We’ve been busy in the labs updating some our previous pfSense performance testing statistics against the latest Intel processor revisions. This time around we’ve focused on IPsec, with a specific nod to what’s possible with AES-NI.

Virtualized pfSense, Internal

In this phase we created two pfSense machines atop the hypervisor on a single physical box. Each machine was given one logical processor from an Intel Haswell i5 @ 3.4GHz.

Test1: Raw, Virtual Network

No encryption (Static Routes to Traverse WAN)

Round Upload(Mbps) Download(Mbps)
1 561 630
2 687 737
3 738 844
4 781 945
5 794 926
Avg 712 816

Test2: IPsec, Virtual Network

IPsec w/ Phase2 AES256-GCM

Round Upload(Mbps) Download(Mbps)
1 369 348
2 370 339
3 336 444
4 400 443
5 374 372
Avg 369 389

Virtualized pfSense, Two Distinct Boxes

After the internal test we moved the pfSense machines to two separate physical machines interconnected via a standard small business gigabit switch. Each virtual machine was allocated one logical processor from an Intel Haswell i7 @ 3.4GHz.

Test3: IPsec, Physical Network

IPsec w/ Phase2 AES256-GCM

Round Upload(Mbps) Download(Mbps)
1 657 436
2 432 668
3 541 522
4 520 565
5 491 593
Avg 528 556

Stay Tuned

Our testing is still underway. Check back here soon for more updates to numbers we’re finding in different configurations.

Notes

  • These tests were with – Lan Speet Test Lite; better results were achieved with iperf and TCP Window Size tuning
  • Tests run on pfSense 2.2.1

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

Menu