Intrusion Detection tanks download speed by 70%

[IosDev41]

Hi all, New to setting up Opnsense and getting a better understanding of the configuration of Opnsense. I have intrusion detection enabled with 0 rules enabled (to troubleshoot this issue), I have interfaces set to wan and pattern matcher set to default. IPS Mode is enabled, Promiscuous mode is enabled, I've tried all the Pattern matchers besides Hyperscan(It gives me an error when enabling Hyperscan).

When Intrusion Detection is enabled download speeds are around 230Mbps with upload speeds 40Mbps. When intrusion detection is OFF, download speeds are about 830-960Mbps. Not sure what to enable or disable here.

Running an AMD Athlon II Neo N36L Dual-Core, 8gb RAM. Thanks.

[meyergru]

Sadly, your CPU is way too slow for that. For a 1 Gbps connection with IDS enabled, you would use an Intel N100.

I have found no comparison for the N36L, but it is 1300 Mhz, whereas the N54L is 2200 Mhz and even that compares like this to an N100, i.e. you CPU is ~10 times slower than needed.

Once you enable more rules, your speeds will go down even further.

[Patrick M. Hausen]

The HP Microserver (for example) featuring the N36L was presented in 2010 - almost 15 years ago. It probably consumes orders of magnitude more energy for orders of magnitude less performance compared to a current N100 based system.

[Greg_E]

Even an n5105 would be better at this point. There is an n150 that has a little bit higher clock speed, and of course the n305 if you need even more.

That said, I do have some J41xx and I wouldn't recommend them for anything but basic routing, at least the mini-PC that I have do not perform very fast and the cheapest one seems to have some hardware issues and locks up once in a while on Linux Mint.