Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » What is the Maximum Bandwidth of Hyper-V Edition?
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hello,

I have been using KControl for a while on my dedicated hosting environment with Hyper-V for testing purposes.

My dedicated server's guaranteed maximum bandwidth is 600 Mbps. I have 4 VPS on this server and 2 of them works behind the KControl and the other 2 are working without KControl.

The problem is the bandwidth of VPS's behind the KControl are limited to 100 Mbps. But other VPS's bandwidth are 400 Mbps or 500 Mbps.

KControl Hyper-V edition has a 100 Mbps bandwith limitation or am I missing something?

Thanks,
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
  •  
UnifiedTechs-Brian

Messages: 168
Karma: 15
Send a private message to this user
Does your VM have virtual Gigabit NICs? When we tested in Hyper-V we could only get the Generic NICs option to work and I think they are 100Mbps only.

[Updated on: Fri, 08 November 2013 14:39]


- Brian
Kerio Preferred Partner, Reseller & Hosting Provider
Unified Technology Solutions
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
I guess you mean that "Legacy Network Adapter" on Hyper-V.
All network adapters are Virtual Gigabit NIC not "Legacy".

Thanks.
  •  
UnifiedTechs-Brian

Messages: 168
Karma: 15
Send a private message to this user
Yes sorry, its been a number of years since we tested Hyper-V so my memory is not exact and I'm sure things have changed.

- Brian
Kerio Preferred Partner, Reseller & Hosting Provider
Unified Technology Solutions
  •  
Lewald

Messages: 23
Karma: -3
Send a private message to this user
Ok,

some question about your hyper-v Server.

Do you use dedicated Nics for the Vms? This is a must to become Performance.
How much CPU time the Kerio Vm use when you make the Test? We see at our hyper-v that Kerio use 25 % CPU time on usage of 100 Mbit. But the Vm has 4 CPU Cores. We give the Kerio VM also 2 GB Ram. At the Moment more is not usefull because Kerio can use only max. 3 GB and we never see that Kerio use more than 2 GB in Real.

Inside the Kerio Hyper-V Settings turn off all Hardware Accel.for Networkcards. Kerio didn´t use latest Linux Integration Services.

I can Test only this 100 MBit, because we didn´t have faster Access to Internet Sad

[Updated on: Sat, 09 November 2013 11:35]

  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hello Lewald,

- "Yes" for the NIC,
- 2 CPU's and 2 GB of Ram for Control on Hyper-V,
- And the traffic load is not intense. Actually 100Mbps is very much enough for me but My DC increased the guaranteed bandwidth and I would like to see that Control can handle it or not.

I also have tested with Windows Edition Control version 7.4.2.5136 and when Control enabled bandwidth is 100Mbps but when disabled it's almost 500Mbps.

I was actually thought that Kerio Moderators can simply answer that question. At least, I assumed that Kerio already knows (or tested) those kind of capabilities of their own product.

Thank you.
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hello,

I have an update on this topic.

100 Mbps bandwidth limitation is related with IPS filter. If IPS is enabled Kerio Control can handle max. 100 Mbps but when disabled Kerio Control can handle the max. speed of ethernet interface.

IPS Enabled Speedtest result:
http://www.speedtest.net/result/3187141259.png

IPS disabled Speedtest result:
http://www.speedtest.net/result/3187144578.png
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
With a little search on the net, I realized that problem is with SNORT module because of not Multi-CPU compatible. SNORT is single-threaded and it's having known performance issues on high speed connections.

Chapter: Single-Threading vs Multiple-CPUs
http://mikelococo.com/2011/08/snort-capacity-planning/

Chapter 13. Strategies for High-Bandwidth Implementations of Snort
http://books.gigatux.nl/mirror/snortids/0596006616/snortids- CHP-13.html

Suricata is promising alternative for SNORT and there is a lot of positive reviews on the net. Especially with the Multi-CPU feature and more effective protection for today's attacks Suricata is good alternative for SNORT.

https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond /

I don't know the future development policy of Kerio about SNORT but while the connection speeds are increasing and can accessible with low prices for SMB's, Kerio should consider about migrate SNORT to Suricata (or other Multi-CPU alternative).

Regards,

[Updated on: Fri, 27 December 2013 11:12]

  •  
mwalky

Messages: 13
Karma: 0
Send a private message to this user
KursadOlmez wrote on Wed, 25 December 2013 21:37

I don't know the future development policy of Kerio about SNORT but while the connection speeds are increasing and can accessible with low prices for SMB's, Kerio should consider about migrate SNORT to Suricata (or other Multi-CPU alternative).

Hopefully move to Suricata will happen one time as Kerio team is participating in the project already.
Better give us a choice between Snort/Suricata Smile

[Updated on: Fri, 05 December 2014 10:28]

Previous Topic: bandwidth management and qs
Next Topic: How to disable the tcp syn timestamp under NAT circumstance?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Apr 24 03:38:24 CEST 2017

Total time taken to generate the page: 0.04331 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.