Nik
Jun 14, 2010Cirrus
access restriction - pf vs irule?
we'll be making the transition from a pair of 6800s to a new viprion chassis in a few weeks. the current pair pushes about 900mb/s externally with 5k new connections per second.
about a year ago with v9.x we were using the built-in packet filter for simple access control but as traffic increased so did our cpu load.. when it hit the roof we disabled the packet filter and switched to simple irules that use data groups to either reject or allow every new connection on a per-vip basis.
we're now on v10 and soon moving to the viprions. Before i start any testing of my own i'm wondering what everyone's recent experiences are with packet filter performance? is it worth it to use pf over irules?
thanks!