Minimum CPU Performance for a Gigabit WAN Link via PPPoE?

What would be the minimum CPU performance level that would be recommended to run IPFire and be able to saturate a Gigabit WAN connection over PPPoE with the Intrusion Prevention System & an OpenVPN server running?

The reason I ask is that I have a Gigabit connection from my ISP that uses PPPoE and I find that the max speed I can get with the IPFire Mini Appliance with its AMD GX-412TC is ~300Mbps without the IPS running, and about ~130Mbps with IPS running. I wasn’t aware that PPPoE is entirely single threaded and is the resource hog it is. I gather the CPU just isn’t capable of doing a gigabit via PPPoE regardless of what else is running or not.

The other box I was running IPFire on was powered by an AMD Athlon 200GE (with an Intel i350 4-port NIC PCIe card) which had no trouble saturating the Gigabit link with the IPS running. However, this CPU has orders of magnitude higher performance than the embedded GX-412, but then again it does have the much newer AMD Zen cores and is a 35W part rather than a 6W one.

How low could you safely go on the CPU for my kind of scenario with IPFire?

Hi Mark,

have a look at wiki.ipfire.org - Hardware

I am no expert here and looking at all the IP fire appliances

It looks like only not even Intel Atom will handle IPS and OpenVPN at 1GBps. XEON will do it depending on the cypher used for OpenVPN.

I don’t use PPPoE right now but I am wondering if using a 1or 2.5 Gigabit modem in PPPoE mode would help.

You would put the modem in PPPoE mode as opposed to Bridge mode and the CPU on the IPfire appliance would just deal with routing + IPS etc.

Obviously I don’t know your circumstances and 1-2.5Gb modem isn’t the cheapest. Just wondering

If yes, is it running in bridge mode and just passing through Ethernet?
Does the speed

Another thing I never mentioned - the link from my ISP also requires VLAN tagging on the Red.

I should clarify - I’m not necessarily looking for 1Gbps over OpenVPN whatever throughput I get there is okay just once I can access the network, it’s just that an OpenVPN server will be running in the background.

With IPS running, I get about 130-140Mbps on the Mini Appliance, which is exactly what’s specified here.

I get about 300Mbps without IPS on, the Athlon 200GE has no problem with 1Gbps on the other hand regardless of whether IPS is on or not.

Let’s say I was to turn off IPS completely - is there any sort of minimum CPU guideline out there for IPFire to do 1Gbps via PPPoE on the Red (with VLAN tagging)?

I had a look through the hardware requirements section of the Wiki prior to posting this thread, but there’s nothing really there about a PPPoE connection.

Hi,

You may need to tune the network stack and buffers. Check the interrupts on the network card. Are they high?

Check this link out:-

BR
Joe.

My ISP has the same requirements as Mark F(zoot). I need PPPoE, VLAN tagged 35. I have other threads asking about hardware but I am also interested in the answer to zoot’s question.

“…is there any sort of minimum CPU guideline out there for IPFire to do 1Gbps via PPPoE on the Red (with VLAN tagging)?”

I’m running PPPoE without VLAN and with both QoS and IPS.
HW is Xeon® CPU E5-2630 v4 running ESXi (IPFire has 4 cores allocated)
Red is an Intel X550 via vt-d, Green is vmxnet3>vswitch>Intel X550
Speedtest goes up to
950mbit without QoS and IPS
870mbit with QoS and IPS

Thing is, Speedtest uses multiple parallel connections.
When tested with single connection and QoS, I was only getting up to around 550mbit.

I never bothered with optimizing the setup so there might be a way to get better results.

Because of this my recomendation is frequency>cores. For perfect experience I’d estimate 4+GHz with 2+ cores. I’d also like to point out that in about 2 years of using my setup I remember running into the CPU bottleneck only once. So even 4 cores at about 2.2GHz are enough for most situations.

Hello everyone.
I have gigabit fiber which is PPPoE and Vlan, I was running an Opteron 1389 x4 at 2.9Ghz, (CPU is an optimized Phenom 2) a Intel 82571 dual port ethernet card.
I don’t use QOS since I am a home user, Likely IPS was disabled at the time, I was getting my gigabit speeds bi-directional.

This was tested from my Windows PC running the onboard Realtek ethernet card with IPfire as the firewall.
Maybe I should drop in an Intel card on my desktop?

I have since done an upgrade, I know too many people that upgrade to often so people just send me home with free PC parts to tinker with, that was the reason for the upgrade.

Current is AMD A10 x4 at 3.8Ghz, I did get AES-NI with this CPU, newer Intel 82576 quad port ethernet card. I do have IPS running on Red with the Snort ruleset with only the pre-defined rules enabled, no QOS, I am getting full speed up and down, With Htop I see around 20% CPU usage spread across the 4 cores both directions while testing.
FireInfo

I assume due to everyone being home these days my speed varies allot now via the ISP, strangely enough in the last two years I have had to change my MTU and MRU settings, appears the ISP is doing secret upgrades or something.

I am guessing the new system is a bit overkill on the CPU since the Intel 82576 is doing a fair amount of off loading the work.

Maybe this example can help others.

Oh, I quick edit, for my upgrade to be complete I need a Flaming Penguin case sticker on it.

After research, it seems there isn’t really an iron-clad guideline. As in X amount of Passmark score will get you Y speed on a PPPoE link. There’s a lot of discussion out there if you go looking, not so much for IPFire but certainly for the likes of Pfsense.

Although from what I can see, you probably want something relatively recent with a clock speed around 2GHz. Like maybe a recent AMD Zen based or an Intel Core based CPU that’s at least capable of 2GHz. Cores don’t matter as much it’s better have 2 good fast cores rather than 4 or more slower ones.

For reference, this is the profile link for my IPFire box. It easily achieves the 1Gbps throughput even with the IPS running over my ISP’s VLAN tagged PPPoE link.
https://fireinfo.ipfire.org/profile/d9529899e467f0f26364b6f14f6d17f13540fe46

This is the kind of frequency the Athlon’s CPU cores hit in my IPFire box over the last month. It hardly ever goes about 2GHz, and certainly nowhere near the max of 3.2GHz the CPU is capable of.

It likely means that the newer embedded low power Ryzen systems would be great for running IPFire with this kind of connection on the Red.

I would also like to note the AMD Zen cores come with RDRAND, previous AMD versions did not, since my A10 did not have it I added a TrueRNG stick to get entropy.
That Athlon 200 GE looks to be a great balance.