sully213 Posted January 5, 2011 Share Posted January 5, 2011 Wasn't entirely sure if I should put this in Gaming or IT, but I think this is more of an IT related question, even though it's for a LAN Party setup. So I help run a LAN Party group in Central PA called FITES. We're holding our annual large-scale LAN Party February 25-27 with 200 of our closest friends ;) Anywhoo, I run the DNS/DHCP/Internet functions of the LAN and though I've never really had any problems at our past LAN's, I've always wanted to be able to stress test my DNS and DHCP servers to see just how much load they can handle; also to compare performance running on a physical machine vs. in VMWare Server. Google has not really been my friend in this search to find a good DNS and/or DHCP stress-testing/benchmark program (in fact, finding none at all, let alone a good one), and so I turn to the community here at Hak5 to draw on your collective wisdom. What I'd like to see is a tool that can run on another system(s) on the same subnet and flood the server with DHCP requests and DNS lookups as fast as it can and then report the results when the test is complete for things like average response time, reliability in receiving response, peak and average number of requests/sec., etc. Much to my surprise, I've been unable to find anything at all. I've found plenty of tools to monitor existing or real-time traffic, but nothing to stress these systems under load. I also want to re-iterate, I am not looking for anything to stress CPU/RAM/disk, etc. like PerfMon is already capable of doing; I'd like this utility to focus on the DHCP and DNS systems running on those systems. Thanks in advance and Happy New Year! Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted January 5, 2011 Share Posted January 5, 2011 P133 with 16mb ram should do it ;). A WRT54g class device with ?-wrt should be able to handle the load. DNS/DHCP for 200 users will be negligible load on a system. As far as a tool to actually verify exactly how many DNS/DHCP requests your system can handle, can't help you there off the top of my head. Quote Link to comment Share on other sites More sharing options...
sully213 Posted January 6, 2011 Author Share Posted January 6, 2011 Well, I've certainly got the hardware specs covered by your estimation LOL... We actually used to use a WRT54g Linksys device back when these LAN's were much smaller, but we had several issues with this once we hit around 50 people or so. Like I said, I've never had an issue with the performance of my current setup, I'm just the curious type of person who would want to know how much performance I can expect from these systems. For example, I've already used DNSBench from GRC.com to optimize my DNS forwarder lookup times, but I'm more after how many requests in total (local cache + forwarded requests) I can do. Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted January 6, 2011 Share Posted January 6, 2011 Well, I've certainly got the hardware specs covered by your estimation LOL... We actually used to use a WRT54g Linksys device back when these LAN's were much smaller, but we had several issues with this once we hit around 50 people or so. Like I said, I've never had an issue with the performance of my current setup, I'm just the curious type of person who would want to know how much performance I can expect from these systems. For example, I've already used DNSBench from GRC.com to optimize my DNS forwarder lookup times, but I'm more after how many requests in total (local cache + forwarded requests) I can do. How many DNS lookups (new lookups that would not be locally cached) are really used in a LAN party? People should be busier playing their games than browsing the internet :). Quote Link to comment Share on other sites More sharing options...
sully213 Posted January 6, 2011 Author Share Posted January 6, 2011 You'd think so. But as you can see.... That's from a Friday afternoon until Sunday morning on a 50/10 connection. This year, we'll have a 105/10 connection from Comcast. I didn't keep any stats on unique lookups or simultaneous connections, but I do remember that the state table in pfSense was around 12-15,000 one of the times I checked it, so there are plenty of people using the Internet while at a LAN Party (I know, the horror!). There were several people who purchased games on Steam and installed them while at the LAN, just chose not to install or patch their games until they got to the LAN, or the worst offenders of all were playing WoW. So they were either installing Steam games or downloading patches from the Internet for the games they did have installed, hence the 634GB of total Internet transfer in one weekend. Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted January 6, 2011 Share Posted January 6, 2011 I was not questioning the amount of traffic, just the amount of DHCP/DNS traffic. I suspect DHCP/DNS are a very small portion of any of that traffic. Remember you did not inquire about 50mbps of internet usage? Quote Link to comment Share on other sites More sharing options...
sully213 Posted January 6, 2011 Author Share Posted January 6, 2011 (edited) My purpose of mentioning the Internet speeds was that I've witnessed that (psychologically speaking), if we provide the Internet speeds that we do, people tend to "play" more with it and will spend more time than you think browsing the web, of all sorts. That's not the information I'm after, of course, to steer this back to the original purpose. I'm looking to understand/explore what my setup is capable of handling in volume. At this point I can't be certain that if what I have is complete overkill, a smart setup, or woefully inadequate. I'm pretty sure it's not the latter, but I'd like to think I'm good without going way overboard. If I am way overboard, I can re-purpose the PC's I have running my DNS+DHCP services to use as some game servers instead, and put the DNS+DHCP services on some more appropriate hardware. Edited January 6, 2011 by sully213 Quote Link to comment Share on other sites More sharing options...
CrYpTiC Posted January 22, 2011 Share Posted January 22, 2011 Sully213 PFSense will take that load without a care in the world. With the pipe your saying move the state tables up some or you'll start dropping the clients. Of course if the bandwidth is there it will get used. My only concern is the upstream should be higher if you want a little kick in the pants. If Comcast offers a 70/30 line "fiber" that would be awesome :) Move your states up to 200000 if your around 4GB ram and a Quad core and that will be way overkill. As will all DNS related request have 1 Physical Box and a VM box. NEVER EVER EVER run DNS just in a virtual environment as if it crashes it's a nightmare to recover sometimes unless you have host files on each virtual server host "MANDATORY!!!" If your concerned about DNS look back in late season 7 or early 8 for DNS hacking and brute forcing. Can't recall episode but it will give you an idea. to be honest I wouldn't worry to much if your freaking out slip the load between 2 PFSense boxes in a WAN balancing config and your fine. Solorwinds might make a DNS stress test. I know they do auditing and it work's pretty good :) Quote Link to comment Share on other sites More sharing options...
sully213 Posted January 22, 2011 Author Share Posted January 22, 2011 pfSense is not running our DNS/DHCP....I've got that setup in two VM's (on two physical hosts) running Windows Server 2008 R2 (yay for 180-day trial versions :). I run them both virtually because I can easily back them up to an external hard drive when the LAN is over and keep them handy for next year without having to rebuild from scratch. I'm not worried, just curious what I'm capable of and to target the system at appropriate hardware for its intended use. pfSense state table is set to 100000 on a P4 3.4Ghz (single-core w/ HT) w/ 1.5GB RAM. NIC in use is an Intel PCI-E Dual Port GigE. But again, I'm not worried about internet; the system pfSense is on this year is way more powerful than what I've used in the past and that always performed without issue and I'm after DNS/DHCP performance. I saw the stuff SolarWinds makes, but IIRC it was only the auditing tools you mention. I didn't see anything with stress testing. Quote Link to comment Share on other sites More sharing options...
mux Posted January 24, 2011 Share Posted January 24, 2011 Well, one way to stress test a DHCP server might be to use multiple DHCP exhaustion attacks while monitoring client stations and various networking tools. It's not the cleanest DHCP stress test, but I would imagine it would do the job. Robin has a pretty good writeup on his blog about it: http://www.digininja.org/metasploit/dns_dhcp.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.