0

I am building a proxy server for a client of mine. My platform of choice is Amazon EC2 with Arch Linux and Squid running. For the encryption part I have chosen OpenVPN for simplicity and large community size, but unfortunately I do not have substantial experience with it, or with any VPN server for that matter.

The server will be used, at least initially, by 10-15 users. It is expected that at times all 10-15 of them will be connected at the same time.

Now, I think that the generic "Intel Xeon Family" processor listed here, along with the 1.7Gb of RAM allocated to the "Small" instance, will be more than enough for the expected number of concurrent connections.

My real concern is network performance. The page linked above uses the words "low", "moderate" and "high" as a metric. Is "low", going to be enough? This really needs to stay a "Small" instance, because the client is pocket-tight. Does anyone know what ¨low¨really translates to?

What options do I have to benchmark the network performance of the instance, even after setting it up? What options are there for benchmarking the network performance of the OpenVPN daemon? I know for sure that the connected clients will not be streaming high B/W content (video and the like) but they will be streaming some real-time data, of the kind that needs to stay real-time.

dlyk1988
  • 1,644
  • 4
  • 24
  • 36
  • @EEAA I am not asking for capacity planning help. I am looking for input concerning how I could possibly benchmark and monitor the OpenVPN service specifically. – dlyk1988 Sep 29 '13 at 14:43

1 Answers1

2

As noted in the comment, there is no way we can help with this.

You need to test under real-world conditions. That means setting things up, getting a client connected, and having them do activities they will need to do on a regular basis.

EC2 instances are trivial to resize, requiring only a small amount of downtime (which you should be taking periodically anyway to do patches). Anyway, just start with a 64 bit t1.micro and then upgrade from there if needed.

VPN is a fairly lightweight application - most crypto functions are performed in hardware these days, and network bottleneck is nearly always on the client side.

If CPU usage becomes an issue, just go with a $20 Linode plan. You'll get a lot more bang for your buck with regards to CPU there.

EEAA
  • 108,414
  • 18
  • 172
  • 242