Greetings!
I have NGFW with IPFire installed. I am measuring the number of CC (Concurrent Connections). For some reason, the CC value is quite small, while the RAM remains unloaded.
Before testing our NGFW, I tested two devices (#1, #2) (Device under test / DUT) from a large vendor, on which their own OS is preinstalled. For the test, the Cisco TRex package was used. During testing, it was noted that concurrent connections load RAM. In the case of DUTs #1 and #2, it was possible to determine by the RAM load when they are overloaded. The obtained values had a slight deviation from the datasheets. In parallel with this, I was testing the number of new connections, the data obtained also slightly differed from the datasheets.
Testing DUT #3 with IPFire installed. Testing of new connections was similar to other devices, and comparable values were obtained. The problem occurred while testing CC. The DUT has a limitation of 260,000 concurrent connections, while RAM was loaded by only 4-5%. This value turned out to be several times less than that of DUTs #1 and #2. However, I repeat, those devices had RAM loading, while DUT #3 did not.
The question arose - is there somewhere a software limitation on the use of RAM? Or what could be the problem here? Thanks in advance for your answers.
DUT №3 parameters:
Processor: 4-core ARM Cortex 1.6 GHz
RAM: 8 GB DDR4
IPFire Version 2.23
Since the graph display functionality appeared only in 2.25 / Update 150, we had to manually install it into our 2.23 distribution kit.
During testing, I sent HTTP packets, without any enabled firewall functions, IDS / IPS
