Advice required: matching hardware to task



  • Hi folks. I am trying to overcome a problem in that the new router provided by my ISP (no choice but to use this) seems to limit the number of concurrent connections I can make to the web even when in modem mode.

    My interest in distributed computing means that I am currently struggling some with the fact that the upload of my 150/12 connection is not enough at times. This on the old router/modem but upgrading to 200/20 means having to use the new "modem"

    I am running pfsense 2.3.3 on a j1900 celeron currently with 4GB and intel i350. I use unbound

    My usage resulted in 33.4 TBytes Down and 2.64 TBytes up in the last month.

    I am thinking that by selecting the right VPN provider and setting up on the pfsense box I may resolve my problem but in truth I know next to nothing about the mechanics of VPN nor about the limitations.

    My alternate is to run just the machine that does all this bandwidth (e5-2650 x2 32GB Linux Mint) on VPN I think.

    Would any of you like to try to point out the errors in this old guy's thinking and perhaps show me the best way to proceed, particularly whether the current pfsense hardware is likely to cope with the encrypt/decrypt load


  • Banned

    @OldChap:

    …the new router provided by my ISP (no choice but to use this) seems to limit the number of concurrent connections I can make to the web even when in modem mode.

    …j1900...

    My usage resulted in 33.4 TBytes Down and 2.64 TBytes up in the last month.

    I am thinking that by selecting the right VPN provider and setting up on the pfsense box I may resolve my problem...

    ...particularly whether the current pfsense hardware is likely to cope with the encrypt/decrypt load

    If you really are limited to only the specific modem/router combo your ISP gave you, and it really is what is limiting you on concurrent connections then that's the end of the line. Nothing downstream of your modem will improve your modems performance. It's possible that you needed an improved modem (i.e., DOCSIS 2 to DOCSIS 3 or something along those lines) for your new connection, and your ISP misled you to believe that you must use specifically their modem/router combo to scalp some more $ off of you. If that is the case then you can buy your own modem that meets the spec and return the ISP's piece of junk. If it really is something forced by your ISP then yeah, a firewall/router won't change that.
    What is the exact model of your modem? And how many concurrent connections do you need?

    Whether or not the j1900 will work for you depends on your needs. If you must max out your line speed over VPN, then no it won't. J1900 will max out ~100Mbps VPN throughput. If you're OK with that then it will continue to work well for you.

    That being said, encrypting your traffic won't improve your performance beyond your modems capabilities even if you have the hardware to max out your line.
    It could improve your performance if your ISP is actively throttling your connection because of the type of traffic on your line. For example if you are downloading a ton of torrents and your ISP is throttling you because of that then encrypting your traffic will keep your ISP from knowing what it is you are downloading.
    But if your ISP is throttling you based on bandwidth usage it won't help at all.



  • Thanks for your input pfBasic. The matter of the hardware is now clear.

    Here in UK I believe I am right in saying that 3rd party modems are not allowed by any ISP's.

    The reason I think the problem lies with their POS router is that whilst the old service runs fine on the old router it is limited when using the new router (same ip). If you have ever saturated a retail router in the past then the behaviour with this new offering is the same even in modem mode. It is as if it has run out of memory.

    I can run 100-300 connections then speedtest where I see the headline rates of the new modem/service. Above that number of connections and it eventually becomes impossible to run speedtest and at this point throughput is probably in the order of 40Mb/sec.

    My logic in wanting to try VPN is that the modem would only see one connection and therefore have no issue.

    Concurrent connections can approach 5K. State tables can approach 150K when I push this hard on the old service.

    Clearly my usage is on occasion vastly different to normal so my ISP is not going to fix this modem, in fact it is in their interest not to do so.

    I would like to try to work around this as much for the satisfaction of doing it to my ISP as any other reason as they have been worse than useless at answering my questions on the subject. Technical support is in this case a misnomer. I thought I was severely lacking in matters networking but…..


  • Banned

    Well you can certainly try the VPN solution and see if it helps. There's probably a VPN provider out there with a free trial. I wouldn't consider upgrading your hardware unless you confirm a VPN to help you out and even then only if you aren't satisfied with the performance you're getting out of your current setup.


Log in to reply