>> 2. Is there a "magic" upper limit on forwarding or connections which cannot
>> be exceeded?
>Good question. I think the limits are based on the resource limits of
>the system, not the toolkit. Marcus?
The toolkit is for building proxy-type firewalls, so when
someone starts asking questions about forwarding rates or packets
per second, I usually suggest they read the documentation a bit
more carefully. :)
Anyhow, there aren't any limits in the toolkit proxies.
It's possible that an underconfigured system might not be able
to support the number of proxies it's trying to run, but those
limits would all be in the base O/S not the toolkit.
Generally, for anything but ether or T3 speeds, the
network should act as a gating factor on the maximum load
the proxies will be able to produce.
>> 3. What type of box will be necessary (assuming we choose TIS) to service
>> this type of load? Will one (fault tolerant) box be sufficient?
>Last week I ran ftp-gw on a 90 MHz pentium. It happened to have 64 MB of
>ram, which is much more than necessary, and two ethernet cards. I got
>somewhere around 800KB/sec thruput at almost 100% cpu utilization. I
>didn't pursue it much farther: we only have a T1 and 800K is about 5
>times the T1 bandwidth.
Assume the 800KB/sec will represent a maximum, since if you
have more proxies running at once you'll have a teeny bit more
scheduling contention and a teeny bit more memory activity when
you context switch. But that's a pretty good number. :) A P90 is
a respectable machine. :) Really, the quality of the vendor's IP
stack and the device driver for the network card seems to be the
most important performance factor.
I'm generally interested in toolkit-related performance
figures - anyone else got any??