Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 7783 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Gigabit Connection severely hampered by UTM's IPS.

Brendan Corcoran

We recently got Verizon FIOS gigabit in our area, so we decided to make the jump. We had 150/150 previously with no throughput problems whatsoever.

Since upgrading to gigabit, however, speeds through the UTM with IPS enabled are capping out at 240Mbit up/down. That is absolute best case.

I have read the article about the way that IPS can have limitations with speed tests (i.e. the connection speed exceeds the speed at which the cpu can process the IPS). I tried disabling the IPS and immediately we tripled our throughput. So, I believe it is in fact a CPU limiting issue.

That said, if I were to upgrade the hardware on this home-built UTM, what kind of increases am I looking to gain? Right now it is running an AMD Phenom II X6 1100T (3.3GHz, 3.7GHz turbo). I know this is not the fastest cpu relative to the CPU's that are out now. That said, if I were to upgrade to an i5-7600k or i7-7700k, would we see (with IPS enabled) similar throughput to the current CPU with IPS disabled? Even approx double would be acceptable, but the more the merrier.

Overspec'd hardware is not a concern. What is a concern is that we attain the higher throughput as desired.



This thread was automatically locked due to age.
  • 0

    You will be limited to under 300Mbps per connection with any processor, Brendan, as Snort is single-threaded.  If you simultaneously run speedtest from four different devices, the total should be able to fill your pipe.  William has documented this extensively over the years, and he's warned against using AMD processors, but I don't recall why at the moment.  Depending on the size of your network, a quad core i5 or i7 with 8-to-16GB of RAM would seem to be a better choice.

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob,

    you need to add a little bit about the speed of the processor eg mid to high 3ghz or even low 4ghz.

    From memory William advised a very fast quad core i3 would be sufficient because there aren't any real sophisticated calculations being performed by the UTM. Also he advised to disable speedstep so that the processor was applying full power from the start of the download.

    You could try one of the top e3 with inbuilt display, they have similar performance ratings to the i7 and cost less than an i7.

     

    //edited - added extra information.

  • +1

    Well, we upgraded the hardware to the i7-7700k and some DDR4-2133 memory. The speeds with IPS more than doubled. We're getting approx 500-550Mbps per connection with IPS enabled.

    C-states are disabled in the bios, so the CPU won't automatically scale back from 4.2GHz. It will range between 4.2-4.5GHz if turbo is ever triggered.

    Essentially, the steps were to:

    • Back up configuration in 9.4
    • Reinstall with 9.5 (to make sure there weren't any incorrect drivers being loaded since we switched from AMD to Intel)
    • Do initial setup
    • Restore configuration
    • Fix eth0 because it wasn't detected properly (most likely due to the card position on motherboard)

    All in all it took about 4-5 hours, so not bad.

    For now, we're happy with the jump in performance.