Michael Buffer wrote:
I'm considering purchasing some firewall machines for my organization, and
I am trying to decide whether a machine with multiple CPUs is worth the
additional expense performance-wise (aside from being able to assign CPUs
to interfaces). I'd also like to know whether there are any stability
issues with iptables & SMP (and/or hyperthreading with multiple CPUs).
Any input would be appreciated.
To second the other very good remarks...
I've had a Celeron 430 with 128MB ram or so handling 8 interfaces (quad
Dlink cards) as a firewall/router, while also running the facility's
internal bind and dhcpd, plus acting as a FreeSwan IPsec concentrator
for three external departments.
On a 2Gbit connection, load was mostly idle. I even had it running seti
(priority -19) for a while, just to see how it handled the load.
This was for an educational facility with some 200 students and 30+
staff on the central setup, and maybe 40 students +8 teachers at the
external depts.
Quite a lot of those students didn't know how to activate themselves, so
there was -a lot- of browsing, chatting, and downloading taking place.
The only times I would've liked more raw power was for my homeoffice ssh
connections
But I can fully agree to other remarks on setting up clustered solutions
with failover.
--
Kind regards,
Mogens Valentin
The dual core chips are dubbed the "brains" of a computer.
Although Intel has recently changed that description by
describing its dual core processors as having a heart as well.
-- fun on theinquirer.net
