Hi Adolf,
Without suricata running on IPFire I got 55cps - 8000cps and very fluctuating.
I'm a little surprised because even the Pi 3 manages only a few connections per second, but reasonably constant.
I also found that on the server table it was showing mostly zero for Open Connections with occasionally having a 1 or 2
This is ok because with -x the client opens and instantly close the connection.
Without suricata and running fireperf -c <IP address> -P 1 -x -p 63000:63010 the server stayed at 0 Open Connections. The client had a few secs going from 8000 down to 5800cps then after around 10 secs the rate went down to 0cps - 235cps fluctuating and stayed like that.
Depending on the amount of available ram, IPFire sets the maximum number of available connections.
For the Mini, for example, 65536 connections.
This is good under normal conditions, but of course not very helpful for our test. However, you can easily change this value temporarily. sysctl -w net.netfilter.nf_conntrack_max=262144
This should change this behavior.
- Daniel
17. Februar 2021 15:36, "Adolf Belka (ipfire-dev)" adolf.belka@ipfire.org schrieb:
H Daniel,
On 17/02/2021 11:06, daniel.weismueller@ipfire.org wrote:
Hi Adolf, could you please retest your system with suricata disabled. I think surucata will also have a strong impact on cps. I will post the results to the wiki.
I re-ran the results but they were not better.
As an example with fireperf -c <IP address> -P 100 -x -p 63000:63010
Without suricata running on IPFire I got 55cps - 8000cps and very fluctuating. I also found that on the server table it was showing mostly zero for Open Connections with occasionally having a 1 or 2
If I turned suricata back on and re-ran the same test I got 300cps - 8000cps and very fluctuating but on the server I had 500-600 Open Connections.
I don't know what is expected to be seen on the client and on the server in this test but the above was what I found.
Without suricata and running fireperf -c <IP address> -P 1 -x -p 63000:63010 the server stayed at 0 Open Connections. The client had a few secs going from 8000 down to 5800cps then after around 10 secs the rate went down to 0cps - 235cps fluctuating and stayed like that.
Regards,
Adolf
Thanks, Daniel 16. Februar 2021 13:44, "Adolf Belka (ipfire-dev)" adolf.belka@ipfire.org schrieb: Hi All,
Following are the fireperf results I obtained:-
server: IPFire 2.25 - Core Update 153; Intel Celeron CPU J1900 @ 1.99GHz x4; I211 Gigabit Network Connection
client: Arch Linux; Intel Core i5-8400 CPU @ 2.80GHz 6 core; 1GBit nic
Server: fireperf -s -P 10000 -p 63000:630010
Client: fireperf -c <IP address> -P 1 -x -p 63000:63010 -> 100 - 3000 cps strongly fluctuating. After a couple of minutes the client cps went down to 0 and stayed there. I had to stop fireperf and restart the terminal to get it working again.
fireperf -c <IP address> -P 10 -x -p 63000:63010 ->250 - 500 cps fluctuating
fireperf -c <IP address> -P 100 -x -p 63000:63010 -> 220 - 1000 cps fluctuating
fireperf -c <IP address> -P 1000 -x -p 63000:63010 -> 1200 - 2500 cps fluctuating
fireperf -c <IP address> -P 10000 -x -p 63000:63010 -> 0 - 7000 cps hugely fluctuating
In all cases the cpu utilisation was quite low on both IPFire and the Arch Linux desktop.
I then repeated the above tests removing the -x option so I could see the data bandwidth.
fireperf -c <IP address> -P 1 -p 63000:63010 -> 225Mb/s - 1 core at 100%, rest around 30% to 40%
fireperf -c <IP address> -P 10 -p 63000:63010 -> 185Mb/s - similar as above
fireperf -c <IP address> -P 100 -p 63000:63010 -> 210Mb/s - similar to above
fireperf -c <IP address> -P 1000 -p 63000:63010 -> 370 - 450Mb/s - 2 cores at 100%, rest at 30% to 40%
fireperf -c <IP address> -P 10000 -p 63000:63010 -> 400Mb/s - 1Gb/s - 2 cores at 100%, rest at 40% to 50%
I recently got my Glass Fibre Gigabit connection connected. The supplier hooked his laptop directly to the media converter and got around 950Mb/s
Using the same speed test as he used but going through my IPFire hardware I get around 225Mb/s.
Although my hardware has four Intel I211 Gigabit NIC's, I have suspected that their performance is limited by the processor.
Regards,
Adolf.