The security router software is compiled for 32/64 bit Intel-compatible (i386/amd64) computers and servers. The benchmarks below are performed using two low-end computers running Linux with iperf or OpenBSD with tcpbench (with standard configuration and without extra command-line options), in order for you to know what you should expect at least.
We have benchmarked a few of the servers mentioned in our list of supported hardware.
|APU2||Axiomtek NA-110||Lanner FW-7573B||Portwell CAR-4010|
|CPU||AMD GX-412TC 1 GHz||AMD G-T24L 1 GHz||Intel Atom C2518 1.7 GHz||Intel Xeon E31275 3.4 GHz|
|Plain-text bits||940 Mbps||954 Mbps||2500 Mbps||3421 Mbps|
|Plain-text packets||110 kpps||135 kpps||300 kpps||493 kpps|
|NAT bits||910 Mbps||922 Mbps||1700 Mbps||2734 Mbps|
|NAT packets||74 kpps||82 kpps||200 kpps||310 kpps|
|VPN (AES)||91 Mbps||95 Mbps||300 Mbps||510 Mbps|
|Name||Plain-text bits||Plain-text packets||VPN (AES)|
|PC Engines ALIX 2D3||90 Mbps||40 Mbps|
|Intel D2500CC||50 Mbps|
|VMware ESX 5.1 on HP DL120 G7||500 kpps||500 Mbps|
The default values offers a good security/performance tradeoff. However, for very powerful and busy systems, some sysctl tweaking might be necessary. Exactly which settings and values has to be determined on a case-by-case basis, usually by inspecting the kernel memory (using for example systat) and queue lengths. If you are experienced enough to do this yourself, you can make such changes static by using skeleton files such as /cfg/skel/rc.local and add commands such as
# just an example sysctl net.inet.ip.ifq.maxlen=512