Does OPNsense with IDS/IPS/Other takes full advantage of multi-core CPUs

Started by logi, September 22, 2024, 04:23:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 22, 2024, 04:23:04 PM
Thinking to migrate to a CPU with 6 cores / 12 threads vs 4 cores / 4 threads I have today, will OPNsense take full advantage of it while using IDS/IPS/Zenarmor/Other Tool functionality? Thanks
September 22, 2024, 07:48:33 PM #1
Unfortunately, ZenArmor is still optimized for single-core performance, and full multi-core support has been a long-standing request. There have been some tentative promises in this regard, but the delivery date continues to be delayed.
In theory there is no difference between theory and practice. In practice there is.
September 22, 2024, 09:46:49 PM #2
but other opnsense functionality could use the multi thread cpu ?
September 23, 2024, 08:42:38 AM #3
Zenarmor multi-core support is expected to arrive in Q2 of 2025, you can follow the updates.
September 23, 2024, 06:50:36 PM #4
Quote from: IHK on September 23, 2024, 08:42:38 AM
Zenarmor multi-core support is expected to arrive in Q2 of 2025, you can follow the updates.


It would be better for the year 2040
September 23, 2024, 07:36:39 PM #5
I have a 4 core 8 thread CPU and I see the different cores kind of shuffle along, normally in pairs as different things are happening. Not really seeing multicore, more like shifting single core processing. In general, more cores = better, but this isn't a definitive answer.

Also more ram = better to a certain extent, it looks like 16GB is a pretty good level right now, Zenarmor can be a little hungry and 8GB was running 75-80% ram used until I went up to 16GB. Sometimes I'll see 56-60% in use, sometimes only 35-40% now, extra RAM is a good thing with the cost being so low. Just my personal recommendation.
September 24, 2024, 11:06:19 AM #6
Quote from: dinguz on September 22, 2024, 07:48:33 PM
Unfortunately, ZenArmor is still optimized for single-core performance, and full multi-core support has been a long-standing request. There have been some tentative promises in this regard, but the delivery date continues to be delayed.

Quote from: IHK on September 23, 2024, 08:42:38 AM
Zenarmor multi-core support is expected to arrive in Q2 of 2025, you can follow the updates.

I even opened a topic for this, it was promised to Q4 2024

https://forum.opnsense.org/index.php?topic=41295.msg202730#msg202730


Quote from: Greg_E on September 23, 2024, 07:36:39 PM
I have a 4 core 8 thread CPU and I see the different cores kind of shuffle along, normally in pairs as different things are happening. Not really seeing multicore, more like shifting single core processing. In general, more cores = better, but this isn't a definitive answer.

Also more ram = better to a certain extent, it looks like 16GB is a pretty good level right now, Zenarmor can be a little hungry and 8GB was running 75-80% ram used until I went up to 16GB. Sometimes I'll see 56-60% in use, sometimes only 35-40% now, extra RAM is a good thing with the cost being so low. Just my personal recommendation.

You can use RSS + in ZA disable pinning to only 1 CPU. This uplifts the Performance a bit.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
September 24, 2024, 03:11:35 PM #7
Yes, I think you suggested unpinning to another person and I quickly went and made the change to mine. I think this is why I see the core temps kind of move around, but they always do this in pairs of threads, so SMP may not really be happening in the way that we have become accustomed to seeing it used. It's fast enough for me right now, but I'd like to see the mutlithreaded version added.
September 24, 2024, 03:24:22 PM #8
Quote from: yeraycito on September 23, 2024, 06:50:36 PM
Quote from: IHK on September 23, 2024, 08:42:38 AM
Zenarmor multi-core support is expected to arrive in Q2 of 2025, you can follow the updates.


It would be better for the year 2040

Sorry for the inconvenience, but we had to prioritize working on other features.
September 26, 2024, 09:30:15 PM #9
Quote from: IHK on September 24, 2024, 03:24:22 PM
Quote from: yeraycito on September 23, 2024, 06:50:36 PM
Quote from: IHK on September 23, 2024, 08:42:38 AM
Zenarmor multi-core support is expected to arrive in Q2 of 2025, you can follow the updates.


It would be better for the year 2040

Sorry for the inconvenience, but we had to prioritize working on other features.

If I enable other services like AdGuard Home, will the multi-core capabilities of FreeBSD be leveraged? Meaning AdGuard Home service, will run on a different core than the cores being used by Zenarmor and OPNsense itself ? Thank you
September 27, 2024, 09:31:48 AM #10
Yes,

even if ZA is limited only to 1 core, usually by default its pinned and will run on cpu2 (can be unpinned and will then jump across all cores but still this is not a multicore functionality, ZA can not run paraller on several cores or threads). The rest of the system will use all cores, meaning OPNsense itself or other plugins will not be pinned to only the same core as ZA.

However you need to understand as ZA is not supporting multicore, the throughput its heavy dependent on the speed of a single CPU. And usually will give you only 1G throughput. The more feature heavy is your OPNsense deployment the less is the throughput when using ZA.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
September 27, 2024, 08:46:44 PM #11
Thank you, I appreciate the information
Print
Go Up Pages1
User actions