Minimum CPU Performance for a Gigabit WAN Link via PPPoE?

zoot · 19 February 2021 09:56

What would be the minimum CPU performance level that would be recommended to run IPFire and be able to saturate a Gigabit WAN connection over PPPoE with the Intrusion Prevention System & an OpenVPN server running?

The reason I ask is that I have a Gigabit connection from my ISP that uses PPPoE and I find that the max speed I can get with the IPFire Mini Appliance with its AMD GX-412TC is ~300Mbps without the IPS running, and about ~130Mbps with IPS running. I wasn’t aware that PPPoE is entirely single threaded and is the resource hog it is. I gather the CPU just isn’t capable of doing a gigabit via PPPoE regardless of what else is running or not.

The other box I was running IPFire on was powered by an AMD Athlon 200GE (with an Intel i350 4-port NIC PCIe card) which had no trouble saturating the Gigabit link with the IPS running. However, this CPU has orders of magnitude higher performance than the embedded GX-412, but then again it does have the much newer AMD Zen cores and is a 35W part rather than a 6W one.

How low could you safely go on the CPU for my kind of scenario with IPFire?

markusm · 19 February 2021 11:26

Hi Mark,

have a look at wiki.ipfire.org - Hardware

trish · 20 February 2021 00:00

I am no expert here and looking at all the IP fire appliances

It looks like only not even Intel Atom will handle IPS and OpenVPN at 1GBps. XEON will do it depending on the cypher used for OpenVPN.

I don’t use PPPoE right now but I am wondering if using a 1or 2.5 Gigabit modem in PPPoE mode would help.

You would put the modem in PPPoE mode as opposed to Bridge mode and the CPU on the IPfire appliance would just deal with routing + IPS etc.

Obviously I don’t know your circumstances and 1-2.5Gb modem isn’t the cheapest. Just wondering

If yes, is it running in bridge mode and just passing through Ethernet?
Does the speed

zoot · 22 February 2021 16:53

Another thing I never mentioned - the link from my ISP also requires VLAN tagging on the Red.

I should clarify - I’m not necessarily looking for 1Gbps over OpenVPN whatever throughput I get there is okay just once I can access the network, it’s just that an OpenVPN server will be running in the background.

With IPS running, I get about 130-140Mbps on the Mini Appliance, which is exactly what’s specified here.

I get about 300Mbps without IPS on, the Athlon 200GE has no problem with 1Gbps on the other hand regardless of whether IPS is on or not.

Let’s say I was to turn off IPS completely - is there any sort of minimum CPU guideline out there for IPFire to do 1Gbps via PPPoE on the Red (with VLAN tagging)?

I had a look through the hardware requirements section of the Wiki prior to posting this thread, but there’s nothing really there about a PPPoE connection.

jjdoran · 25 February 2021 11:00

Hi,

You may need to tune the network stack and buffers. Check the interrupts on the network card. Are they high?

Check this link out:-

BR
Joe.