CPU utilization on HP t620 plus
-
@daddygo
Thanks for the quick reply. I just switched over to the T620 and I’m changing Internet providers next week so a lot going on.
One of the things that caught my attention is that when I connect to OpenVPN from my laptop from a remote location it takes about 3-4 seconds to connect when it probably took no longer than 1 second with the old PC that I was using for PFsense. So far I haven’t been able to determine what might be causing that delay. -
@briankelly63 said in CPU utilization on HP t620 plus:
OpenVPN
OpenVPN on the firewall is a typical case of single-threaded behaviour
OPENVPN single threaded, so your best friend in this case is a high CPU clock speed on a single core
-
@briankelly63 said in CPU utilization on HP t620 plus:
2752M Free
You don't need more RAM. At least not yet.
Actual time taken to connect is unlikely to vary much unless you have a huge number of users. Was the old device running the same pfSense version? Are you testing from the same client version? 3-4s is pretty much what I expect though. Even on something very fast.
Steve
-
@stephenw10
Thx for the reply. The old device was running same version and I was connecting from same client.
As an experiment I created a second OpenVPN server on the same Pfsense box (t620) by first making a copy, testing (same result) and then simplifying the configuration so it would be more lightweight. With that change the connect time of the client dropped dramatically. Looks like it is the negotiation time when things are a little slower. I'm going to be adding more memory to that machine this week. In order to preserve the SSD I had originally selected the option to run var and tmp out of system memory but 4gb wasn't enough. With more memory I'll be able to do that which may speed things up.
Interestingly I did find a 'bad' setting in my configuration which was the Pure Nat vs Nat plus Proxy which was generating lots of errors in the log and may have been slowing things a bit. Fixed. -
Mmm, how large a RAM drives did you set? I usually use double the default size so 120/80MB.
You can't run Snort/Suricata in that but you shouldn't use RAM drives at all if you're running those.
Steve
-
@stephenw10
I probably only set it for 60 each. Maybe that’s why it ran out of space and was crashing. Not using snort or Siri at a right now just pfblockerNG -
Yeah I would go to at least double. On x86 the available kernel space is large and you're only using a bit over 1G so you could easily go larger if you need to.
You probably don't though. My edge device right now:
Steve
-
@stephenw10
Thanks, I will give that a try. I did order some more memory which I’ll install in the next couple of days so that should give me plenty of room. -
@briankelly63 said in CPU utilization on HP t620 plus:
I did order some more memory which I’ll install in the next couple of days
In that case, I'd get rid of the RAM disks,......- and an additional proposal pls. put the installation to ZFS, although you still have enough memory in the current situation, many people are running with 2G RAM.
(You don't gain as much on "shrine" of the speed as you lose in RAM disk usage and security, although a good UPS can always be a solution.)
if you want later IPS/IDS this excludes the RAM disk, as Stephen described, ergo better to think ahead than to reconfigure later
I read above about the relationship between RAM disk and SSD 64GB.
Don't worry about the SSD 64GB, would be plenty enough for up to 3 - 4 complete pfSense installationsThe RAM disk, in my reading, is always a necessary solution if the HW is lower ability for some reason, but that's not the case with you and you are free to expand it.
Fast RAM + MOBO speed + SSD disk = good approach
don't forget it's just a router + firewall in SOHO environment
(not a heavy loaded database server)price/value invested + scope of use = economic efficiency
always good for your wallet -
Thanks... I think I'll avoid the RAM disk for now and just keep an eye on memory.
