I am configuring a new router/firewall. I'm making the hardware purchase and I need to decide what processor(s) I want. My thought process went thusly: netfilter/iptables is part of the kernel, the kernel is threaded, so does this imply that on a multicore machine it is in theory possible that iptables might use a different core to examine each packet, and if so, is there any possibility for concurrency or is it strictly linear? I'm -real- fuzzy on how the kernel does its threading in relation to modules and specifically the netfilter hooks (as made obvious by me asking this). The practical question is that if you were setting up a router/firewall server right now, would you prefer a slower clock speed but more cores, or the fastest individual core speed, all other things being equal? A valid related question is, does it even matter or would any modern processor and server be able to easily inspect traffic on a 1Gbit link with iptables without breaking a sweat? This will be a Dell PowerEdge 1950 server with Xeon dual or quad core, I plan to use Intel Pro server NICs, either 2 or 4 port PCIe cards. Would appreciate any feedback you folks might have. Thanks, Fran -- Fran Fabrizio Senior Systems Analyst Department of Computer and Information Sciences University of Alabama at Birmingham http://www.cis.uab.edu/ 205.934.0653
