Best hardware platform for routing/firewalling?

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Best hardware platform for routing/firewalling?
@ 2009-01-30 11:43 Tore Anderson
  2009-01-30 12:28 ` Thomas Jacob
  0 siblings, 1 reply; 2+ messages in thread
From: Tore Anderson @ 2009-01-30 11:43 UTC (permalink / raw)
  To: netfilter

Hey list,

does anyone have an opinion on what's the better-performing/suited
hardware platform for routing and stateful firewalling with iptables;
AMD Opteron or Intel Xeon?  I'm need something that can sustain high
pps/bps numbers with as low latency as possible.

Anything in particular I should be paying attention to choosing what to
order?  I know that I'll need MSI-X capable NICs in order to have decent
SMP scaling - anything else?

Best regards,
-- 
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Best hardware platform for routing/firewalling?
  2009-01-30 11:43 Best hardware platform for routing/firewalling? Tore Anderson
@ 2009-01-30 12:28 ` Thomas Jacob
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Jacob @ 2009-01-30 12:28 UTC (permalink / raw)
  To: Tore Anderson; +Cc: netfilter

On Fri, 2009-01-30 at 12:43 +0100, Tore Anderson wrote:
> Hey list,
> 
> does anyone have an opinion on what's the better-performing/suited
> hardware platform for routing and stateful firewalling with iptables;
> AMD Opteron or Intel Xeon?  I'm need something that can sustain high
> pps/bps numbers with as low latency as possible.

Harald gave a talk about that 2 years ago, maybe it's still
somewhat applicable:

http://www.heinlein-support.de/upload/slac/network_performance.pdf

Also you might want to contact the guys from the Bifrost
distribution:

http://bifrost.slu.se/index.en.html

They seem to be testing for this sort of performance regularly,
and I've gotten hold of some of there stats last year thanks
to the help of a friendly Dane:

http://robur.slu.se/Linux/net-development/experiments/2008/080623.tyan2927

I've also done some rather unscientific tests myself and apart from best
sticking with the two onboard PCIe Gigabit NICs (Intel, Broadcom) of
quality server boards and getting the best main memory performance
you can get hold of, the main thing seems to be L2/L3 cache size,
so in my tests Intels current CPU line slightly outperformed
current Opterons last summer, but traditionally most people advised
the use of Opterons because of there better SMP memory performance.

But I was only interested in 1GiE-NICs tied to one CPU core each
at the time, so this might be meaningless in a multiqueue scenario
with 10GiE NICs.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2009-01-30 12:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-30 11:43 Best hardware platform for routing/firewalling? Tore Anderson
2009-01-30 12:28 ` Thomas Jacob

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox