Tomas tested the manager throughput (CPU usage) on three platforms and four devices. The pfSense and AsusWRT platforms were tested. The four device/platform combinations were as follows:
- AMD G-T40E @ 1 GHz running pfSense using PF
- Broadcom BCM4718A1 @ 480 MHz running AsusWRT
- Broadcom BCM4709A0 @ 1 GHz running AsusWRT
- AMD G-T40E @ 1 GHz running pfSense using IPFW
Tested was the maximum amount of requests per minute just before the CPU usage reached 100% while also maintaining a reasonable volume of erroneous responses. A request consisted of a DNS query followed by an HTTP GET over SSL. Under DTTS, the DNS query was responsible for opening a hole in the firewall while the HTTP request simulated a hit of that rule.
The results were:
- 4 req/s
- 20 req/s
- 55 req/s
- 200 req/s
Theoretically, the higher the number of clients behind a router the more meaningful these numbers become in estimating what kind of a hardware needs to power such router. The open file descriptors issue can only be mitigated by load balancing and it is entirely possible that this will be a bigger problem than CPU usage due to DTTS.