Using old CPU for 100s of clients

["Shawn Wright" <swright@sls.bc.ca>]

Ok, I've flogged this issue on the shorewall list probably longer than some 
of you can stand by now. (remember, I'm the nut trying to use a PPro200 
to support ~500 users on a 10Mb internet link, and was experiencing 
random slow access/timeouts on first attempts to websites, but 2nd hits 
were fast. Problems can occur even during times of light load, and we 
have less than 25 rules in the firewall.)

To appease those who think I'm nuts, I am ordering a new firewall shortly 
to allow for future growth. (probably a Dell PE750 with P4/2.8 and dual 
GE nics, although I'm open to suggestions on best choice of CPU, etc)

However, since I have yet to prove that processor speed has anything to 
do with my random slow response times, I have this horrible nightmare 
that I will build a brand new 2.8Ghz firewall and *have the same problem*!

(I have reproduced the problem on a PPro200 and a PII/233, but CPU 
use never exceeds 15% on either, and no sign of dropped packets. A 
P3/667 is currently running fine, and I am working on duplicating it's 
setup, including exact kernel config on the slower machines as a test.)

So I won't bore you with any more details, but simply ask that anyone who 
is using iptables/shorewall on an aging CPU (say from 100-500 Mhz) 
supporting several hundred clients on a 10Mb link or faster, please let me 
know, on or off list. I just hate not knowing what is causing our problems, 
and having them occur on a new, fast firewall would probably push me 
over the edge....

Thanks.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, I.T. Manager
Shawnigan Lake School
http://www.sls.bc.ca
swright@sls.bc.ca