Thomas Krenn RI1102D-F

Performance tests done with 2 OPNsense Firewalls, one the RI1102D-F, second one a Fujitsue RX1330 (more powered than RI1102D-F).

10G directly attached and behind the systems two linux hosts running iperf:

 

Thomas Krenn (Supermicro): 1HE Intel Single-CPU RI1102D-F Server
CPU: Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz (2200.04-MHz K8-class CPU), 4 Cores / 8 Threads
4GB RAM

No IPSEC, no FW (NIC offloading disabled, default):
4300 down / 6800 up
85% CPU, Load 8.2

No IPSEC, no FW (NIC offloading enabled):
9400 down / 9400 up
95% CPU, Load 8.2

No IPSEC, FireHOL3 FW (NIC offloading enabled):
7400 down / 9400 up
95% CPU, Load 8.2

IPSEC AES128-GCM, no FW (NIC offloading enabled):
1300 down / 2000 up
80% CPU, Load 8.5

IPSEC AES128-GCM, FireHOL3 FW (NIC offloading enabled):
1300 down / 2500 up
80% CPU, Load 8.5

 

 

The default setting in OPNsense is to not offload since this would break IPS! Since the RI1102D-F runs only Xeon D which is a bit underpowered you can see the difference between the two options.

We checked with FireHOL3 lists if it makes a difference when there are more than 50k objects to travel through the firewall, but it doesn’t make any difference.

 

iperf testing was done with:

 

Server:

iperf3 -V -p 5000 -f m -s

 

Client:

iperf3 -p 5000 -f m -V -c 10.0.2.10 -t 180 -P 10 -R (and without -R for upload)