"How much bandwidth can PF handle?"
"How much computing power do I need to handle my internet connection?"
There are no easy answers to those questions.
For a simple home connection, most hardware should be more than enough.
Other applications may require a faster machine with high-end NICs.
PF is used in some very large, high-traffic applications, and the developers
are power users of PF.
Odds are it will do very well for most people.
PF performance is determined by several variables:
- Number of packets per second.
Almost the same amount of processing needs to be done on a packet with
1500 byte payload as for a packet with a one byte payload.
The number of packets per second determines the number of times the state
table and filter rules have to be evaluated every second, determining
the effective demand on the system.
- Efficiency of the network card.
Some network adapters are just more efficient than others.
Older rl(4) NICs tend to be
relatively poor performers, while
ix(4) NICs tend to perform
very well.
- Complexity and design of the ruleset.
More lines being evaluated for each packet will result in slower
performance.
More packets being filtered by
quick rules will result in
better performance.
- Barely worth mentioning: CPU and RAM.
As PF is a kernel-based process, it will not use swap space.
So, if the system has enough RAM, it runs.
If not, it panics due to
pool(9) exhaustion.
Huge amounts of RAM are not needed.