View Single Post
  #1   (View Single Post)  
Old 20th January 2011
mbw's Avatar
mbw mbw is offline
Port Guard
 
Join Date: May 2010
Location: Seattle, WA
Posts: 13
Default OpenBSD, PF, bridging and 10gE

Hi,

Im currently using an older sun fire x4100 with its integrated
1G network ports in a bridge and use PF to filter traffic to my 50 or
so machines in a server room. The 1G uplink to the internet is directly
connected in to the public side of the PF firewall.

I have used this setup for years and it works well.

But now we are considering upgrading the server room uplink from a 1G Cat5 cable to 10gigE Multimode fiber. If I do this and keep my same OpenBSD firewall, I am thinking that I will need to put a dual-port PCI-X 10gigE network card in there in order to bridge the 10gigE from the public
internet uplink in to the protected server room.

My question is this: Will the pci-X backplane be a bottleneck for acheiving
line rate 10gigE ? It has been suggested to me by my local network folks that my firewall may be able to handle bridging 1G traffice, but might not
be able to handle 10gE traffic... Im not sure how to gauge this.

I suppose I could, in my ignorance, throw a newer 1U system with PCI-e v2.0 and the newest dual port 10gigE card I can find at it... but it would be nice to understand what the constraints are...

Any pointers appreciated

thanks,

Matt
Reply With Quote