How many user environment could I support with this hardware?



  • So we have alot of spare d525 atom supermicros in our office and I'd like to know how many users they could support?

    Running DHCP, a few snort rules, SNMP and NTP server. Just assuming average office users, how many people could I toss behind this hardware?

    http://www.supermicro.com/products/system/1U/5015/SYS-5015A-EHF-D525.cfm

    d525 atom, 4GB RAM, pfsense 2.0 x64



  • I have used a few of these with 50+ devices (IP Phones, desktops/laptops, and a wireless network) behind a 50/50 pipe and it does rather well.  Also ~60 tunnels with little to no downtime. Great little systems


  • Netgate Administrator

    Number of users is not the right question.
    The limiting factor here will be connection bandwidth. Number of connections can also be an issue in some environments (if everyone is running torrent or gaming).
    Those boxes are usually good for ~500Mbps of NAT/firewall but Snort will reduce that.

    Steve



  • @wabashky:

    I have used a few of these with 50+ devices (IP Phones, desktops/laptops, and a wireless network) behind a 50/50 pipe and it does rather well.  Also ~60 tunnels with little to no downtime. Great little systems

    @stephenw10:

    Number of users is not the right question.
    The limiting factor here will be connection bandwidth. Number of connections can also be an issue in some environments (if everyone is running torrent or gaming).
    Those boxes are usually good for ~500Mbps of NAT/firewall but Snort will reduce that.

    Steve

    hey guys. i really appreciate the input, especially from those who have been using this same setup in a real world environment.

    what method would you guys recommend that i use to test throughput on my exact setup? any more help would be greatly appreciated.

    i just switched from ipcop to pfsense and so far i am loving it !



  • so i did some throughput testing and these are my #s for anybody interesed. just a simple iperf test for throughput and matrix 21 for max concurrent connections.

    64bit 2GB RAM -

    matrix21 - MAX 45,604 concurrent connections

    iperf  - WAN to LAN  - MAX 625Mbits/sec throughput ~610 average 598 Low

    - LAN to LAN - MAX 815Mbits/sec  ~790 average 785 Low

    4GB RAM - identical #s as above

    32bit 2GB RAM -

    matrix21 - MAX 45,604 concurrent connections

    iperf - WAN to LAN - MAX 565Mbits/sec ~560 average 554 Low

    - LAN to LAN- MAX 739MBits/sec ~736 average 728 Low

    4GB RAM - identical #s as above



  • Matrix21 isn't a good indication of the max connections you can push through the pfSense box.  Each IP is only good for 45k - 60k ports and each connection needs one unique port.

    If you really want to test connections limit, multi-home both the wan side host and the lan side device.  Say, have 10 - 20 IP addresses tagged to the network card each.

    Then run as many instances of matrix21, each tagged to one IP on both the server and device.

    i.e.
    Server is currently 10.0.0.1, client is 192.168.1.1

    Multi-home the server so that it has the IPs 10.0.0.1 - 10.0.0.10 on the NIC.  Run 10 instances of Matrix21, each listening on one of those IP addresses.

    Do the same for the client device.

    Use batch file to do this and run all the instances together.  The sum of all the instances will give you a high connection limit.  You're not likely to actually be able to hit the pfSense limit with only 10 instances but it should cripple most other commercially available routers.


Locked