How many user environment could I support with this hardware?

mattb253

So we have alot of spare d525 atom supermicros in our office and I'd like to know how many users they could support?

Running DHCP, a few snort rules, SNMP and NTP server. Just assuming average office users, how many people could I toss behind this hardware?

http://www.supermicro.com/products/system/1U/5015/SYS-5015A-EHF-D525.cfm

d525 atom, 4GB RAM, pfsense 2.0 x64

wabashky

I have used a few of these with 50+ devices (IP Phones, desktops/laptops, and a wireless network) behind a 50/50 pipe and it does rather well.  Also ~60 tunnels with little to no downtime. Great little systems

stephenw10

Number of users is not the right question.
The limiting factor here will be connection bandwidth. Number of connections can also be an issue in some environments (if everyone is running torrent or gaming).
Those boxes are usually good for ~500Mbps of NAT/firewall but Snort will reduce that.

Steve

mattb253

@wabashky:

I have used a few of these with 50+ devices (IP Phones, desktops/laptops, and a wireless network) behind a 50/50 pipe and it does rather well.  Also ~60 tunnels with little to no downtime. Great little systems

@stephenw10:

Number of users is not the right question.
The limiting factor here will be connection bandwidth. Number of connections can also be an issue in some environments (if everyone is running torrent or gaming).
Those boxes are usually good for ~500Mbps of NAT/firewall but Snort will reduce that.

Steve

hey guys. i really appreciate the input, especially from those who have been using this same setup in a real world environment.

what method would you guys recommend that i use to test throughput on my exact setup? any more help would be greatly appreciated.

i just switched from ipcop to pfsense and so far i am loving it !

mattb253

so i did some throughput testing and these are my #s for anybody interesed. just a simple iperf test for throughput and matrix 21 for max concurrent connections.

64bit 2GB RAM -

matrix21 - MAX 45,604 concurrent connections

iperf  - WAN to LAN  - MAX 625Mbits/sec throughput ~610 average 598 Low

- LAN to LAN - MAX 815Mbits/sec  ~790 average 785 Low

4GB RAM - identical #s as above

32bit 2GB RAM -

matrix21 - MAX 45,604 concurrent connections

iperf - WAN to LAN - MAX 565Mbits/sec ~560 average 554 Low

- LAN to LAN- MAX 739MBits/sec ~736 average 728 Low

4GB RAM - identical #s as above

dreamslacker

Matrix21 isn't a good indication of the max connections you can push through the pfSense box.  Each IP is only good for 45k - 60k ports and each connection needs one unique port.

If you really want to test connections limit, multi-home both the wan side host and the lan side device.  Say, have 10 - 20 IP addresses tagged to the network card each.

Then run as many instances of matrix21, each tagged to one IP on both the server and device.

i.e.
Server is currently 10.0.0.1, client is 192.168.1.1

Multi-home the server so that it has the IPs 10.0.0.1 - 10.0.0.10 on the NIC.  Run 10 instances of Matrix21, each listening on one of those IP addresses.

Do the same for the client device.

Use batch file to do this and run all the instances together.  The sum of all the instances will give you a high connection limit.  You're not likely to actually be able to hit the pfSense limit with only 10 instances but it should cripple most other commercially available routers.