Hardware

I've been running M0n0wall v1.231 happily on several Dell Poweredge 350 machines (1Ghz, 512MB) for many years (various builds) without any issues but in an effort to save some rack space I did the Firebox II install as indicated on the site and here in the forums.  Of course, going from a 1Ghz P-III to a 200Mhz Pentium processor seems like a bit of a downgrade but I did manage to upgrade the Firebox to 256MB RAM.

In any case - once I set it up (again v 1.231 - running on the Firebox II internal flash) and loaded all my settings I put it in production and WHAMMO!  It folded like day old laundry.  The box was at 100% CPU within minutes of starting and stayed that way for about 6 hours.  Finally, the load increased even further on the network (users start in heavy around 8-12PM and by 9PM it was offline entirely.

Of course - in my "test" area it seemed fine (if a little sluggish) but in production it could not hang at all.  Our production environment supports about 400-600 users (usually less than 30 simultaneously) on the Dells without breaking a sweat.  I really wasn't expecting that much of a drop in performance.  I did run a TOP on the exec.php page and it showed that PHP was using the bulk of the CPU (we use Captive Portal and RADIUS which might account for some of that - not to mention me running exec.php).

Anyone have any thoughts as to why the performance was so awful?  I'm switching back to the Dell servers tomorrow but it would be good to know if maybe there was something I missed in my setup.  The box did function properly - but it seemed that it struggled even to operate the PHP interface - much less hordes of users intent on stressing the packet shaper to the max.  Is there other - more powerful hardware - that is recommended for M0n0wall?

Chip

It doesn't take much bandwidth to max out a 200 MHz box, throw in CP with RADIUS and it's even worse. A 1 GHz is probably 8-10 times faster at least, network throughput-wise. I'd stick with the PE 350.

One thing I've heard of with CP causing boxes to be dragged down to their knees is users with worms who aren't authenticated to CP. Hence every time the worm tries to get out to the Internet, it launches PHP for CP. Given the insane rate most of that type of stuff tends to spread, it gets out of hand very quickly.

Thanks Chris - I came to the same conclusion.  I did find that the Firebox would stand up to the load under normal circumstances.  However, if someone infected with a worm or a person was "bridging" data between two networks or other network mischief was happening, the Firebox would fail under the load.

I am going to continue to use the Firebox II boxes for remote applications like wireless gateways with 10-20 users but keep the Dell Server's driving the heavy loads.   They seem to hold up well no matter what is going on (1Ghz proc, 512MB RAM) - our current primary network is a University residential network with 400-600 users and a single m0n0wall server does this without breaking a sweat given adequate hardware.

Chip