Ok, I have followed couple of advises found on the forum.
I have made a simple configuration which looks like that : Station_1 <<< WAN >>> pfSense_FW <<< LAN >>> Station_2 1.2.3.4 <> 1.2.3.5/24 192.168.1.1 <> DHCP I have been conducting these tests with pfSense 1.2.3 The hardware I have been testing the solution on is the following : • Intel® Atom N270 1.6 GHz • Intel® 945GSE North & ICH7- M South Bridge Chipset • 512MB DDR2 RAM on board + 1 SODIMM 1024MB Slot • 5 LAN Ports (4 Gigabit Intel 82574L + 1 FE Intel 82551ER) I have tried all sort of things to optimize the settings on the firewall, all in all I have obtained the following results: WITH PACKET FILTERING ENABLED gregober 18:24:15 ~ -> iperf -c 1.2.3.4 ------------------------------------------------------------ Client connecting to 1.2.3.4, TCP port 5001 TCP window size: 129 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.1.199 port 53298 connected with 1.2.3.4 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 257 MBytes 216 Mbits/sec WITHOUT PACKET FILTERING ENABLED gregober 18:40:12 ~ -> iperf -c 1.2.3.4 ------------------------------------------------------------ Client connecting to 1.2.3.4, TCP port 5001 TCP window size: 129 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.1.199 port 53391 connected with 1.2.3.4 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 1.03 GBytes 882 Mbits/sec This means that when firewall is enabled, performances of the firewall are reduced by 75% I found this quite surprising because my hardware is very far from beeing saturated, It is in fact not impacted at all by these tests. I was wondering if this is normal ? Is there any settings I might optimize somewhere ? Le 4 sept. 2010 à 18:27, Chris Buechler a écrit : > On Sat, Sep 4, 2010 at 5:58 AM, bsd <[email protected]> wrote: >> Hi, >> >> I am looking for a tool (or a configuration setup) that will allow me to >> benchmark (performance test) couple of firewall based on pfSense, and >> eventualy to compare them with other software / hard solution. >> >> Any idea, clue, link will be highly appreciated. >> > > It depends on what you'll be sending through the firewall in > production. There's a big difference between different types of > traffic. Basic test tools include iperf, netperf, and many others. > That type of test only tells you the maximum achievable single stream > throughput, though you can customize to some extent. Better to > replicate an environment similar to what you'll have in production, > whether web serving, VoIP, web browsing, whatever. There are specific > tools for most protocols. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Gregober ---> PGP ID --> 0x1BA3C2FD bsd @at@ todoo.biz ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
