Feedback - 2.2 failover performance on Alix 2D13
built on Mon Apr 14 15:07:07 CDT 2014
LAN is ordinary ethernet subnet
OPT2WIFI is an Atheros b/g WiFi card in the Alix 2D13
WAN is cable to an ADSL router, that then connects out to internet. Monitor IP 126.96.36.199
OPT1 is cable to ISP wireless device on my roof, that then connects to internet through the ISP tower. Monitor IP 188.8.131.52
Gateway group VPNclients, WAN tier1, OPT1 tier 2
VPN site-to-site client connecting to main office using VPNclients GWG (i.e. preferring WAN)
Gateway group InetGeneral, OPT1 tier1, WAN tier2
Firewall rules on LAN and OPT2WIFI to policy-route general traffic to InetGeneral GWG (i.e. preferring OPT1)
Test 1: Disconnect telephone line cable from ADSL router. After a few seconds, apinger reports that WAN is down. OpenVPN client conf is rewritten to use OPT1, OpenVPN client reestablishes connection to Main Office through OPT1. General internet traffic continues on OPT1. Pass.
Test 2: Connect telephone line cable to ADSL router and wait for it to establish a connection. apinger reports that WAN is up. OpenVPN client conf is rewritten to use WAN, OpenVPN client reestablishes connection to Main Office through WAN. General internet traffic continues on OPT1. Pass.
Test 3: Unplug ethernet cable from OPT1 to rooftop device. apinger reports OPT1 down (and there is also a hardware down of the physical OPT1 interface). General internet traffic fails over to use WAN. OpenVPN client is unaffected - continues uninterrupted out WAN. Pass.
Test 4: Connect ethernet cable from OPT1 to rooftop device. apinger reports OPT1 is up (and hardware interface comes up, and gets DHCP). General internet traffic fails back to use OPT1. OpenVPN client is unaffected - continues uninterrupted out WAN. Pass.
Normal memory on the dashboard sits at around 45% with this config. During the failover/back events the maximum memory use displayed on the dashboard was 52% - wonderful!!!! On 2.1.n the memory use goes way up to 80, 90 100% and process(es) got killed. This is soooo much better.
Failover processing seems to take between 20 to 40 seconds (depending what stuff has to be moved, I guess). This is just from rough observance of the CPU on the dashboard, which refreshes each 10 seconds. It goes to 80, 90, 100% CPU for 2 to 4 samples. That is fine.
For the stuff I use on Alix 2D13 this now seems great. Congratulations to those getting 2.2 ready - after a few weeks of seeing how it runs at home, I am going to struggle to resist upgrading office systems because of:
a) FreeBSD 8.3 is going to go end-of-life some time after 30-Apr-2014 - http://www.freebsd.org/security/ - but actually I suspect that if there is another major security issue found that FreeBSD would provide 8.3 security patches for longer than that.
b) Reduced memory usage when failing over, doing lots of PHP stuff. That will really help some of my offices that have multiple OpenVPN road warrior and client/server site-to-site links on Alix 2D13 256MB.
c) Outbound NAT Hybrid mode - can add a few extra outbound NAT rules, while keeping the automatic ones happening underneath. Previously if I had to use manual outbound NAT to add a couple of extra outbound NAT rules, then later renumbered a local LAN, I would always forget to edit the outbound NAT rules also, then scratch my head for a while wondering why internet did not work. Now hybrid NAT will let me have my cake and eat it - the automatic rules will be automatically regenerated by pfSense, and I can have some extra rules also.
Now to get out my VLAN switch and set up a couple of VLANs and see if that all works…
(how much can a poor little Alix be loaded down with?)
Well thank you for the report.
All this is the move to php-fpm and the fastcgi in console and events.
You now, i hope, understand why i did not merge your proposals/pulls for handling events with some monitoring.
This can get even better with time so….
Yes, this is much better than trying to patch up the old system/version - thanks.
Just so i do not forget.
At 256MB RAM APC is disabled.
That was from my testing the best choice.
Though it can speedup things if needed at cost of memory.