Pfsense maximum throughput
-
I was getting about 15k packets/second average. Now the tests only lasted a few seconds, but I made sure to run them within the minute. The tests only lasted about 10 seconds, so if I multiply 15k by 6, that's 90k packets/sec.
This doesn't make sense.
Your test period was only ~10s so the average may not be that good, you would see less jitter across multiple tests with a longer period, but that doesn't mean the figure is not valid. 15K pps for 10 seconds would give you 150K packets total or for 1 minute 900K packets total but the rate is still 15Kpps. Multiplying by 6 is a meaningless calculation. ;)Steve
I'm not saying it's fully representative of a full 1min run, but if a 60 second average is 15k when I was only running for 10 seconds, then simple math says that I had to have been averaging 90kpps for 10 seconds in order to reach 15kpps average. The other 50 seconds was ~0 pps. x*10/60=15,000 solve for x
ok.. so decided just to use "-t 120" and see what my new max is
iperf -c 192.168.1.1 -f m -p 5001 -w 2M -M 128 -N -P 8 -t 120 -m -l 16KB[ ID] Interval Transfer Bandwidth
[ 10] 0.0-120.0 sec 1683 MBytes 118 Mbits/sec
[ 10] MSS size 1 bytes (MTU 41 bytes, unknown interface)
[ 9] 0.0-120.0 sec 1682 MBytes 118 Mbits/sec
[ 9] MSS size 1 bytes (MTU 41 bytes, unknown interface)
[ 6] 0.0-120.0 sec 1682 MBytes 118 Mbits/sec
[ 6] MSS size 1 bytes (MTU 41 bytes, unknown interface)
[ 8] 0.0-120.0 sec 1682 MBytes 118 Mbits/sec
[ 8] MSS size 1 bytes (MTU 41 bytes, unknown interface)
[ 5] 0.0-120.0 sec 1681 MBytes 118 Mbits/sec
[ 5] MSS size 1 bytes (MTU 41 bytes, unknown interface)
[ 4] 0.0-120.0 sec 1681 MBytes 118 Mbits/sec
[ 4] MSS size 1 bytes (MTU 41 bytes, unknown interface)
[ 7] 0.0-120.0 sec 1682 MBytes 118 Mbits/sec
[ 7] MSS size 1 bytes (MTU 41 bytes, unknown interface)
[ 3] 0.0-120.0 sec 1682 MBytes 118 Mbits/sec
[ 3] MSS size 1 bytes (MTU 41 bytes, unknown interface)
[SUM] 0.0-120.0 sec 13456 MBytes 940 Mbits/secLAN in-pass 1min avg was 80.11kpps. Not 90k,but I was doing rounding on rounding. Pretty close. So, yeah, drop down the MTU to make the test more stressful.
-
Hmm, so you're saying the test ran for a minute but was only sending traffic for the first 10 seconds? :-
That's not normally how iperf functions. Running the test longer simply gives you more data to avarage across so you are less likely to see glitches. However I see you have a long command line string so maybe you're using something I don't. In fact I see it's reporting a '1 minute average' so that makes sense. Seems odd that it would do that when the test is less than 1min though.Steve
-
Hmm, so you're saying the test ran for a minute but was only sending traffic for the first 10 seconds? :-
That's not normally how iperf functions. Running the test longer simply gives you more data to avarage across so you are less likely to see glitches. However I see you have a long command line string so maybe you're using something I don't. In fact I see it's reporting a '1 minute average' so that makes sense. Seems odd that it would do that when the test is less than 1min though.Steve
Sorry, I was using the PPS RRD graph, which shows in 1min averages. I have not noticed a PPS real-time graph in PFSense, so the average is the best I had.
As for why I did a short test, I didn't notice the "-t" flag that someone so graciously pointed out :
-
Sorry, I was using the PPS RRD graph
Ah, that explains my confusion. ;)
Anyway, 940Mbps, looks like you've got some strong numbers there.Steve
-
iperf measure overall performance. i want to find a solution to measure throughput for specific package in pfsense, like dansguardian, firewalling, snort, … .
-
snort and other programs are usually based on state openings. To me the best way to test is with a BitTorrent of your favorite Linux distro, or several all at the same time.
-
Dear podilarius,
I need to create torrent files with default tracker URI and seed them from server side. then i should open torrent files in client side. average of "Down Speed" is my throughput.
Am i right? -
If they are running concurrently add the averages. Otherwise yes, just average out the connections. This really will test snort. To test dansguardian, you would need to have an html spider doing out and hitting lots of different sites. Again, average or add the averages.
-
thanks a lot,
What about firewalling? is bittorent a good choice with a pass rule?
I want to measure maximum users(Concurrent Sessions) and new sessions per second too.
do you know a tool for this purpose? -
Try Google. look for a firewall test program or suite. There might be a free one. Please let us know what you found, used, and the results. I don't have a strong enough connection to test the limits of my hardware.
-
Concurrent sessions is where pfSense really stands out as a firewall device. Just add more RAM if you need more. Have a look at this thread to see what can be acheived. I have no idea what you might test it with though.
https://forum.pfsense.org/index.php?topic=72810.0Steve
-
There isn't any free network firewall test program that can measure firewall throughput and max. concurrent sessions. Commercial products are spirent avalanche and breakingpoint firestorm.
-
http://curl-loader.sourceforge.net/ ?
Steve
-
Great software!
Thank you very much Steve
