 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
|||||||
 |
|
|
Thread Tools | Display Modes |
|
#1
09-10-2003, 07:19 PM
|
firewall with low-end cpu (K5-75) and USB modem
As some of you may recollect, I queried whether I'd be in trouble trying
to run Smoothwall on a K5-75 with the dreaded alcatel 330 USB modem. Well the box is currently forwarding 30+ Mb of the latest linux kernel (2.6.0 test5) to a win2k box at a reported 56kB/s- 'top' shows the K5 running about 75% idle with the remaining time split roughly equally between user (snort?) and system Looks like I didn't need to worry Bob -- robert w hall robert w hall 
|
|
#2
09-10-2003, 08:52 PM
|
|||
|
|||
|
Re: firewall with low-end cpu (K5-75) and USB modem
On Wed, 10 Sep 2003 19:19:25 +0100, robert w hall
<(E-Mail Removed)> wrote: >As some of you may recollect, I queried whether I'd be in trouble trying >to run Smoothwall on a K5-75 with the dreaded alcatel 330 USB modem. > >Well the box is currently forwarding 30+ Mb of the latest linux kernel >(2.6.0 test5) to a win2k box at a reported 56kB/s- 'top' shows the K5 >running about 75% idle with the remaining time split roughly equally >between user (snort?) and system Nice stats, thanks for posting them. >Looks like I didn't need to worry Yup. Out of interest, do you have the web cache enabled on the firewall? Chris C
|
|
#3
09-10-2003, 11:35 PM
|
|||
|
|||
|
Re: firewall with low-end cpu (K5-75) and USB modem
In article <(E-Mail Removed)>, Chris Croughton
<(E-Mail Removed)> writes >Nice stats, thanks for posting them. thanks Incidentally, in view of the similar thread on u.c.o.l ('is a P120 good enough'), it's worth noting that RAM appears to be a tighter resource. I've got 16MB of RAM, mostly used; when the system is going full tilt it's also using 5MB of the 16MB of swap. Snort alone takes 10MB (and most of the 'user node' cpu). > >>Looks like I didn't need to worry > >Yup. Out of interest, do you have the web cache enabled on the >firewall? I took the defaults - (4MBmax cache non-transparent ?) - but that wouldn't affect these results, for a large (30MB+) one-off download?? > >Chris C -- robert w hall
|
|
#4
09-11-2003, 07:13 AM
|
|||
|
|||
|
Re: firewall with low-end cpu (K5-75) and USB modem
On Wed, 10 Sep 2003 23:35:36 +0100, robert w hall
<(E-Mail Removed)> wrote: >In article <(E-Mail Removed)>, Chris Croughton ><(E-Mail Removed)> writes >>Nice stats, thanks for posting them. >thanks >Incidentally, in view of the similar thread on u.c.o.l ('is a P120 good >enough'), it's worth noting that RAM appears to be a tighter resource. >I've got 16MB of RAM, mostly used; when the system is going full tilt >it's also using 5MB of the 16MB of swap. Snort alone takes 10MB (and >most of the 'user node' cpu). AFAIK Snort can't be resource limited. >>Yup. Out of interest, do you have the web cache enabled on the >>firewall? > >I took the defaults - (4MBmax cache non-transparent ?) - but that >wouldn't affect these results, for a large (30MB+) one-off download?? It may be using RAM and causing it to swap more (alternatively, if it's there but not doing anything then /it/ may be what's in the swap area). Incidentally, conventional advice is that the swap should be twice the size of the physical RAM (no, I don't understand it either, but allegedly some kernels had problems if it was smaller than that). Chris C
|
|
#5
09-11-2003, 08:11 AM
|
|||
|
|||
|
Re: firewall with low-end cpu (K5-75) and USB modem
In article <(E-Mail Removed)>, Chris Croughton
<(E-Mail Removed)> writes >On Wed, 10 Sep 2003 23:35:36 +0100, robert w hall > <(E-Mail Removed)> wrote: > >>In article <(E-Mail Removed)>, Chris Croughton >><(E-Mail Removed)> writes >AFAIK Snort can't be resource limited. hmm... (well I can't pretend to understand snort) > >>>Yup. Out of interest, do you have the web cache enabled on the >>>firewall? >> >>I took the defaults - (4MBmax cache non-transparent ?) - but that >>wouldn't affect these results, for a large (30MB+) one-off download?? > >It may be using RAM and causing it to swap more (alternatively, if it's >there but not doing anything then /it/ may be what's in the swap area). no, it's there taking significant cpu on the beefy downloads (but yes, I must look at the swapping frequency...) >Incidentally, conventional advice is that the swap should be twice the >size of the physical RAM (no, I don't understand it either, but >allegedly some kernels had problems if it was smaller than that). > This is an old chestnut of course :-) (especially during the early days of 2.4 when the memory model was changing every few releases) Remember that Smoothwall 1.0.0 is using a late 2.2 kernel (2.2.25), IPCOP1.3 (which I've got on the other drive) uses kernel 2.4.20 (IIRC) and DOES require swap=2*memory+ (I dimly recollect that the swap>=2*memory rule was only mandatory for the early 2.4 series) Anyway, the installed swap is done automatically by Smoothwall/IPCOP on installation. Bob >Chris C -- robert w hall
|
|
#6
09-11-2003, 09:45 AM
|
|||
|
|||
|
Re: firewall with low-end cpu (K5-75) and USB modem
On Thu, 11 Sep 2003 08:11:38 +0100, robert w hall
<(E-Mail Removed)> wrote: >In article <(E-Mail Removed)>, Chris Croughton ><(E-Mail Removed)> writes >>On Wed, 10 Sep 2003 23:35:36 +0100, robert w hall >> <(E-Mail Removed)> wrote: >> >>>In article <(E-Mail Removed)>, Chris Croughton >>><(E-Mail Removed)> writes >>AFAIK Snort can't be resource limited. >hmm... >(well I can't pretend to understand snort) Nor do I <g>. Hence 'AFAIK' (and if anyone does know how to 'tune' it so that it uses less resource I'd like to know). >>>I took the defaults - (4MBmax cache non-transparent ?) - but that >>>wouldn't affect these results, for a large (30MB+) one-off download?? >> >>It may be using RAM and causing it to swap more (alternatively, if it's >>there but not doing anything then /it/ may be what's in the swap area). > > no, it's there taking significant cpu on the beefy downloads >(but yes, I must look at the swapping frequency...) Yup. And whether it's actually worth running it if most of what you are downloading is only done once. Especially since the amount you're fetching is way over the cache size, so it just gets wiped again. >>Incidentally, conventional advice is that the swap should be twice the >>size of the physical RAM (no, I don't understand it either, but >>allegedly some kernels had problems if it was smaller than that). >> >This is an old chestnut of course :-) >(especially during the early days of 2.4 when the memory model was >changing every few releases) >Remember that Smoothwall 1.0.0 is using a late 2.2 kernel (2.2.25), Ah, I haven't looked at it for ages, I expected it woud be using a 2.4 kernel by now (mind you, my main machines are using 2.2.19pre17 with custom modules). >IPCOP1.3 (which I've got on the other drive) uses kernel 2.4.20 (IIRC) >and DOES require swap=2*memory+ >(I dimly recollect that the swap>=2*memory rule was only mandatory for >the early 2.4 series) Could be, I lost track of when it had been fixed. >Anyway, the installed swap is done automatically by Smoothwall/IPCOP on >installation. Ah, right, they should know. It's still good to check, though... Chris C
|
|
| Tags |
| cpu, firewall, k575, lowend, modem, usb |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
