DEC750 can't handle 10GB?

[shapewaq]

Just bought a DEC750 https://shop.opnsense.com/product/dec750-opnsense-desktop-security-appliance/?attribute_powercord=EU from OPNsenseShop because IT said 10GB Firewalling, I Tried iPerf3 to my firewall and just got 1,2GB trouput despite my server being directly connected to the firewall via fibre optics multimode om4.

Maybe I got some config wrong or is this firewall only handling 10gb without dpi and if so how can I configure it that I have just my ruleset applied to my internal networks and dpi just for outgoing traffic through wan interface?

Thank you in advance!

[Raketenmeyer]

Can you share more details about your configuration and test procedure? With dpi you mean IDS/IPS? The threat protection throughput is listed at about 1 Gbit/s for the DEC740/750.

[shapewaq]

Can you share more details about your configuration and test procedure? With dpi you mean IDS/IPS? The threat protection throughput is listed at about 1 Gbit/s for the DEC740/750.

Hi, yes I mean IDS/IPS.
But I just configured IDS/IPS only on WAN interface and want to use opnsense as a router with network rules on all LAN interfaces.

So this way I would have 10GB routing speed on LAN interfaces an one on WAN right?

[Raketenmeyer]

Hard to tell how much throughput can be archived over one of the 10 Gbit ports when the WAN side (1 Gbit port? (igbx)) is running with IDS/IPS enabled. I think it depends on the throughput on the WAN interface, the used rules and the type of traffic overall. But for sure it will be far away from 10 Gbit/s on a DEC750.

If you want 1 Gbit/s throughput on the WAN interface with IDS/IPS enabled and full 10Gbit/s throughput on the LAN side at the same time, you should take a look at more powerful appliances. Likely a DEC840 or DEC850 could handle that, I don't know. Maybe an owner of a DEC840/850 can run a benchmark or maybe the Deciso team has more information about that.

[shapewaq]

when I do a iperf3 on the dec750 the cpu is around 20% with 1,8gb of 8gb ram used.
So I don't understand why I don't get more than 1,2GB throughput.

I have 10gb LAN interface with all the trunks and a WAN interface with 1gb.

[Patrick M. Hausen]

So I don't understand why I don't get more than 1,2GB throughput.

If you are really getting 1.2 GigaBYTE/s I don't see how you could expect more with a 10 GigaBIT/s interface.

[shapewaq]

Could you please be more specific?

[franco]

It's very explicit. 8 * 1,2 Gbyte/s = 9,6 Gbit/s

Now your job is to clear up which unit you meant.


Cheers,
Franco

[shapewaq]

It's very explicit. 8 * 1,2 Gbyte/s = 9,6 Gbit/s

Now your job is to clear up which unit you meant.


Cheers,
Franco

I get 1,2 GByte/s but I don't understand why I shouldn't expect more from a 10Gbit Interface whit no DPI/IPS on that interface.

I am aware of the difference of Gbyte (1000) & Gibyte (1024).

[chemlud]

Are you also aware of the difference between bit and byte? ;-)

[franco]

Ok, for clarity's sake: 1,2 GByte/s is 10G line rate minus the obvious network protocol overhead.


Cheers,
Franco

[shapewaq]

I guess we can resolve this case.

The answer is simple.

"I was an idiots for messing up binary calculations and having 1.29 Gigabits throughput means 10.35 Gigabytes on the LAN interface"

For clarification I have now 1.29 Gigabits of routed traffic on the LAN interfaces without only rulesets applied.