iptables throughput
Andy Davidoff
andy+blu at utter.net
Wed Sep 25 01:18:10 EDT 2002
Is there a reason you favor Linux over "hardware" solutions?
We're using a Foundry 4802[0] for NAT-only[1] at gigabit speed. The
configuration in this case is "right outta the docs" and it "just
works". I don't know the Foundry product line very well, but three of
the four Foundry devices we have run the same OS. You may be able to
find something cheaper than a 4802 that'll do the same tricks. Stay
far, far away from the ServerIron if you're looking for NAT.[2]
Caveat: we only have a few hundred nodes behind the box.
[0] no special reason; we have a limitless supply of them
[1] main router is a BigIron with FastIrons/4802s hanging off
[2] it's a great solution for IP load-balancing, though
#if ron.peterson at yellowbank.com /* Sep 24, 23:51 */
> On Tue, Sep 24, 2002 at 11:46:50PM -0400, yrp001 wrote:
> > Does anyone have any experience using linux/iptables to do high
> > throughput packet filtering (including connection tracking) plus
> > NAT for 1000+ clients up to (and perhaps beyond) DS3 speeds?
>
> That's dumb. Not all traffic would go to the DS3. A bunch would
> also hit the internal network, so I'd like all the throughput I can
> get. (Trying to tame resnet, you see.)
#endif /* ron.peterson at yellowbank.com */
--
Andy Davidoff
Sen. Unix SysAdmin
Tufts University
More information about the Discuss
mailing list