PFsense performence (vmware/4-8k mobile users with captive portal.)

  • I posted the following in the captive portal area of the forum the other day, but i think i might have managed to maybe do it in the wrong part of the forum. Is the hardware area a better choice?

    *I'm having a hard time finding benchmarks and such, i'm not a google wiz, so i hope some one here might be able to tell me if i'm completely off base with the hardware specs.
    Would a esxi setup similar to this, be able to lift 4000-8000 concurrent users on a mobile device.
    Guest PFsense
    8 cores xeon
    16gb ram
    2x1g nic's
    DHCP on lan side which would distribute a scope with around 8k address, captive portal with a simple checkmark and no authentication. It's all mobile phones, the clients "trickle" in over about 1 hour, so its not all 4/8k who joins at the same time, luckily.
    Per user usage is pretty low to be honest, about 100-150mb over 3 hour event on average with the current setup.
    Are we totally off base with what we can expect from a pf vm with those hardware specs?

    Extra info

    The wan connection is two loadbalanced(by a asa) 1G lines,  but the utilization is 90% of the time very load.

  • Netgate Administrator

    What sort of Xeon is that? Could be a very wide performance range.

    It's hard top put real values on this but I have seen thousands of CP users on hardware not particularly large. I would expect what you have there to be OK, at least at the bottom end of that scale.

    You'll probably have to try it to know for sure though.


  • @stephenw10

    The ESXI is dedicated to the setup
    ProLiant DL380 G7
    12 CPUs x Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
    143.99 GB ram
    1.64 TB disk

    I was hoping in the long run, that i would be able to lift up to about twice the amount of users 16k, exactly same usage profile (mobile only/ usually max 200mb per event max, over 2-3 hours)
    The thought was to build two or 3 small pfsens boxes and distribute the load over 3 seperate vlans and then distributing clients across the diffeerent vlans in the WLC, so the only work the box would need to do would be giving dhcp addresses, onbording and gw.