10Gb NAT Throughput
-
Is 10Gb NAT throughput possible on pfSense / what are the limiting factor in NAT performance?
In a HA carp configuration we have observed roughly 4Gb NAT throughput under KVM with virt-io driver and 5Gb NAT throughput on the same box with a baremetal install.
After exceeding ~3.5Gb sustained throughput we observe an increase in packet loss while the cpu resources, states, and memory consumption are all nominal.
Notes: All upstream and downstream is non-blocking and host nics are connect-x4 100Gb.
Would a "bigger hammer" help or is there an inherent limit in BSD/pf/kernel with respect to NAT throughput that limits throughput to roughly 4-5Gb on a single WAN gateway?
-
This is one of the reasons we have developed TNSR. There are limitations on pf.
For a good read, this thread: https://www.reddit.com/r/PFSENSE/comments/b94dr3/my_netgate_xg1537_performance_numbers/
-
This applies to the pfSense CE?
XG-7100 'Best for':
"Anyone with High-Speed 10 Gigabit and/or 1 Gigabit Connections".
So the pfSense XG-7100 is tweaked to hit 10Gb?-Rico
-
This applies to pf, does not matter if it's in Factory, or CE.
The post on reddit references the XG-1541, comparing pfSense and TNSR on the same hardware.
The OP does not state what hardware he's using.
Permalink for all: https://www.reddit.com/r/PFSENSE/comments/b94dr3/my_netgate_xg1537_performance_numbers/ek5acij/
-
Thank you. That post is exactly what I was looking for.
We will explore TNSR as an option. It looks very interesting.
