OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: athurdent on September 25, 2020, 01:55:24 pm
-
So, I have finally gotten around to play with Sensei and so far it's really amazing! Thank you, Sunny Valley for making this available to home users. I'm still experimenting, but I think I'll definitely get the Home subscription, to better protect the kids at least. Adblocking is really good, too!
But, and actually that has kept me from trying Sensei at all for quite some time, the tech specs on the Sensei site seem a little conservative, at least for the typical home user that has gigabit but does not max out the line constantly.
I have OPNsense running on Proxmox with a Supermicro board / i3-7100 CPU 3.9GHz, assigned 2 vCPUs and 3G RAM and I am getting around 620 Mbit/s running a speedtest with an iPhone SE 2020. According to the Sensei HW specs I should probably only be getting around 300 MBit/s with that HW, on bare metal.
So, what would be a good, preferably fanless, solution for home users that want to filter their kid's traffic and still be able to achieve 1G for the occasional download?
Are the Protectli/Qotom boxes any good? Anyone running Sensei on one of those Protectli i3 barebones?
Thanks!
-
Have a look at these: https://www.deciso.com/product-catalog/
Guaranteed compatible :)
Bart...
-
Have a look at these: https://www.deciso.com/product-catalog/
Guaranteed compatible :)
Bart...
Thanks, where do I find Sensei throughput of those devices? As I mentioned, I am looking for someone actually running something like that and being able to confirm gigabit throughput.
Which one of those do you have and what throughput do you achieve?
-
Hi @athurdent,
Thanks for the test results. Yes, as you've said, hardware specs on our documentation is conservative. This is to be on the safer side.
For a 1 Gbps home environment, a system with an ubench score higher than 250.000 should be sufficient to handle this uplink. I have an i7 2Ghz minipc which I can easily sature my 1Gbps AT&T link.
That'd be awesome if anyone with some Deciso devices can share figures / test results.
-
i just got a http://www.qotomnet.qotom.shop/product/85.html.
8 Ports, 32 GB Ram with an i7. May speed is now (IPS/Sensei enabled) 240 of 250 Mbit.
But you will loose bandwith anyway. The scanner takes 50 Mbit at least.
And you may consider to upgrade to 20.7.3 as it has the new netmap kernels.
-
Hi @athurdent,
Thanks for the test results. Yes, as you've said, hardware specs on our documentation is conservative. This is to be on the safer side.
For a 1 Gbps home environment, a system with an ubench score higher than 250.000 should be sufficient to handle this uplink. I have an i7 2Ghz minipc which I can easily sature my 1Gbps AT&T link.
That'd be awesome if anyone with some Deciso devices can share figures / test results.
Hi @mb,
many thanks for these insights!
My VM system scores
Ubench Single CPU: 601693 (0.64s)so I took a look at the various Sensei operational modes. The best was L3 with Netmap emulation. I am using the latest OPNsense 20.7.3 and also replaced the kernel with the Netmap optimized one.
Performance maxed out at around 650-700 Mbit/s using the Speedtest.net app with a server that gives me 940Mbit/s when using my UniFi UDM Pro.
I dug into IOMMU a bit and as the two on-board igb interfaces of my Supermicro board were free (installed a 10G card recently), I mapped those to OPNsense LAN & WAN.
Great success, I can even run Suricata on WAN now, with Sensei running on LAN, I am getting the full 940 Mbit/s.
Seems, at least for my old KVM host, VMNET emulation for FreeBSD is still hogging a lot of resources.
You should maybe consider to modify/explain the Sensei HW requirements in your KB a bit. Good chance there would be more users trying out/using Sensei if they knew that those values are very conservative, and ubench can be used to determine if HW qualifies for 1G pipes.
Thanks again @mb!
It would still be great to know throughput of the various Deciso appliances, as OPNsense plus Sensei make a very good package!
Edit: and thanks @ArminF for your input!
-
@athurdent, thank you for the insights and note about vtnet. I'm sure this will help quite a lot of users.