Client limitation

  • Hi People,

    I user pfSense as router for WiFi access point. So I got already 400 users per day connected and surfing internet.
    My question is there any client concurrent access limit?

    Cause I can't explain my boss that "one day it is gonna collapse" :)


  • The only upper limit I can think of is the amount of RAM for use by the state table.  When you have a lot of concurrent users active, check the Dashboard for State Table Size.  Mine never goes above 1%.

  • Hi,

    But what about CPU?
    Please see attachment for my current system status.

  • The CPU usage will depend on how much bandwidth you are using and which packages are installed.  If you have Snort, Squid, SquidGuard etc etc and are pushing 100Mbps then you could see high CPU use on a single core.  pfSense 2.1.x under FreeBSD 8.x was single-threaded if I remember.  The new pfSense 2.2 under FreeBSD 10.1 is multi-threaded so that should help with multiple packages.  What is your link speed and do you have any extra packages installed?

  • Hi,

    We use 1Gbit and FreeRadius/Captive Portal.
    None of what you listed packages.

  • Do you ever get close to saturating the 1Gbps link?  When you took your screenshot with a 29% CPU use, how many users did you have online and how much bandwidth were they using combined?  If you had close to max users and max throughput and still only using 29% CPU then you're fine.  If you were running with few users doing not too much then 29% is high and you might want to get a faster CPU.

  • hi,

    captive portal shows 49 users, also in attachment you can find dhcp leases status,
    memory and cpu maximum 30%.

    yesterday we have total 449 users and pfsense is alive still :)


  • LAYER 8 Netgate

    It depends.  sometimes a bunch of stuff on the dashboard can increase CPU.  What do the RRD graphs show for CPU when pfSense is just doing its thing during times of peak load?

    You should have info to see how you're doing if you look at the graphs for CPU, traffic, and CP users for a busy period.  And maybe states, mbufs, etc.

  • Please see attachment.
    Thanks for support.

  • LAYER 8 Netgate

    Hmm.  What changed Tuesday afternoon?

    You could probably get some beefier hardware but unless you anticipate like 6 times the traffic I don't think it's anything you need to worry about.

  • Well hard to say what happened on Tuesday. Maybe more users etc.
    This is virtual server, it has 4 cores. So I think I will add more cores later on. If I will need.

    I was afraid that pfSense won't handle, when we got 200 users. Seems I was wrong. It works fine and only I see this monitoring.
    So my boss happy :)

    thanks for support.
    I hope I will be able handle this on my own later on.

  • LAYER 8 Netgate

    I routinely have 3000+ captive portal sessions logged in.  It's hard to tell how many users are actually active at any given time, but pfSense can absorb a lot of states.  The only problem I have had is when I get a bunch of international (non-US) people in-house my CPU seems to spike (like to 20-30%).  It's all PHP.  I haven't figured it out yet.  Hoping the move to 2.2 and php-fpm will help.

    I'd run top and see if there's not something sitting there spinning on the CPU.

  • Well I will stop some services then.
    Now I remembered that I do not  need them.

  • Are you running 2.1.5 or 2.2?  I'm not sure that adding more cores to a 2.1.5 install will help you at all.

  • LAYER 8 Netgate

    Depends on what's using the CPU…  top is your friend.

  • Hi,

    I run 2.15, but will upgrade to 2.2 soon

  • Dear friend,

    If you had not any package, I think your higher cpu usage  is not an issue unless you see some spikes in cpu usage.
    Some of these problem caused by poor NIC and it's driver.
    But I think your cpu usage caused by lot of interrupt occurred by lots of small packet on your NIC. It's recommended that if you encounter with these conditions use polling vs interrupt. It does not decrease your cpu usage but it helps system behave linear with load incremental and either you can achieve higher throughput.

  • Hi guys,

    Today morning I realized that ntop service was loading my CPU. You can see graph, how CPU load decreased :)
    So I stopped it. And I use bandwithd for reporting.

Log in to reply