So some provider offered us the following specs:
Dual E5-2680v4 (56 Cores)
256GB of RAM
1x 1TB SSD
10GB uplink fully dedicated
So we are looking to divide it to 56 servers each with dedicated IPv4 or we can even try on 80 since we will be assigned a /24. So we are not yet sure, about the VM counts division but we'll be looking to give minimum a 2GB each RAM and 1 core each. The question is can each VM support 500 clients? What do you think? As we are a little problematic on the CPU they'll provide if it can support 500 clients per each VM on a 56-80 servers. Thanks
Can This Server Support Multiple Servers?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
hyena56
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Jun 05, 2023 5:14 am
-
Fadim
- OpenVPN User
- Posts: 40
- Joined: Mon May 15, 2023 12:14 pm
Re: Can This Server Support Multiple Servers?
Given your server specs, it's certainly possible to support multiple servers with the load you're proposing. A couple of things to consider:
1. The bandwidth your data transfers will use needs encryption/decryption at the VPN server side, consuming CPU resources. However, any decent PC hardware available today should easily saturate a Gigabit link with Blowfish or AES-128, so CPU bottlenecks due to bandwidth intensity should not be a major concern.
2. OpenVPN client connections consume both memory and CPU resources on the server even when no data is transferred.
With your proposed load of 500 clients per VM, you'd be looking at a significant number of key exchanges per second. While this is a CPU-intensive task, it's worth noting that you could offload it to dedicated hardware if needed, like cryptographic accelerator cards which can easily handle this number of TLS handshakes.
3. Lastly, remember that OpenVPN can be easily scaled out. You can set up an arbitrary number of OpenVPN servers and ensure your clients are using them (through DNS round-robin, for example), and configure a dynamic routing protocol of your choice. This way, your infrastructure would be capable of supporting an arbitrary number of clients as long as you've got enough hardware.
Here's a useful link to a ServerFault thread that goes into more detail about these points: https://serverfault.com/questions/43984 ... e-possible.
1. The bandwidth your data transfers will use needs encryption/decryption at the VPN server side, consuming CPU resources. However, any decent PC hardware available today should easily saturate a Gigabit link with Blowfish or AES-128, so CPU bottlenecks due to bandwidth intensity should not be a major concern.
2. OpenVPN client connections consume both memory and CPU resources on the server even when no data is transferred.
With your proposed load of 500 clients per VM, you'd be looking at a significant number of key exchanges per second. While this is a CPU-intensive task, it's worth noting that you could offload it to dedicated hardware if needed, like cryptographic accelerator cards which can easily handle this number of TLS handshakes.
3. Lastly, remember that OpenVPN can be easily scaled out. You can set up an arbitrary number of OpenVPN servers and ensure your clients are using them (through DNS round-robin, for example), and configure a dynamic routing protocol of your choice. This way, your infrastructure would be capable of supporting an arbitrary number of clients as long as you've got enough hardware.
Here's a useful link to a ServerFault thread that goes into more detail about these points: https://serverfault.com/questions/43984 ... e-possible.