6100 performance question

hescominsoon

is anyone using a 6100 in a 10 gig environment? The tech specs mention 10k acls..i am not going to be using a tenth of that many acl's...i jsut want to make sur ethe system can hit 10g with just the firewall and some rules(probably 50 or so) along with a couple of vpns. I am not expecting the vpn to go 10 gig..jsut want to make sure i can get 10 gig in agregate in this type or configuration.

keyser

@hescominsoon said in 6100 performance question:

is anyone using a 6100 in a 10 gig environment? The tech specs mention 10k acls..i am not going to be using a tenth of that many acl's...i jsut want to make sur ethe system can hit 10g with just the firewall and some rules(probably 50 or so) along with a couple of vpns. I am not expecting the vpn to go 10 gig..jsut want to make sure i can get 10 gig in agregate in this type or configuration.

Detailed testing and review to the rescue :-)

https://ipng.ch/s/articles/2021/11/26/netgate-6100.html

hescominsoon

@keyser so if i read this right..it can if it can use all 4 cores and nothing else is running...?? Like no vpns just the firewall/router based on imix which is the metric i tend to use as a balance for initial choosing...

stephenw10

No, it will not pass IMIX traffic at 10Gbps with the firewall enabled.
You can see Pim's result there is very close to our own on the 6100 page; ~6Gbps routed IMIX traffic. That's with the firewall disabled as he describes.
Pim didn't note any results with the firewall enabled but our result for IMIX traffic in pfSense with pf enabled is 2.73Gbps.

Steve

keyser

@hescominsoon said in 6100 performance question:

@keyser so if i read this right..it can if it can use all 4 cores and nothing else is running...?? Like no vpns just the firewall/router based on imix which is the metric i tend to use as a balance for initial choosing...

No it can’t - because Those tests are with the pffilter firewall disabled.
It will “only” pass around 2,8Gbps in IMIX when firewalling

hescominsoon

@keyser well that's with 10k rules imix..hence i am wondering with less than 100 rules...
so for now i'll assume it can do like 15-20 percent more with less than 100 rules..

keyser

@hescominsoon said in 6100 performance question:

@keyser well that's with 10k rules imix..hence i am wondering with less than 100 rules...
so for now i'll assume it can do like 15-20 percent more with less than 100 rules..

I have no real experience with the cost of increased rules count. But the performance difference between about 30 rules and about a 1000 is negligable on that hardware. So I wouldn’t expect that big a difference.

hescominsoon

@keyser yes but if they test with 10k rules then having 10x less should account for a noticeable performance increase..:)

stephenw10

The difference probably won't be as large as you think. No where near the difference between having pf enabled with minimal rules and pf disabled.

Steve