Hi, we recently bought an Uqbiquity EdgeRouter Pro but it seems the claims about 2 Mio. pps that it should be able to handle are not real-world numbers. We are running about 120mbit through this system and are already seeing the two risc cores struggling with high softirq load and packet drops. So my question is what a good hardware base would look like for a linux based firewall using iptables/conntrack/ipset. Do offload features help or can't these be used because iptables needs to process the packets anyway? I assume multiqueuing would be nice too. The idea is to be able to actually process 1gbit of traffic i.e. handle two gbit ports (WAN and LAN) at wire-speed. Does anyone have any specific recommendations for NICs and maybe tips for other bottlenecks to look out for? Regards, Dennis -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
