Text only | Text with Images

OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: decalpha on July 12, 2022, 03:36:58 PM

Title: Network performance issue with IPS
Post by: decalpha on July 12, 2022, 03:36:58 PM
CPU: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz (2 cores, 4 threads)
Networking: Intel Gigabit LAN

Memory: 8GB
Versions: OPNsense 22.1.10-amd64
Intrusion Detection:   Enabled
   Promiscuous mode: Not Selected
   Detect Profile:         High

I am using iperf for network performance measurement, and iperf3 on the OPNsense host  shows <300 Mbits/sec. Strange thing is that after a restart it's around 950 Mbits/sec, before dropping back to 250-300 range. To rule out network issue I tried iperf3 across multiple other systems and it's in around 950 Mbits/sec.

Is this expected with this hardware setup?
Title: Re: Network performance issue with IPS
Post by: abulafia on July 12, 2022, 03:44:50 PM
IDS needs a lot of performance, IPS even more so.

However, my 5250u can push a gigabit with IDS enabled. So you may need to tune your rules (less, and moving IP Blocklists to the firewall alias+rules) and configuration.
Title: Re: Network performance issue with IPS
Post by: decalpha on July 12, 2022, 03:51:50 PM
Would you be able to direct me to correct resource(s)?
Title: Re: Network performance issue with IPS
Post by: mimugmail on July 12, 2022, 05:22:53 PM
I5 8000U should handle 1000 also in IPS mode. Which rules do you use? Hyperscan active?
Title: Re: Network performance issue with IPS
Post by: decalpha on July 13, 2022, 01:39:08 PM
Quote from: mimugmail on July 12, 2022, 05:22:53 PM
I5 8000U should handle 1000 also in IPS mode. Which rules do you use? Hyperscan active?

Pattern matcher: is indeed set to Hyperscan.
How do I get the list/count of rules from command line?

Regarding I5 8000U, afraid I have to upgrade the whole system (using Qotom mini pc).
Would N6005 be any better?
Text only | Text with Images