On Sat, 2002-03-16 at 12:05, Jack Bowling wrote: > ** Reply to message from Gordon Messmer <[EMAIL PROTECTED]> on Sat, 16 Mar 2002 >11:53:05 -0800 > > > It becomes less appropriate when the amount of traffic to be firewalled > > approaches half the bandwidth of the PCI bus. Hardware firewalls tend > > to have much faster back planes. You can sometimes compensate for this > > by having more firewalls in front of smaller groups of networks/hosts. > > Note also that the NAPI framework has just been dropped into the 2.5.x kernel >development tree and will likely be backported to the 2.4. series. It allows much >faster processing of interrupts and apparently makes a huge positive difference in >throughput which in turn will likely improve the netfilter/iptables side.
Doesn't really change my point. There's only so much bandwidth available to the PCI bus. The PC architecture isn't going to process an infinite number of packets. Your very expensive switches have backplanes that can transfer gigabits of data per second.
signature.asc
Description: This is a digitally signed message part
