Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Client limitation

    Firewalling
    4
    18
    2233
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rovshango last edited by

      Hi People,

      I user pfSense as router for WiFi access point. So I got already 400 users per day connected and surfing internet.
      My question is there any client concurrent access limit?

      Cause I can't explain my boss that "one day it is gonna collapse" :)

      Thanks.

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        The only upper limit I can think of is the amount of RAM for use by the state table.  When you have a lot of concurrent users active, check the Dashboard for State Table Size.  Mine never goes above 1%.

        1 Reply Last reply Reply Quote 0
        • R
          rovshango last edited by

          Hi,

          But what about CPU?
          Please see attachment for my current system status.


          1 Reply Last reply Reply Quote 0
          • KOM
            KOM last edited by

            The CPU usage will depend on how much bandwidth you are using and which packages are installed.  If you have Snort, Squid, SquidGuard etc etc and are pushing 100Mbps then you could see high CPU use on a single core.  pfSense 2.1.x under FreeBSD 8.x was single-threaded if I remember.  The new pfSense 2.2 under FreeBSD 10.1 is multi-threaded so that should help with multiple packages.  What is your link speed and do you have any extra packages installed?

            1 Reply Last reply Reply Quote 0
            • R
              rovshango last edited by

              Hi,

              We use 1Gbit and FreeRadius/Captive Portal.
              None of what you listed packages.

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM last edited by

                Do you ever get close to saturating the 1Gbps link?  When you took your screenshot with a 29% CPU use, how many users did you have online and how much bandwidth were they using combined?  If you had close to max users and max throughput and still only using 29% CPU then you're fine.  If you were running with few users doing not too much then 29% is high and you might want to get a faster CPU.

                1 Reply Last reply Reply Quote 0
                • R
                  rovshango last edited by

                  hi,

                  captive portal shows 49 users, also in attachment you can find dhcp leases status,
                  memory and cpu maximum 30%.

                  yesterday we have total 449 users and pfsense is alive still :)

                  dhcp_leases_status.txt

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    It depends.  sometimes a bunch of stuff on the dashboard can increase CPU.  What do the RRD graphs show for CPU when pfSense is just doing its thing during times of peak load?

                    You should have info to see how you're doing if you look at the graphs for CPU, traffic, and CP users for a busy period.  And maybe states, mbufs, etc.

                    1 Reply Last reply Reply Quote 0
                    • R
                      rovshango last edited by

                      Please see attachment.
                      Thanks for support.






                      1 Reply Last reply Reply Quote 0
                      • Derelict
                        Derelict LAYER 8 Netgate last edited by

                        Hmm.  What changed Tuesday afternoon?

                        You could probably get some beefier hardware but unless you anticipate like 6 times the traffic I don't think it's anything you need to worry about.

                        1 Reply Last reply Reply Quote 0
                        • R
                          rovshango last edited by

                          Well hard to say what happened on Tuesday. Maybe more users etc.
                          This is virtual server, it has 4 cores. So I think I will add more cores later on. If I will need.

                          I was afraid that pfSense won't handle, when we got 200 users. Seems I was wrong. It works fine and only I see this monitoring.
                          So my boss happy :)

                          thanks for support.
                          I hope I will be able handle this on my own later on.

                          1 Reply Last reply Reply Quote 0
                          • Derelict
                            Derelict LAYER 8 Netgate last edited by

                            I routinely have 3000+ captive portal sessions logged in.  It's hard to tell how many users are actually active at any given time, but pfSense can absorb a lot of states.  The only problem I have had is when I get a bunch of international (non-US) people in-house my CPU seems to spike (like to 20-30%).  It's all PHP.  I haven't figured it out yet.  Hoping the move to 2.2 and php-fpm will help.

                            I'd run top and see if there's not something sitting there spinning on the CPU.

                            1 Reply Last reply Reply Quote 0
                            • R
                              rovshango last edited by

                              Well I will stop some services then.
                              Now I remembered that I do not  need them.

                              1 Reply Last reply Reply Quote 0
                              • KOM
                                KOM last edited by

                                Are you running 2.1.5 or 2.2?  I'm not sure that adding more cores to a 2.1.5 install will help you at all.

                                1 Reply Last reply Reply Quote 0
                                • Derelict
                                  Derelict LAYER 8 Netgate last edited by

                                  Depends on what's using the CPU…  top is your friend.

                                  1 Reply Last reply Reply Quote 0
                                  • R
                                    rovshango last edited by

                                    Hi,

                                    I run 2.15, but will upgrade to 2.2 soon

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      m.zebardast last edited by

                                      Dear friend,

                                      If you had not any package, I think your higher cpu usage  is not an issue unless you see some spikes in cpu usage.
                                      Some of these problem caused by poor NIC and it's driver.
                                      But I think your cpu usage caused by lot of interrupt occurred by lots of small packet on your NIC. It's recommended that if you encounter with these conditions use polling vs interrupt. It does not decrease your cpu usage but it helps system behave linear with load incremental and either you can achieve higher throughput.

                                      1 Reply Last reply Reply Quote 0
                                      • R
                                        rovshango last edited by

                                        Hi guys,

                                        Today morning I realized that ntop service was loading my CPU. You can see graph, how CPU load decreased :)
                                        So I stopped it. And I use bandwithd for reporting.


                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post

                                        Products

                                        • Platform Overview
                                        • TNSR
                                        • pfSense Plus
                                        • Appliances

                                        Services

                                        • Training
                                        • Professional Services

                                        Support

                                        • Subscription Plans
                                        • Contact Support
                                        • Product Lifecycle
                                        • Documentation

                                        News

                                        • Media Coverage
                                        • Press
                                        • Events

                                        Resources

                                        • Blog
                                        • FAQ
                                        • Find a Partner
                                        • Resource Library
                                        • Security Information

                                        Company

                                        • About Us
                                        • Careers
                                        • Partners
                                        • Contact Us
                                        • Legal
                                        Our Mission

                                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                        Subscribe to our Newsletter

                                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                        © 2021 Rubicon Communications, LLC | Privacy Policy