> Message: 1 > Date: Wed, 20 Jan 2010 19:58:30 +0000 > From: Martin Johnson <[email protected]> > Subject: [Soekris] Max PPS for 5501 as a router? > To: [email protected] > Message-ID: <d98c3d22-b87d-478d-9ec1-84bd7cbf7...@local> > Content-Type: text/plain; charset=us-ascii > > Hello, > > Has anyone measured the maximum number of packets-per-second that a 5501 can > handle as a router - ideally using PPPoE mode for the WAN side? > > I'm running pfSense 1.2.3 (based on FreeBSD 7.2) on an ADSL link, running > PPPoE with a Draytek Vigor 120 modem. Normally this setup is solid, but if > I run Nessus with default settings against lots of IP addresses, the PPPoE > session drops. pfSense shows high CPU utilization when this happens. > > A workaround appears to be to set up the traffic shaper in pfSense, imposing > upload and download limits slightly lower than the net throughout expected > for the ADSL link. > > One possible explanation is that Nessus sends a very large number of very > short packets during its port-scanning phase, so the 5501 receives an > unusually large number of packets per second - causing problems if the > sustained packet rate is higher than the 5501 can really cope with. Yet I > note that the 5501 can handle sustained traffic of 300 PPS with only modest > CPU utilization being reported in pfSense. > > Another possibility is that the upstream ISP equipment requires LCP Echo > replies in order to keep the PPPoE link up, and somehow pfSense's MPD > (version 3.18) doesn't send the LCP Echo replies quickly enough when under > such load. This seems unlikely though, as my impression was that LCP Echo > was only required to keep the link up when there's no user traffic to send. > > I'd be grateful for any information. At this stage I'm starting to wonder > whether an old Pentium 4 desktop would be worth testing as the pfSense > router, in case the problem is that the 5501 can't process more than a > certain number of interrupts per second. But of course a PC burns a lot more > energy than a Soekris board. > > Thanks, > > - Martin >
One thing that popped up in my mind, but you have probably already ruled this one out: How large is your firewall state table in pfsense? The default is 10,000 firewall states. // Alex _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
