> From: "Marcus J. Ranum" <mjr @
tis .
com>
> Date: Fri, 21 Apr 1995 01:32:39 -0400 (EDT)
>
> I'm an experimental computer scientist, not a theoretical
> one. If I try something dozens of times and it works, after a
> while I'm willing to just say, "oh, with a 60MHz pentium it should
> be fast enough." :) Actually, based on real world experience
> with 50MHz '486 platforms I'd say they're fast enough. We went
> to Pentium boxes because Intel has deprecated the 486 in a major
> way - a 60MHz Pentium now costs what a 50MHz '486 used to. I'm
> sure we'll use 90MHz Pentiums someday, and guess what -- if my
> 50MHz '486 could handle the load, I'm willing to gamble that
> a processor more than twice as fast can handle it OK, too.
> Remember that Van Jacobson demonstrated saturating an ethernet
> with a Sun3/50 running TCP/IP. By extension, a Sun3/50
> can consume a T1 line.
Marcus,
I agree with you. Our dual-homed bastion host (using the TIS fwtk) is
a ISA-bus 8MB 486 DX2/66 running Linux 1.0.9 (not famed for top-notch
networking and planned to be upgraded soon) and the throughput we get
from our internal network to the WTDICT (Whatever The DMZ Is Called
Today) is as high as what we get inside our internal network given
similar hardware.
We think the bottleneck is in the network cards (a couple of old 3c503
we had no other use for). And, anyway, the net (i.e. actual data)
throughput is over 20 times our raw (i.e. substract overhead from
that) bandwidth to our provider. We know we cannot get to E1 (2 Mbps)
speeds with that hardware, but we will not be able to afford such
speeds for the time being. If we had the need for such speeds,
upgrading/changing the PC would mean nothing.
The current hardware should be able to stand 5 or 6 times 64 Kbps
according to our measurements for a continuous data flow (say, an FTP
session). For more bursty traffic (say heavy use of the http gateway)
other factors such as process creation may become significant. For
the record, the bastion just runs the proxies and a DNS server, no
other services are provided on it. And it *does* yawn :-) From top:
10:33am up 5 days, 19:11, 1 user, load average: 0.05, 0.01, 0.00
17 processes: 16 sleeping, 1 running, 0 zombie, 0 stopped
CPU states: 0.1% user, 0.0% nice, 2.3% system, 97.6% idle
Mem: 7220K av, 6204K used, 1016K free, 2092K shrd, 3360K buff
Swap: 12488K av, 132K used, 12356K free
When this measure was taken, a large transfer from a rather well
connected host (a host in the Netherlands from which I routinely get a
net throughput of roughly 75% of our raw bandwidth to our provider)
was going on (for more that 15 minutes in case someone wonders) plus
the occasional tn-gw, http-gw and smap/sendmail traffic. You mileage
may vary.
So the bastion is overpowered for our needs but as you point out, the
cheapest system you can buy is now pretty capable.
Around here (Spain) people tend to think that a bastion needs a high
performance machine. It seems we have been laughed at when we have
suggested a PC is good enough. And you would laugh if you heard about
what speeds are common around here (hint: only a few universities have
E1 and 64K is considered a fast link).
All the best,
Julio
--
Julio Sanchez, GMV SA, Isaac Newton 11, PTM Tres Cantos, E-28760 Madrid, Spain
Ph. +34 1 807 21 85 | jsanchez @
gmv .
es | Traveller, there is no
Fax +34 1 807 21 99 | jsanchez%gmv .
es @
Spain .
EU .
net | path; paths are made by
Telex 48487 GMEV E | Julio_Sanchez_GMV @
EuroKom .
ie | walking (A. Machado)
References:
|
|
