Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Feedback - 2.2 failover performance on Alix 2D13

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phil.davis
      last edited by

      Tested with:
      2.2-ALPHA (i386)
      built on Mon Apr 14 15:07:07 CDT 2014
      FreeBSD 10.0-STABLE

      LAN is ordinary ethernet subnet
      OPT2WIFI is an Atheros b/g WiFi card in the Alix 2D13

      WAN is cable to an ADSL router, that then connects out to internet. Monitor IP 8.8.8.8
      OPT1 is cable to ISP wireless device on my roof, that then connects to internet through the ISP tower. Monitor IP 8.8.4.4

      Gateway group VPNclients, WAN tier1, OPT1 tier 2
      VPN site-to-site client connecting to main office using VPNclients GWG (i.e. preferring WAN)

      Gateway group InetGeneral, OPT1 tier1, WAN tier2
      Firewall rules on LAN and OPT2WIFI to policy-route general traffic to InetGeneral GWG (i.e. preferring OPT1)

      Test 1: Disconnect telephone line cable from ADSL router. After a few seconds, apinger reports that WAN is down. OpenVPN client conf is rewritten to use OPT1, OpenVPN client reestablishes connection to Main Office through OPT1. General internet traffic continues on OPT1. Pass.

      Test 2: Connect telephone line cable to ADSL router and wait for it to establish a connection. apinger reports that WAN is up. OpenVPN client conf is rewritten to use WAN, OpenVPN client reestablishes connection to Main Office through WAN. General internet traffic continues on OPT1. Pass.

      Test 3: Unplug ethernet cable from OPT1 to rooftop device. apinger reports OPT1 down (and there is also a hardware down of the physical OPT1 interface). General internet traffic fails over to use WAN. OpenVPN client is unaffected - continues uninterrupted out WAN. Pass.

      Test 4: Connect ethernet cable from OPT1 to rooftop device. apinger reports OPT1 is up (and hardware interface comes up, and gets DHCP). General internet traffic fails back to use OPT1. OpenVPN client is unaffected - continues uninterrupted out WAN. Pass.

      Normal memory on the dashboard sits at around 45% with this config. During the failover/back events the maximum memory use displayed on the dashboard was 52% - wonderful!!!! On 2.1.n the memory use goes way up to 80, 90 100% and process(es) got killed. This is soooo much better.

      Failover processing seems to take between 20 to 40 seconds (depending what stuff has to be moved, I guess). This is just from rough observance of the CPU on the dashboard, which refreshes each 10 seconds. It goes to 80, 90, 100% CPU for 2 to 4 samples. That is fine.

      For the stuff I use on Alix 2D13 this now seems great. Congratulations to those getting 2.2 ready - after a few weeks of seeing how it runs at home, I am going to struggle to resist upgrading office systems because of:

      a) FreeBSD 8.3 is going to go end-of-life some time after 30-Apr-2014 - http://www.freebsd.org/security/ - but actually I suspect that if there is another major security issue found that FreeBSD would provide 8.3 security patches for longer than that.

      b) Reduced memory usage when failing over, doing lots of PHP stuff. That will really help some of my offices that have multiple OpenVPN road warrior and client/server site-to-site links on Alix 2D13 256MB.

      c) Outbound NAT Hybrid mode - can add a few extra outbound NAT rules, while keeping the automatic ones happening underneath. Previously if I had to use manual outbound NAT to add a couple of extra outbound NAT rules, then later renumbered a local LAN, I would always forget to edit the outbound NAT rules also, then scratch my head for a while wondering why internet did not work. Now hybrid NAT will let me have my cake and eat it - the automatic rules will be automatically regenerated by pfSense, and I can have some extra rules also.

      Now to get out my VLAN switch and set up a couple of VLANs and see if that all works…
      (how much can a poor little Alix be loaded down with?)

      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Well thank you for the report.

        All this is the move to php-fpm and the fastcgi in console and events.

        You now, i hope, understand why i did not merge your proposals/pulls for handling events with some monitoring.

        This can get even better with time so….

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          Yes, this is much better than trying to patch up the old system/version - thanks.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • E
            eri--
            last edited by

            Just so i do not forget.
            At 256MB RAM APC is disabled.
            That was from my testing the best choice.

            Though it can speedup things if needed at cost of memory.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.