BTRFS EXT3 EXT4 XFS and KVM virtual machine: a host-side filesystem comparison

Written by Gionatan Danti on . Posted in Linux & Unix

User Rating:  / 14

Well, only some days passed since my latest filesystems comparison. In that article, we see how BTRFS, EXT3, EXT4 and XFS compared each other when used in server and desktop environment.

However, one question remain: what is, performance-wise, the host-side filesystem that you should use for your virtual machine hosting system? In other terms: what host-side filesystem will enable my guest virtual machines to run at full speed? This is not a simple question: while filesystem benchmarking is already a difficult task, it become even more difficult when you take into account the variables added by an HW/OS virtualization layer.

BTRFS vs EXT3 vs EXT4 vs XFS performance on Fedora 17

Written by Gionatan Danti on . Posted in Linux & Unix

User Rating:  / 19

Linux filesystems are a moving target: each new kernel release can potentially alter their performance and reliability. So, its interesting to periodically measure filesystems performance. This time, I used the newly-released Fedora 17 (amd64 version, 3.4.x kernel branch). We already know the contenders:

  • ext3, the classic Linux filesystem 
  • ext4, the natural ext3 successor as default Linux filesystem 
  • xfs, an high performance filesystem designed with scalability in mind 
  • btrfs, the new, actively developed, feature-rich filesystem (which, recently, has been propesed as the new Linux default filesystem)

How to drop or block Skype connections with your gateway firewall

Written by Gionatan Danti on . Posted in Howto

User Rating:  / 19

Today, network admins face a very hard job trying to protect their internal LAN: if, 15 years ago, the Internet was basically a simple, yet large, client-server network, today we have a much varied environment.

One of the more difficult things to drop or block are P2P protocols: for their very nature, these protocols imply HTTP/S-tunneled client-to-client communications, and so they are quite hard to properly discover at the gateway level. Skype is one of these application: if it can not use its default ports, it tunnel itself into an HTTPS stream.

Cyberoam CR25ia UTM firewall review - throughput and latecy examined

Written by Gionatan Danti on . Posted in Hardware analysis

User Rating:  / 2

Today, we are going to review one of Cyberoam's smallest UTM device, the Cyberoam CR25ia. This metal-looking appliance is a 100% UTM-enabled device, capable of url/content filtering, antivirus / applications inspection and IDS/IPS analysis. You can read the full Cyberoam CR25ia product specifications here, while you can download an even more detailed PDF here.

Current bare hardware list price is 563€ (+ 86€ for yearly 8x5 maintenance & support), while for a complete UTM solution you need the UTM license which costs another 216€, bringing total cost to 779€. While these are not dirty-cheap prices, they are considerably lower then similar UTM devices from other vendors, sometime by a great margin. Analyzing CR25ia, keep in mind its price advantage.

List price are obviously subject to change; however, you can not expect prices to excessively fall down: we are dealing with a very capable device that boasts 4 Gigabit Ethernet ports and  interesting UTM throughput, as Cyberoam certifies a ~50 Mbit/s full UTM (antivirus + IDS/IPS) performance. Firewall and VPN specifications are quite high, being rated at 450/225 Mbit/s (for UDP and TCP traffic respectively) and 75  Mbit/s for AES-encrypted traffic. On the other hand, 3DES performance is rated at only 30 Mb/sec.

Big Kepler (GK100 / GK110) speculations based on GK104 die

Written by Gionatan Danti on . Posted in Hardware analysis

User Rating:  / 1

On March 22, 2012 Nvidia launched its latest graphic chips, codenamed GK104. This chip, powering the high-end GeForce GTX 680, proved to be a formidable contender for AMD cards.

However, while the newly launched GeForce GTX 680 is indisputably an high-end card, the GK104 chip itself seems a little “small” for Nvidia's standard: it weight at about 294 mm2 only. This, combined to the removal (eg: ECC memory protection), or attenuation (eg: very low FP64 rate) of certain GP-GPU specific features, leave the door opened to the future presentation of a new, bigger, GP-GPU-centric chip.

This article try to elaborate on GK104 die size and features to project some possible solutions for the bigger GK100 / GK110 processor. Remember that these are speculations only! Final GK100 / GK110 can be very different from what we expect.

UPDATE: it seems that Big Kepler chip's codename will be GK110 rather than GK100. I updated the article to reflect this.