We would like to setup a netfilter based firewall in front of a Gigabit connection to the main campus backbone. Would someone on this list want to share his experience? A duplex Gigabit NIC has nominally a throughput of 250MB/sec. Doing this for both directions (intern <-> extern) doubles the internal traffic bandwidth to 500MB/sec. Even PCI64/66MHz has a nominal max. throughput of 528 MB/sec, so this is scratching the limit. What are the solutions? o Dual-port NICs with zerocopy for avoiding PCI traffic (I have seen some expensive ones from Intel). Can those dual-port NICs zerocopy from one port to the other? Is that supported from linux/netfilter? o Multiple PCI-busses with one NIC per bus? Any hardware recommendations? :) Thanks! -- Axel.Thimm@physik.fu-berlin.de
Attachment:
pgp00364.pgp
Description: PGP signature
