Building a Debian Based VPN Router - Part 4 - Performance


Just to remind you of my hardware, I'm currently using this:

  • Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz (2 Cores, 4 Threads)
  • 8GB RAM - Massively overkill. I use <512MB most of the time.
  • Intel Pro/1000 PT (82571EB) - You can pick these up on ebay for £10-15 for the dual port cards.


To give you a bit of a background as to how I'm collecting these metrics, I have a Graphite setup here with a Grafana frontend. I'm using a local collector on each of my boxes called Diamond which collects metrics every 5 seconds and reports this via statsdaemon into Graphite.

I won't go into much detail about this as I'll cover this setup in a later post.

So I'll just post some quick screenshots of what my usage looks like generally for that hardware to give a general overview. During these tests I was downloading a 1TB file from tele2 as a speed test:

wget -O- > /dev/null

First of all lets take a look at the external bandwidth that I'm using while these metrics are being collected:

So as you can see from this I'm pushing almost 400Mbps, which is remarkable, considering Virgin are only supposed to be supplying me with 350Mbps. Though this doesn't seem uncommon, I can regularly exceed 350Mbps and I'm not complaining!

I also graph bandwidth from the OpenVPN tunnel interfaces and I can overlay this on top of my external bandwidth to show how much bandwidth overhead we have for OpenVPN itself.

I also have a graph that shows the difference between my external bandwidth and the tunnel interface bandwidth to purely show non-protected bandwidth traffic:

So you can see I'm losing ~26Mbps because of the OpenVPN tunnel overhead.

So what does my CPU usage look like at this point:

It's unsurprising that we're bound to a single CPU core here, but you can see we're barely even touching what this router could push and we're absolutely saturating external bandwidth (400Mbps).

As you can imagine we're using no memory here at all so lets take a look at the last week of me using this router to get an idea of memory usage.

So over the last 7 weeks we're seeing a peak memory use of 484MB, please note that this is calculated without filesystem cache. So you could easily run this on a system with 768MB of RAM to be safe.

The other metrics just aren't worth going in to, we don't even touch disk. I unfortunately don't have any TCP metrics to go along with this.

Generally the router doesn't even hit a load avg of 1, I'm hovering around 0.2 avg over the last week.


Hopefully this gives you good insight into what kind of hardware you might need for a setup like this. Just don't listen to the PFSense guys when they say you need an E5 Xeon for an OpenVPN router!