Hardware sizing in a school environment
-
I'm running a pfsense box in a school with aprox. 800 students (500+ wireless users)
pfsense is acting as captive portal, traffic shaping and snort ids/ips to block p2p.
Captive portal has always (with 1.2.3) been overloaded in the morning time when people are loggin on.
But this august school start has been a terrible nightmare, even with captive portal disabled, the connection through pfsense is extreamly slow, nearly unusable.At the moment the box (upgraded to 2.0 last week) is running on a hp desktop pc, P4, 2 gig mem, onboard (10/100 wan) and pci-express intel 10/100/1000 for lan.
Could anybody guide me to which hardware is the most recommended for this kind of use.
Wan is a 50/50 fiber connection.
Thanks
-
What else are you running on the box - squid? snort? ? ?
Is the CPU very busy? If so, what processes are the big CPU consumers?
Does this box need to interact with another system - for example, is wireless authentication using a very busy RADIUS server?
Your box is probably ample for what you have told us about your load, assuming it is functioning correctly. Perhaps one of the fans is no longer spinning and the CPU has slowed down to prevent it overheating.
-
If all your users try to access the internet at the same time they will only get 64 kbit/s each because the large number of users versus the relatively low bandwidth of the fiberwan
-
I've been using pfsense in this setup for about 3 years, and never had any major issues like now…(very slow internet)
RDP graphs says nothing is overloaded. Wan is peeking at max 20 M/bit out of 50, so still lots of bandwidth left.I thought it maybe could be broadcast storms causing the issue. Snort is blokking p2p clients on the lan side. But then again, blokked clients still got an ip, and maybe they are still trying to find a "way out" even if blokked?
500+ clients in the same broadcast domain, is that a good setup?
-
Based on the information you provide, it's very probable that there are issues with your Wifi network.
The degraded performance you observe may be due to more students using smartphones (nearly all of which operate in the already congested 2.4GHz range), compared with 3 years ago. You can google for "high-density Wifi deployments" to learn more about the issues.
-
You may need to deploy more access points with lower tx strength - remember just because you crank the signal does not mean its going to be "better" or "stronger" - it can be opposite as now the wireless host device will have to negotiate between more potential client devices within that larger range.
Smaller tx signal with more devices may help.
What are the tech specs of the wireless AP you are using?
-
possible the swap space been occupied?
-
500+ clients in the same broadcast domain, is that a good setup?
I'm sure you could get away with that in a wired network, but if your wifi network is flat bridged then you're wasting a lot of bandwidth. You may want to look at routing your wireless or at least dividing APs into separate vlans.
-
Enabling wireless client isolation on APs should help with a flat bridged wlan.
But this august school start has been a terrible nightmare, even with captive portal disabled, the connection through pfsense is extreamly slow, nearly unusable.
The OP didn't clarify if performance is equally bad for users connected via wired?