Pondering to upgrade HW, now using a Banana Pi R1

General questions.
cfusco
Posts: 118
Joined: March 23rd, 2015, 4:19 pm

Re: Pondering to upgrade HW, now using a Banana Pi R1

Post by cfusco » November 21st, 2018, 4:17 pm

Saiyato wrote:
November 21st, 2018, 3:34 pm
[...]
@cfusco: I don't know what your connection is (mine is 100/100), but if yours is comparable, can you perform a speedtest, just to check the throughput? Assuming you have some addons enabled (proxy/clamav/IDS). :)
Yes, I have 100/100, as well as proxy/clamav but not IDS; I have also the QoS activated. I will perform a speed test from a client behind IPFire without a VPN and through the VPN. This weekend, as probably I can't do it before.

Edit: I did a quick test from my office, I will finish the others this weekend (as I stated above). This is the result of the initial tests.

I connected my laptop (from my office) to the IPFire in my house trough internet with an OpenVPN tunnel, then I opened an SSH session with IPFire and started iperf3 in server mode, finally from an other terminal on my laptop I started iperf3 in client mode, and this is the result:

Code: Select all

Hasbeen-MBP:~ cfusco$ iperf3 -c ipfire
Connecting to host ipfire, port 5201
[  7] local 10.1.4.6 port 62211 connected to 10.1.1.1 port 5201
[ ID] Interval           Transfer     Bitrate
[  7]   0.00-1.00   sec  6.37 MBytes  53.4 Mbits/sec                  
[  7]   1.00-2.00   sec  6.78 MBytes  56.9 Mbits/sec                  
[  7]   2.00-3.00   sec  7.18 MBytes  60.3 Mbits/sec                  
[  7]   3.00-4.00   sec  6.00 MBytes  50.4 Mbits/sec                  
[  7]   4.00-5.00   sec  5.47 MBytes  45.9 Mbits/sec                  
[  7]   5.00-6.00   sec  6.23 MBytes  52.2 Mbits/sec                  
[  7]   6.00-7.00   sec  5.90 MBytes  49.5 Mbits/sec                  
[  7]   7.00-8.00   sec  5.94 MBytes  49.8 Mbits/sec                  
[  7]   8.00-9.00   sec  5.16 MBytes  43.3 Mbits/sec                  
[  7]   9.00-10.00  sec  5.79 MBytes  48.6 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  7]   0.00-10.00  sec  60.8 MBytes  51.0 Mbits/sec                  sender
[  7]   0.00-10.00  sec  60.6 MBytes  50.8 Mbits/sec                  receiver
The reverse test (swapping client and server) gives the same results.

This is also the result of connecting, through the tunnel, iperf3 (client mode) on my laptop to ipref3 in server mode running on my nas machine, which is located behind the IPFire machine:

Code: Select all

Hasbeen-MBP:~ cfusco$ iperf3 -c nas
Connecting to host nas, port 5201
[  7] local 10.1.4.6 port 62557 connected to 10.1.1.101 port 5201
[ ID] Interval           Transfer     Bitrate
[  7]   0.00-1.00   sec  5.60 MBytes  46.9 Mbits/sec                  
[  7]   1.00-2.00   sec  5.94 MBytes  49.8 Mbits/sec                  
[  7]   2.00-3.00   sec  5.93 MBytes  49.9 Mbits/sec                  
[  7]   3.00-4.00   sec  5.70 MBytes  47.8 Mbits/sec                  
[  7]   4.00-5.00   sec  5.90 MBytes  49.6 Mbits/sec                  
[  7]   5.00-6.00   sec  5.93 MBytes  49.7 Mbits/sec                  
[  7]   6.00-7.00   sec  5.59 MBytes  47.0 Mbits/sec                  
[  7]   7.00-8.00   sec  5.95 MBytes  49.9 Mbits/sec                  
[  7]   8.00-9.00   sec  5.75 MBytes  48.2 Mbits/sec                  
[  7]   9.00-10.00  sec  6.01 MBytes  50.4 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  7]   0.00-10.00  sec  58.3 MBytes  48.9 Mbits/sec                  sender
[  7]   0.00-10.00  sec  58.0 MBytes  48.6 Mbits/sec                  receiver
I did as well a test from my laptop thorough the encrypted tunnel using DSL Reports service.

This is the result:
Image

Edit: Final benchmark, speed test from behind IPFire pc engines without any OpenVPN tunnel:
Image

pretty much it reaches its max speed (determined by the QoS settings).
Last edited by cfusco on November 25th, 2018, 12:35 pm, edited 2 times in total.
Image

Saiyato
Posts: 36
Joined: October 9th, 2018, 6:55 pm

Re: Pondering to upgrade HW, now using a Banana Pi R1

Post by Saiyato » November 24th, 2018, 11:19 am

Thanks for the benchmarks! I will work them out in my comparison, I'm ordering new hardware at the end of this year I think. :)
Image
Image

cfusco
Posts: 118
Joined: March 23rd, 2015, 4:19 pm

Re: Pondering to upgrade HW, now using a Banana Pi R1

Post by cfusco » November 25th, 2018, 12:36 pm

Saiyato wrote:
November 24th, 2018, 11:19 am
Thanks for the benchmarks! I will work them out in my comparison, I'm ordering new hardware at the end of this year I think. :)
You are welcome, please notice that I updated my post to include the test done without an encrypted tunnel (which max out my internet bandwidth).
Image

Saiyato
Posts: 36
Joined: October 9th, 2018, 6:55 pm

Re: Pondering to upgrade HW, now using a Banana Pi R1

Post by Saiyato » November 26th, 2018, 10:21 am

I saw, thanks, the 100mbit connection outside of the VPN is super promising! I think I'm already sold :P

The only thing that remains is that I want acceptable speeds over VPN (IPSec/OpenVPN) for all clients behind IPFire.
Schematically it should look like this:

Clients -> IPF -> ISP Router (because the TV VLAN is not routed through IPF*) -> VPN provider -> the big bad web

*I should still configure proper IGMP snooping to offload softirq, which would be beneficial for the CPU
Image
Image

Saiyato
Posts: 36
Joined: October 9th, 2018, 6:55 pm

Re: Pondering to upgrade HW, now using a Banana Pi R1

Post by Saiyato » November 30th, 2018, 1:04 pm

I've been kept a bit busy with some other investigations, like DNS hardening and trying to get DNSSEC and DoT working.

I'm not quite there yet, but the deadline (2019) is drawing near, so I thought I'd investigate the Qotom too... The risk of no updates, i.e. NSA/KGB/GCHQ/etc is kind of a dealbreaker to me, Qotom might be out of the question, despite its great performance.
Image
Image

Saiyato
Posts: 36
Joined: October 9th, 2018, 6:55 pm

Re: Pondering to upgrade HW, now using a Banana Pi R1

Post by Saiyato » January 7th, 2019, 12:47 pm

Despite a busy end of the year, I still ordered the APU2D4 and I'm happy I did!
At first I experienced some trouble with installation, but I just needed to follow the step-by-step and not experiment.
After restoring the backups I locked myself out of the WUI, because the theme I used wasn't on the new installation (dumb me!).

In any case, I'm reaching the full 100/100 without VPN, so that's a big step up from 40-60 (depending on the load on the Banana Pi).
Initial tests on VPN (NordVPN) have shown speeds in the range of 55-65 mbps, just some quick speedtest.net runs, I will continue testing and tweaking.

So all in all, a good choice to replace my Banana Pi, power consumption was within the ranges posted earlier, which is acceptable.
Thanks cfusco for the earlier provided stats and metrics! And Arne for the correction. :)
Image
Image

Post Reply