Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Rainmaker

#16
Quote from: KantFreeze on August 02, 2018, 04:11:00 PM
My hardware is an APU2C4 :).

As to linux v freebsd performance, obviously they are different kernels and aren't going to do everything the same. But, in this particular case the benchmarks have freebsd having roughly half the throughput of linux.

Yes of course, but think of it another way. The APU2 is 'only' 1GHz per core. If OPNsense is only using a single core for routing, you've got 1GHz processing power to try to max your connection. Linux on the other hand is multi-core aware. So now you're using 4x 1GHz for routing your connection. No wonder the throughput is higher. Actually, as I said earlier FreeBSD is now getting much better with spreading load across cores, though it doesn't apply for every part of the 'networking' process. FreeBSD has probably the best networking stack in the world, or certainly one of them. It can route 10Gbps, 40Gbps, even 100Gbps on suitable hardware. Unfortunately, the APU2 isn't the most suitable hardware (for high throughput on *BSD).

If you need >500Mbps stick to Linux and you won't have an issue. If you want <500Mbps then *sense will be fine on your APU.
#17
Quote from: KantFreeze on August 02, 2018, 05:32:05 AM
I'm thinking of switching from ipfire to OPNsense because I think it has a better overall feature set, but this is my major hangup. If people are able to get similar performance out of OPNsense, I'd love to hear about it.

What's your hardware? The APU2 is a particular case, as it has a low single core speed (1GHz) and is an embedded low power SoC. For normal x86 hardware you'll be fine - I run 380Mbps down on a small form factor Pentium G4560 and it doesn't break a sweat. Gigabit is fine too.
#18
I used to have an APU2C4, and realised from looking around the web that others had the same problem. For example, see this article here. They too seem to blame single-core routing but you have found that at times the cores are more evenly used. I have read that later versions of FreeBSD got better at SMP/multi-core routing but apparently not all the way there yet? Perhaps using several iperf3 sessions you are tying one session to a core, and thus getting better (parallel) throughput that way?

Edit: You may also wish to try these settings/tweaks. I didn't see them before I sold my APU2 and got a G4560 based box instead, but they could help. Report back your findings please.
#19
I spoke too soon. I tried to boot the latest release using the set boot delay parameter (yes, omitting the quote marks) and it still hit the same old error.  :-X

uhub2: 4 ports with 4 removable, self powered
run_interrupt_driven_hooks: still waiting after 60 seconds for xpt_config
(probe0:umass-sim0:0:0:0): INQUIRY. CDB: 12 00 00 00 24 00
(probe0:umass-sim0:0:0:0): CAM status: CCB request completed with an error
(probe0:umass-sim0:0:0:0): Retrying command
(probe0:umass-sim0:0:0:0): INQUIRY. CDB: 12 00 00 00 24 00
(probe0:umass-sim0:0:0:0): CAM status: CCB request completed with an error
(probe0:umass-sim0:0:0:0): Retrying command
(probe0:umass-sim0:0:0:0): INQUIRY. CDB: 12 00 00 00 24 00
(probe0:umass-sim0:0:0:0): CAM status: CCB request completed with an error
(probe0:umass-sim0:0:0:0): Retrying command
(probe0:umass-sim0:0:0:0): INQUIRY. CDB: 12 00 00 00 24 00
(probe0:umass-sim0:0:0:0): CAM status: CCB request completed with an error
(probe0:umass-sim0:0:0:0): Retrying command
(probe0:umass-sim0:0:0:0): INQUIRY. CDB: 12 00 00 00 24 00
(probe0:umass-sim0:0:0:0): CAM status: CCB request completed with an error
(probe0:umass-sim0:0:0:0): Error 5, Retries exhausted
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <KINGSTON SMS200S360G 603ABBF0> ATA8-ACS SATA 3.x device
ada0: Serial Number 50026B7267011FA8
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 57241MB (117231408 512 byte sectors)
SMP: AP CPU #1 Launched!
SMP: AP CPU #3 Launched!
SMP: AP CPU #2 Launched!
Timecounter "TSC" frequency 998148315 Hz quality 1000
Trying to mount root from ufs:/dev/ufs/OPNsense_Install [ro,noatime]...
mountroot: waiting for device /dev/ufs/OPNsense_Install...
Mounting from ufs:/dev/ufs/OPNsense_Install failed with error 19.

Loader variables:
  vfs.root.mountfrom=ufs:/dev/ufs/OPNsense_Install
  vfs.root.mountfrom.options=ro,noatime

Manual root filesystem specification:
  <fstype>:<device> [options]
      Mount <device> using filesystem <fstype>
      and with the specified (optional) option list.

    eg. ufs:/dev/da0s1a
        zfs:tank
        cd9660:/dev/cd0 ro
          (which is equivalent to: mount -t cd9660 -o ro /dev/cd0 /)

  ?               List valid disk boot devices
  .               Yield 1 second (for background tasks)
  <empty line>    Abort manual input

mountroot>


As you say, there are just no copies of earlier versions on the net so I can't even try the 16.7 version you said works. The serial ISO doesn't work on USB, the SD card version craps itself and fails to boot... It looks like OPNSense just doesn't want to work for me. Hey ho, back to pfSense I go if I can't get this sorted.  :(
#20
Quote from: schnauz on January 02, 2017, 10:18:47 PM
Hi @ifzenc @mow4cash
I use an APU2C4. The Swiss designed device is ideal for small environments like home network or even a small SME if you want to use the more than the standard nat filtering feature set of OPNsense. The bandwidth performance with 16.7 is quite good (I made 500/50 Mbits/sec, the intel ethernet helps here) if you are using it as a classic firewall without IPS, with IPS my APU slowed the traffic down to 70-80 MBit/s (tested with the FAST test). But the speed gain is clear, because each packet will be analyzed, inspected and so on. OpenVPN works well with a handful of users (more I do not have, sry). I did not yet used the APU as proxy and antivirus nor WLAN (check this forum for hints), from the devices (CPU/RAM/bus) perspective that all should be possible;-). With the upcoming ONPsense 17.1 the APUs ethernet chipset will be directly supported by the igb driver. I look forward to 17.1.
-oliver

Sorry to bump this thread, but I've just joined the forum and I also have an APU2C4. I'm surprised the performance drops so much when running IPS! I know pfSense is also heavy with (e.g.) Snort, but I didn't think it would be so bad. Running IPS/snort and guardian on IPFire (Linux based firewall/router distro) barely registers a few percent CPU and doesn't affect speeds when running on the same device. So, as good as *BSD is if someone wishes to run IPS on the APU2C4 with a high speed WAN connection I can only recommend IPFire. I got line speed (220/20) no issues when I ran it on mine. I don't bother with IPS these days as I don't really need it, so I'm happy back in BSD land now. :D
#21
I registered here just to say thank you for this post. I too have an APU2C4, with an mSATA SSD on board. I have run IPFire via SD Card but currently have pfSense, which has been running on here for about a year or so. I don't care for politics and OPNSense seems to have a very nice UI, so having been playing with it in VMs on and off for a few months I wanted to give it a whirl. I hit the same issues you did, and found the boot time delay parameter on a BSD mailing list. It too included the double quotes (and so didn't work) but now I've found your post I can try again.

I did also try to use the nano / embedded image supplied by OPNSense, which promises to expand to fill the card on first boot and be capable of running as a fully-fledged install of its own right. It simply requires copying (I used dd) onto the card and booting. It booted perfectly, so I thought I had my answer for the APU. Unfortunately after taking time to configure it via the console and then rebooting it after an update, it bricked itself. Not a great first impression for a 'solid' BSD based distro!

I find it unfortunate that the staff/admin/developers haven't had time to respond to your concerns in all this time. As you say this bug is only present in OPNSense, not pfSense or upstream *BSD. It's especially sad as the APU is such a fantastic little unit for the purpose. A decent enough AES-NI capable CPU with a tiny TDP, onboard Intel NICs, great expansion and a small footprint. Aside from perhaps a higher clock per core, what more could you ask for? It's an underrated platform. Again, thank you for your helpful post.