Hi there,
since Hyperscan 5.4.0 AVX-512 is supported. This Version is currently a part of OPNsense 24.1.5_3-amd64. The latest version is: Hyperscan 5.4.2 released in april 2023 (please update Hyperscan @opnsense devs).
Since AVX is used to speed up suricata. More avx performance should mean more throughput.
It is rumoured that AMDs zen 5 architrecture will double the avx-512 performance. In theory this could result in an extreme performance improvement.
The Deciso DEC4280 (EPYC 3451) is being marketed with ~7.5Gbps Threat Protection Throughput.
Using this information as a baseline and throwing in some benchmark numbers i try to estimate what a zen 5 Suricata IPS performance could look like:
CPU Benchmarkesult (cpubenchmark.net) IPS Throughput (gbps)
EPYC 3451 19532 7,5
Ryzen 7700x 36021 13,8 (estimated)
Ryzen 7950x 62950 24,1 (estimated)
Ryzen 9950x 94425 (estimated) 36,2 (estimated)
It looks like the EPYC 3451 does not Support avx-512. So my estimates could be waaaaay off.
Zen 4 with avx-512 could be a massive improvement above the AMD EPYC Embedded 3000 architecture. Zen 5 could be mindblowing.
Unfortunately i cant benchmark beyond 1Gbps with my ryzen 7700 setup (my access switch ports are just 1G).
I would be very happy if opnsense entered the performance class of ASIC/FPGA firewalls.
Hello,
that's a very interesting estimate.
I'm looking to configure an Intel Core i9 13900T with a benchmark score of 44099.
I think it will be good for at least +10 Gpbs and zenarmor.
I'm basing myself on the Epyc 3451.
After that, I know it doesn't have AVX512.
My connection is 8 Gbps symmetrical.
Am I right?