| 1 |
On Thu, Sep 8, 2011 at 05:15, kashani <kashani-list@××××××××.net> wrote: |
| 2 |
> On 9/7/2011 5:25 AM, Pandu Poluan wrote: |
| 3 |
>> |
| 4 |
>> Well, for all my other servers, I standardized on ext4. |
| 5 |
>> |
| 6 |
>> Since a vFirewall have to perform lots of packet-juggling, I'd rather |
| 7 |
>> dedicate the CPU time to the kernel rather than the HD I/O. |
| 8 |
>> |
| 9 |
>> Of course, a vFirewall needs to be updated every now and then, but |
| 10 |
>> everytime an update is called for, it should not overly tax the CPU |
| 11 |
>> and degrade the netfilter framework. |
| 12 |
>> |
| 13 |
>> Rgds, |
| 14 |
> |
| 15 |
> You are making my point for me, but not realizing the end result of |
| 16 |
> the logic. There isn't any filesystem change that is going to affect CPU |
| 17 |
> usage by more than a few percentage points in the use case you've described. |
| 18 |
> Rsync, portage, and gcc use a massive amount of CPU compared to the amount |
| 19 |
> the filesystem changes will use other than brief points during the rsync. |
| 20 |
> Additionally most benchmarks are testing filesystem throughput and comparing |
| 21 |
> it to CPU. Because disk IO isn't under pressure in your scenario you're |
| 22 |
> unlikely to see the pathological use of CPU that can highlight the |
| 23 |
> differences between filesystems. |
| 24 |
|
| 25 |
Gosh, you're right! (And Jesús' reply also remind me). |
| 26 |
|
| 27 |
What was I thinking >.< |
| 28 |
|
| 29 |
> That said, you have a few reasonable choices. |
| 30 |
> |
| 31 |
> 1. Move to a binary distro |
| 32 |
> 2. Use buildpkg on a clone of this server and only install packages on your |
| 33 |
> Firewall. |
| 34 |
> 3. NFS mount /usr/portage when you need it and dist build on another server |
| 35 |
> 4. Don't upgrade |
| 36 |
> 5. Get a firewall server with more CPU so that it doesn't matter |
| 37 |
> 6. Script a new firewall server install every x months and swap it into |
| 38 |
> place and drop the original server. |
| 39 |
> 7. Some combination of the above. |
| 40 |
> |
| 41 |
|
| 42 |
I think I'll do (6). Attach a HD to another VM, install a similar |
| 43 |
system on that HD (chroot-ed, of course), update that regularly, make |
| 44 |
a stage5 (or 6 or whatevs) of the (ch)root, then do a 'tar xJf' on the |
| 45 |
firewall proper. |
| 46 |
|
| 47 |
So, a different scenario, then: Sometimes I need to log stuffs (via |
| 48 |
ULOG) or do a tcpdump. Will JFS give me additional benefit to ext4? Or |
| 49 |
should I just stick with ext4? |
| 50 |
|
| 51 |
Rgds, |
| 52 |
-- |
| 53 |
FdS Pandu E Poluan |
| 54 |
~ IT Optimizer ~ |
| 55 |
|
| 56 |
• LOPSA Member #15248 |
| 57 |
• Blog : http://pepoluan.tumblr.com |
| 58 |
• Linked-In : http://id.linkedin.com/in/pepoluan |
Archives