Hi,
my freshest Lab hardware arrived! 2 Supermicro Systems with Intel(R) Xeon(R) CPU E3-1240 v6 @ 3.70GHz, 16G RAM and 10G (82599ES 10-Gigabit SFI/SFP+ Network Connection).
I conntected them both with a cheap DAC Cable from FibreStore and behind those systems some of Xeon machines with Intel X520 cards.
As usual I ran iperf only on the systems behind and NEVER .. EVER .. iperf on OPNsense itself!!!
It’s a fresh 20.1 64bit install, updated to 20.1.8, no tuning.
Server:
iperf3 -V -p 5000 -f m -s
First test with 10 parallel streams (with and without -R for down- and upload) …
Client:
iperf3 -p 5000 -f m -V -c 10.0.2.10 -t 180 -P 10 (-R)
Without NAT, HW Offloading disabled:
9400Mbit up / 9400Mbit down
With NAT, HW Offloading disabled:
9400Mbit up / 9400Mbit down
CPU at 25% (with NAT 30%)
With IPS enabled (58830 rules)
3000Mbit up / 3000Mbit down
55% CPU
Now with VPN:
IPsec IKEv2 AES256GCM 2,4Gbit up/down
IPsec IKEv2 AES256 without GCM 1Gbit up/down
WireGuard 1,5Gbit up/down (50% CPU)
And now the same with 1 parallel stream:
Client:
iperf3 -p 5000 -f m -V -c 10.0.2.10 -t 180 -P 1 (-R)
Without NAT, HW Offloading disabled (enabled are same):
7300Mbit up / 7300Mbit down
With NAT, HW Offloading disabled (enabled are same):
5600Mbit up / 5300Mbit down
CPU at 15% (with and without NAT)
With IPS enabled (58830 rules)
1500Mbit up / 3500Mbit down
20% CPU
Now with VPN:
IPsec IKEv2 AES256GCM 1Gbit up/down
IPsec IKEv2 AES256 without GCM 500Mit up/down
WireGuard 1,5Gbit up/down (50% CPU)