Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - itnorm

Pages: [1]

Hardware and Performance / Re: Simulating a variable number of users connected

« on: December 20, 2022, 10:00:36 pm »

Thanks for your reply.
I was merely giving some assumptions upon which to base a rough estimate of users, i.e. flat network and what each typical user was doing at any one time. This should simplify how to make sense of the fw/hw numbers, e.g. 3 million concurrent connections.

Why then do fw/hw companies spec out multiple concurrent connections if it doesn't represent anything realistic as far as what a firewall can handle for users?

I never intend to provide a fw for that many users, just wanting to have a way to look at the published numbers and be relatively certain it will work in the network of interest.

Hardware and Performance / Re: Simulating a variable number of users connected

« on: December 20, 2022, 05:54:30 pm »

(duplicate)

Hardware and Performance / Re: Simulating a variable number of users connected

« on: December 20, 2022, 05:54:11 pm »

Thanks for your reply. I'm assuming your for Deciso. I've been looking at their appliances. Specifically, the DEC675. That says it can do 3 million concurrent connections. How many users would that translate into? And how many apps would that mean? I know there is no perfect number or average user, but roughly?

It seems unlikely it can handle a million users or even 100,000 at 30 connections per user.

I'm interested in what it could do with a flat network and say each user has 1 video running and 10 open tabs for 1 browser.

Hardware and Performance / Re: Simulating a variable number of users connected

« on: December 19, 2022, 04:30:52 pm »

Does running iperf3 with the -P option qualify as 'multiple concurrent connections'? And if so, how is that translated or used with OPNsense?

Hardware and Performance / Re: Simulating a variable number of users connected

« on: December 16, 2022, 05:08:15 pm »

Are you saying "multiple concurrent connections" for OPNsense or for iperf?

If it's iperf, here it is for a -P of 4 and 8 and just showing the last section:
C:\Users\Owner\Desktop\iperf-3.1.3-win64\iperf-3.1.3-win64>iperf3 -c nyfiosspeed4.west.verizon.net -P 4
Connecting to host nyfiosspeed4.west.verizon.net, port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 100 MBytes 84.3 Mbits/sec sender
[ 4] 0.00-10.00 sec 100 MBytes 84.3 Mbits/sec receiver
[ 6] 0.00-10.00 sec 101 MBytes 84.4 Mbits/sec sender
[ 6] 0.00-10.00 sec 101 MBytes 84.4 Mbits/sec receiver
[ 8] 0.00-10.00 sec 100 MBytes 84.3 Mbits/sec sender
[ 8] 0.00-10.00 sec 100 MBytes 84.3 Mbits/sec receiver
[ 10] 0.00-10.00 sec 100 MBytes 84.2 Mbits/sec sender
[ 10] 0.00-10.00 sec 100 MBytes 84.2 Mbits/sec receiver
[SUM] 0.00-10.00 sec 402 MBytes 337 Mbits/sec sender
[SUM] 0.00-10.00 sec 402 MBytes 337 Mbits/sec receiver

C:\Users\Owner\Desktop\iperf-3.1.3-win64\iperf-3.1.3-win64>iperf3 -c nyfiosspeed4.west.verizon.net -P 8
Connecting to host nyfiosspeed4.west.verizon.net, port 5201
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 52.1 MBytes 43.7 Mbits/sec sender
[ 4] 0.00-10.00 sec 52.1 MBytes 43.7 Mbits/sec receiver
[ 6] 0.00-10.00 sec 56.1 MBytes 47.1 Mbits/sec sender
[ 6] 0.00-10.00 sec 56.1 MBytes 47.1 Mbits/sec receiver
[ 8] 0.00-10.00 sec 47.1 MBytes 39.5 Mbits/sec sender
[ 8] 0.00-10.00 sec 47.1 MBytes 39.5 Mbits/sec receiver
[ 10] 0.00-10.00 sec 56.0 MBytes 47.0 Mbits/sec sender
[ 10] 0.00-10.00 sec 56.0 MBytes 47.0 Mbits/sec receiver
[ 12] 0.00-10.00 sec 24.2 MBytes 20.3 Mbits/sec sender
[ 12] 0.00-10.00 sec 24.2 MBytes 20.3 Mbits/sec receiver
[ 14] 0.00-10.00 sec 56.0 MBytes 47.0 Mbits/sec sender
[ 14] 0.00-10.00 sec 56.0 MBytes 47.0 Mbits/sec receiver
[ 16] 0.00-10.00 sec 56.0 MBytes 47.0 Mbits/sec sender
[ 16] 0.00-10.00 sec 56.0 MBytes 47.0 Mbits/sec receiver
[ 18] 0.00-10.00 sec 56.0 MBytes 47.0 Mbits/sec sender
[ 18] 0.00-10.00 sec 56.0 MBytes 47.0 Mbits/sec receiver
[SUM] 0.00-10.00 sec 404 MBytes 339 Mbits/sec sender
[SUM] 0.00-10.00 sec 404 MBytes 339 Mbits/sec receiver

Hardware and Performance / Re: Simulating a variable number of users connected

« on: December 15, 2022, 05:20:29 pm »

If my internet is 300/300 Mbps, shouldn't the iperf results be around 300Mbps? And the fact that the results are the same with and without the fw is why you are saying the uplink is the limiting factor?

Hardware and Performance / Re: Simulating a variable number of users connected

« on: December 14, 2022, 11:17:05 pm »

I've measured the speed thru several browser apps and it is not any less than if the fw's services were all off. Both d/l and u/l speeds are > 300Mbps either with or without OPNsense. iperf3 speed is the same between a machine without the fw and a machine with the fw.

pmhausen: I'm not sure what you meant by:
"If network throughput measured with iperf3 can max out your uplink bandwidth, the number of internal users is really not that important. In most cases you will be limited by your uplink."

here are some numbers in case that helps:

w/ the fw:
C:\Users\Owner\Desktop>iperf3 -c nyfiosspeed4.west.verizon.net
Connecting to host nyfiosspeed4.west.verizon.net, port 5201
[ 4] local 192.168.1.101 port 54150 connected to 206.124.86.196 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 15.5 MBytes 130 Mbits/sec
[ 4] 1.00-2.01 sec 17.2 MBytes 145 Mbits/sec
[ 4] 2.01-3.00 sec 17.4 MBytes 146 Mbits/sec
[ 4] 3.00-4.00 sec 17.5 MBytes 147 Mbits/sec
[ 4] 4.00-5.00 sec 17.2 MBytes 145 Mbits/sec
[ 4] 5.00-6.00 sec 17.4 MBytes 146 Mbits/sec
[ 4] 6.00-7.00 sec 17.0 MBytes 143 Mbits/sec
[ 4] 7.00-8.01 sec 17.5 MBytes 146 Mbits/sec
[ 4] 8.01-9.01 sec 17.2 MBytes 145 Mbits/sec
[ 4] 9.01-10.00 sec 17.2 MBytes 145 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 171 MBytes 144 Mbits/sec sender
[ 4] 0.00-10.00 sec 171 MBytes 144 Mbits/sec receiver

w/o the fw:
Connecting to host nyfiosspeed4.west.verizon.net, port 5201
[ 4] local 10.3.3.153 port 37583 connected to 206.124.86.196 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 15.4 MBytes 129 Mbits/sec
[ 4] 1.00-2.00 sec 17.2 MBytes 144 Mbits/sec
[ 4] 2.00-3.01 sec 17.2 MBytes 144 Mbits/sec
[ 4] 3.01-4.00 sec 15.9 MBytes 134 Mbits/sec
[ 4] 4.00-5.00 sec 17.1 MBytes 144 Mbits/sec
[ 4] 5.00-6.00 sec 17.2 MBytes 145 Mbits/sec
[ 4] 6.00-7.00 sec 17.0 MBytes 143 Mbits/sec
[ 4] 7.00-8.00 sec 17.2 MBytes 145 Mbits/sec
[ 4] 8.00-9.00 sec 17.4 MBytes 146 Mbits/sec
[ 4] 9.00-10.01 sec 17.2 MBytes 144 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.01 sec 169 MBytes 142 Mbits/sec sender
[ 4] 0.00-10.01 sec 169 MBytes 142 Mbits/sec receiver

(had trouble finding public iperf servers that would do a test)

Hardware and Performance / Re: Simulating a variable number of users connected

« on: December 12, 2022, 11:16:38 pm »

Thanks for your reply.
Presently the hw+OPNSense is only connected to 1 device. I have no way of knowing if it can handle 5 users or 10 or 25 or more or only 1. I do see that the d/l and u/l speeds are the same in comparison to when there wasn't a fw to go thru and I do have all the services enabled that I believe to be sufficient. It certainly doesn't seem right to just install the fw at a client and hope it performs to their satisfaction. And I can't keep tweaking the services until all are happy (majority of clients are not ok with some period of adjustment). I'd like to know beforehand, at least roughly. Do you mean to say that is how it is typically done? Install it and then adjust for acceptable performance? The performance may be terrible right away and no amount of adjustment would prove to be worthwhile. Perhaps JMeter?

Hardware and Performance / Simulating a variable number of users connected

« on: December 09, 2022, 04:50:08 pm »

Is there some of way doing this? I'm thinking that prior to putting my Protectli VP2410 (with m.2 128GB storage and 8GB ram) there might be a way to see if it can handle a certain number of users. Maybe ramp up the numbers of users and with varying traffic simulated to be see what sort of environment it can handle. I know this would be a rough approximation, but right now I don't have any idea.

Zenarmor (Sensei) / Re: Zenarmor wizard was run and now no internet nor browser page

« on: November 17, 2022, 05:19:15 pm »

Thanks for those. I wasn't able to do those changes since a new error line (same content) was continually appearing on the console output. I could not use SSH either (maybe I should have tried the com connection on the Protectli for ssh access?).

I did a factory reset.

The Zenarmor plugin was already installed after the factory reset without me downloading and installing it. I went thru the wizard and the interface LAN(igbo) was already on the right-side as a selected interface for protection. It seems the settings from my previous wizard run were also not erased with a factory reset. After this wizard run Zenarmor appears to be working.

Zenarmor (Sensei) / Zenarmor wizard was run and now no internet nor browser page

« on: November 16, 2022, 08:35:52 pm »

I am coming up to speed with OpnSense and I just have a Protectli box with 1 machine connected to the LAN. After going thru the Zenarmor wizard (chose all defaults with a free edition at the end), now no internet (the machine is still connected to 192.1681.1) on the machine and cannot connect to the browser page of OpnSense. There are no other pkgs or plugins installed. I am getting this continually on the console:
(some numbers) [4022] net_transmit igb0 drop mbuf that needs checksum offload

Ran rm -f /usr/local/sensei/etc/.configdone as root and nothing changed.

Zenarmor looks to be the right package going forward for me.

Pages: [1]