pfSense English Support > Hardware

pfSense hardware for home router - OpenVPN performance

(1/20) > >>

mauroman33:
I read several questions about what hardware to build an home router and many people here seem to be interested in surfing through an OpenVPN client, so I performed that simple OpenVPN benchmark on different hardware:
https://forum.pfsense.org/index.php?topic=105238.msg616743#msg616743 (Reply #9 message)

The features of all these CPUs come from www.cpubenchmark.net

Only the Celeron J1900, in this group, does not support the AES-NI instructions to improve the speed in encryption and decryption.

Here the results:

Intel Celeron N3150 4x1.6GHz    -TDP 6W  -CPU Mark 1642 -Single Thread  456
3200/27,5 = 116 Mbps OpenVPN performance (estimate)

Intel Celeron J1900 4x2GHz        -TDP 10W -CPU Mark 1881 -Single Thread  528
3200/36,5 =  88 Mbps OpenVPN performance (estimate)

AMD A10-7300 APU 4x1.9GHz    -TDP 19W -CPU Mark 3032 -Single Thread 1017
3200/12,5 = 256 Mbps OpenVPN performance (estimate)

Intel i7-4500U 2x1.8GHz            -TDP 15W -CPU Mark 3795 -Single Thread 1578
3200/10,7 = 299 Mbps OpenVPN performance (estimate)

Intel i7-4790S 4x3.2GHz            -TDP 65W -CPU Mark 9631 -Single Thread 2261
3200/9,6 =   333 Mbps OpenVPN performance (estimate)

Intel Celeron J3355 2x2GHz        -TDP 10W -CPU Mark 1333 -Single Thread  884
3200/10,9 =  293 Mbps OpenVPN performance (estimate)

Test about i7-4500U was taken from Paint in his tread:
https://forum.pfsense.org/index.php?topic=113610.30

Test about Celeron J3355 was taken from pfBasic here:
https://forum.pfsense.org/index.php?topic=105238.msg709164#msg709164

In the real world, I found the same test values either through some speed test websites either in the download of some large files.

Feel free to add your hardware's score.

Pippin:
Very much doubt these calculations or any....., to much variables to make a good estimate that will reflect reality.
Cipher, digest, hash, compression, mtu, buffersizes, network, latency, etc. all play a role.
And also the type of data that goes through the tunnel.


--- Quote ---Intel Celeron N3150 4x1.6GHz    -TDP 6W  -CPU Mark 1642 -Single Thread  456
3200/27,5 = 116 Mbps OpenVPN performance (estimate)
--- End quote ---

As argument, with N3150 (Gigabyte N3150N-D3V), I can tell you that in a client to client Iperf test, I was getting 160 Mbit/s throughput, I used:
No crypto hardware selected (meaning AES-NI will be used automatically if it`s supported, N3150 does)
no compression
DH 2048
AES-256-CBC
SHA512
prng SHA512 32 #(prng_hash = 'RSA-SHA512'/prng_nonce_secret_len = 32)
cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384/2048 bit RSA

As you can see, with these somewhat "heavier" settings it is higher then the calculated 116 Mbit/s.

Furthermore, keep in mind that this was client to client, meaning there is an extra round of crypto happening at server.....

Paint:

--- Quote from: mauroman33 on July 25, 2016, 06:55:28 am ---Since I read many information requests about the hardware to build an home router and several people seem interested in surfing through an OpenVPN client, I have performed on different hardware the simple OpenVPN benchmark referenced here:
https://forum.pfsense.org/index.php?topic=105238.msg616743#msg616743 (Reply #9 message)

The features of these CPUs come from www.cpubenchmark.net

The only CPU in the group that does not support AESNI instructions is the Celeron J1900.

These are the results:

Intel Celeron N3150 4x1.6GHz    -TDP 6W  -CPU Mark 1642 -Single Thread  456
3200/27,5 = 116 Mbps OpenVPN performance (estimate)

Intel Celeron J1900 4x2GHz        -TDP 10W -CPU Mark 1881 -Single Thread  528
3200/36,5 =  88 Mbps OpenVPN performance (estimate)

AMD A10-7300 APU 4x1.9GHz    -TDP 19W -CPU Mark 3032 -Single Thread 1017
3200/12,5 = 256 Mbps OpenVPN performance (estimate)

Intel i7-4500U 2x1.8GHz            -TDP 15W -CPU Mark 3795 -Single Thread 1578
3200/10,7 = 299 Mbps OpenVPN performance (estimate)

Intel i7-4790S 4x3.2GHz            -TDP 65W -CPU Mark 9631 -Single Thread 2261
3200/9,6 =   333 Mbps OpenVPN performance (estimate)


The test about i7-4500U was taken from Paint in its tread:
https://forum.pfsense.org/index.php?topic=113610.30

Jumping from theory to practice, with my router (Celeron N3150) I found the same values in speed test websites or in downloading large files.

Feel free to add the results of your hardware and grow this database.

--- End quote ---

please note that test for the Intel i7-4500U test, I was running at cMAX locked - therefore my processor was running in Turbo mode at 3.0ghz and with hyperthreading.

mauroman33:
I agree with Pippin that this is not a gospel.

My intention is to have a rough estimate for a connection via OpenVPN.

In my city, most areas are connected to 50mbs, only a few come to 100Mbs, from this point of view can be useful to know what is the minimum hardware to fully exploit this connection speed.

In my case (fiber 100) Celeron N3150 meets all requirements.

I tried in another city with a fiber connection 250 and I found that the maximum download speed of 125Mbs download is fairly consistent with the test results, so in this case I would have to buy a CPU as that used by Paint.

I used PIA and this is the connection log:

Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256-bit key
Data Channel Encrypt: Using 256-bit message hash 'SHA256' for HMAC authentication
Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256-bit key
Data Channel Decrypt: Using 256-bit message hash 'SHA256' for HMAC authentication
Control Channel: TLSv1.2, cipher TLSv1 / SSLv3 DHE-RSA-AES256-SHA, RSA 4096 bit

Pippin:
Thanks for this info, it has more value then theoretical calculation in my eyes ;)
Since I have no fast ISP connection available here this practical info is very helpful.


--- Quote from: mauroman33 on July 25, 2016, 12:02:40 pm ---In my city, most areas are connected to 50mbs, only a few come to 100Mbs, from this point of view can be useful to know what is the minimum hardware to fully exploit this connection speed.
In my case (fiber 100) Celeron N3150 meets all requirements.

--- End quote ---
Yes, that is a good thinking, one could also think about the future when upgrading to faster line speed, needing more overhead on your pfS box.


--- Quote ---I tried in another city with a fiber connection 250 and I found that the maximum download speed of 125Mbs download is fairly consistent with the test results, so in this case I would have to buy a CPU as that used by Paint.

--- End quote ---
You mean you put pfS box as client to PIA?
Then maybe PIA is not giving you more? Or you have tested with a PC too and get more then 125 Mbit/s on that 250 Mbit/s line?
Also running more packages can decrease speed.


--- Quote ---I used PIA and this is the connection log:

Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256-bit key
Data Channel Encrypt: Using 256-bit message hash 'SHA256' for HMAC authentication
Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256-bit key
Data Channel Decrypt: Using 256-bit message hash 'SHA256' for HMAC authentication
Control Channel: TLSv1.2, cipher TLSv1 / SSLv3 DHE-RSA-AES256-SHA, RSA 4096 bit

--- End quote ---
What compression does PIA use and what type of data was being downloaded?

I find online speedtests somewhat unreliable/inconsistent. Before you know it the speed to PIA is being measured instead of to you.
Some time ago I used speedtest.net and found my download/upload speed being higher then my line speed  :)

My writing is no gospel either, I found the following from trying and asking questions as why?
A better/more reliable way I found is to download a incompressible binary/zip/rar file from a fixed location/server near me.

Why incompressible?
Attached images show how compression can "mislead" measurements.
I connect through OpenVPN to my NAS in another country and then download from fixed locations.
My line speed (to NAS) is a practical whopping 9,5 Mbit/s down and 2,1 Mbit/s up  :)
The line speed of NAS location is 50 Mbit/s symmetric, so NAS pulls in data more quickly.
Yet, you can see in four cases I`m getting down speed above 9,5 Mbit/s.
The reason is because those four files are compressible and the one giving 8,56 Mbit/s is not.


Sorry for the long post and if my questions are too much just tell  ;D

Navigation

[0] Message Index

[#] Next page

Go to full version