.17
- Index(es):
 |