Throughput Getting Crushed

Started by fakebizprez, May 01, 2025, 10:57:20 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
May 01, 2025, 10:57:20 AM
My download has gone from 5.2Gbps to 3.2Gbps & Upload has gone from 5.1Gbps to 1.4Gbps since installing Zenarmor, and I have OPNsense running on a Dell PowerEdge R730 with on two Intel Xeon E5-2643 v3 @ 3.40GHz (6 cores each). 64GB RAM.


Is this to be expected or have I misconfigured the extension?
Founder & President of linehaul.ai - a logistics and technology services provider.
May 01, 2025, 11:22:09 AM #1
I would have expected that with use of a single thread only for the free tier, but I do not use Zenarmor.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
May 01, 2025, 01:48:18 PM #2
Yop, this is the expected throughput in regards of your CPU when using ZA.
I would even say you are bit above the expected.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
May 02, 2025, 02:14:34 PM #3
Thanks for the replies.

Only the free tier is single-threaded, am I understanding that correctly?
Founder & President of linehaul.ai - a logistics and technology services provider.
May 02, 2025, 03:43:14 PM #4
There is no multicore support yet.

As for when there will be and on which subscription is still not properly communicated by ZA. There is a Major thread about this topic.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
May 04, 2025, 04:25:07 AM #5
Thank you for answering

Quote from: Seimus on May 02, 2025, 03:43:14 PMThere is a Major thread about this topic.

I read through it. Looks like this has been in progress for an very long time. Unfortunately, I cannot wait while continuing to use the product.

Aside from it being single-threaded, are there any adjustments that can be made to reduce the reduction in throughput? For example, should I use something other than ElasticSearch? Should I not emulate the Netmap driver? Should I not include Wireguard? Anything at all..
Founder & President of linehaul.ai - a logistics and technology services provider.
May 04, 2025, 06:31:47 PM #6
The only way how to improve performance for ZA is to move of the DB to an external one.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
May 05, 2025, 12:40:57 PM #7
Hi,

Good news regarding multicore support. We have released a test binary. Kindly contact the support team via the "Have Feedback" option located in the bottom right corner of the UI if you wish to try it out.

May 09, 2025, 02:36:22 AM #8
Quote from: sy on May 05, 2025, 12:40:57 PMHi,

Good news regarding multicore support. We have released a test binary. Kindly contact the support team via the "Have Feedback" option located in the bottom right corner of the UI if you wish to try it out.



Thank you, I will do this now.
Founder & President of linehaul.ai - a logistics and technology services provider.
May 12, 2025, 08:03:51 PM #9
Quote from: fakebizprez on May 09, 2025, 02:36:22 AM
Quote from: sy on May 05, 2025, 12:40:57 PMHi,

Good news regarding multicore support. We have released a test binary. Kindly contact the support team via the "Have Feedback" option located in the bottom right corner of the UI if you wish to try it out.



Thank you, I will do this now.

Has it made a difference in your use-case?
May 13, 2025, 06:42:04 AM #10
Quote from: Taunt9930 on May 12, 2025, 08:03:51 PM
Quote from: fakebizprez on May 09, 2025, 02:36:22 AM
Quote from: sy on May 05, 2025, 12:40:57 PMHi,

Good news regarding multicore support. We have released a test binary. Kindly contact the support team via the "Have Feedback" option located in the bottom right corner of the UI if you wish to try it out.



Thank you, I will do this now.

Has it made a difference in your use-case?

I just set it up, per the instructions that were emailed to me, but there seem to be errors. I forwarded the logs to the ZenArmor team.

When they get back to me tomorrow I will troubleshoot and report back.
Founder & President of linehaul.ai - a logistics and technology services provider.
May 15, 2025, 01:03:30 PM #11
Quote from: fakebizprez on May 13, 2025, 06:42:04 AM
Quote from: Taunt9930 on May 12, 2025, 08:03:51 PM
Quote from: fakebizprez on May 09, 2025, 02:36:22 AM
Quote from: sy on May 05, 2025, 12:40:57 PMHi,

Good news regarding multicore support. We have released a test binary. Kindly contact the support team via the "Have Feedback" option located in the bottom right corner of the UI if you wish to try it out.



Thank you, I will do this now.

Has it made a difference in your use-case?

I just set it up, per the instructions that were emailed to me, but there seem to be errors. I forwarded the logs to the ZenArmor team.

When they get back to me tomorrow I will troubleshoot and report back.

Similar boat for me. Tons of issues with IPv4 connectivity as well. Hopefully they can get some of this resolved :)
May 17, 2025, 10:14:55 AM #12
I actually remembered.

For the time being, You can improve ZA performance by using RSS + Do not pin Engine packet processor to dedicated CPU.

If you set it right you should be in theory able to go bit above. Helped me on a N100 CPU to go from 1Gbit/s to around ~1.8Gbit.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
May 29, 2025, 09:50:26 PM #13
I was not using the Pin feature.

Off the top of my head I am not sure what RSS is.
Founder & President of linehaul.ai - a logistics and technology services provider.
May 29, 2025, 09:56:41 PM #14
Quote from: Lurick on May 15, 2025, 01:03:30 PM
Quote from: fakebizprez on May 13, 2025, 06:42:04 AM
Quote from: Taunt9930 on May 12, 2025, 08:03:51 PM
Quote from: fakebizprez on May 09, 2025, 02:36:22 AM
Quote from: sy on May 05, 2025, 12:40:57 PMHi,

Good news regarding multicore support. We have released a test binary. Kindly contact the support team via the "Have Feedback" option located in the bottom right corner of the UI if you wish to try it out.



Thank you, I will do this now.

Has it made a difference in your use-case?

I just set it up, per the instructions that were emailed to me, but there seem to be errors. I forwarded the logs to the ZenArmor team.

When they get back to me tomorrow I will troubleshoot and report back.

Similar boat for me. Tons of issues with IPv4 connectivity as well. Hopefully they can get some of this resolved :)

I don't have the logs available right now, because I'm on my phone, but the multi-threaded throughput was actually lower than single-threaded.

Unfortunately, I had to uninstall the service until they can polish this new feature. My OPNsense server's two CPUs have the highest rates single-threaded performance available for the PowerEdge R730.
Founder & President of linehaul.ai - a logistics and technology services provider.
Print
Go Up Pages1 2
User actions