1 |
On Thu, Sep 8, 2011 at 05:15, kashani <kashani-list@××××××××.net> wrote: |
2 |
> On 9/7/2011 5:25 AM, Pandu Poluan wrote: |
3 |
>> |
4 |
>> Well, for all my other servers, I standardized on ext4. |
5 |
>> |
6 |
>> Since a vFirewall have to perform lots of packet-juggling, I'd rather |
7 |
>> dedicate the CPU time to the kernel rather than the HD I/O. |
8 |
>> |
9 |
>> Of course, a vFirewall needs to be updated every now and then, but |
10 |
>> everytime an update is called for, it should not overly tax the CPU |
11 |
>> and degrade the netfilter framework. |
12 |
>> |
13 |
>> Rgds, |
14 |
> |
15 |
> You are making my point for me, but not realizing the end result of |
16 |
> the logic. There isn't any filesystem change that is going to affect CPU |
17 |
> usage by more than a few percentage points in the use case you've described. |
18 |
> Rsync, portage, and gcc use a massive amount of CPU compared to the amount |
19 |
> the filesystem changes will use other than brief points during the rsync. |
20 |
> Additionally most benchmarks are testing filesystem throughput and comparing |
21 |
> it to CPU. Because disk IO isn't under pressure in your scenario you're |
22 |
> unlikely to see the pathological use of CPU that can highlight the |
23 |
> differences between filesystems. |
24 |
|
25 |
Gosh, you're right! (And Jesús' reply also remind me). |
26 |
|
27 |
What was I thinking >.< |
28 |
|
29 |
> That said, you have a few reasonable choices. |
30 |
> |
31 |
> 1. Move to a binary distro |
32 |
> 2. Use buildpkg on a clone of this server and only install packages on your |
33 |
> Firewall. |
34 |
> 3. NFS mount /usr/portage when you need it and dist build on another server |
35 |
> 4. Don't upgrade |
36 |
> 5. Get a firewall server with more CPU so that it doesn't matter |
37 |
> 6. Script a new firewall server install every x months and swap it into |
38 |
> place and drop the original server. |
39 |
> 7. Some combination of the above. |
40 |
> |
41 |
|
42 |
I think I'll do (6). Attach a HD to another VM, install a similar |
43 |
system on that HD (chroot-ed, of course), update that regularly, make |
44 |
a stage5 (or 6 or whatevs) of the (ch)root, then do a 'tar xJf' on the |
45 |
firewall proper. |
46 |
|
47 |
So, a different scenario, then: Sometimes I need to log stuffs (via |
48 |
ULOG) or do a tcpdump. Will JFS give me additional benefit to ext4? Or |
49 |
should I just stick with ext4? |
50 |
|
51 |
Rgds, |
52 |
-- |
53 |
FdS Pandu E Poluan |
54 |
~ IT Optimizer ~ |
55 |
|
56 |
• LOPSA Member #15248 |
57 |
• Blog : http://pepoluan.tumblr.com |
58 |
• Linked-In : http://id.linkedin.com/in/pepoluan |