User Tools

Site Tools


How to tweak the performance

There are a few things that can be adjust:

  • Portal redirect
  • Webserver
  • Database
  • PHP
  • Connections
  • Content filter
  • DNS

You need to click on System → performance and then on the right tab to adjust an item.

Portal redirect

  • Roaming: Enable or disable a check that a client is roaming from one subscriber network to another.
  • MAC based auth: The system will check MAC based subscribers and log them in accordingly.
  • MAC based auth: The system will check previous sessions for the connected MAC address, if a valid account is found the client will be logged in.
  • AAA: Go over every subscriber network, location and VLAN to find the current AAA state.
  • Pre-portal: Show a redirection page before the actual portal to exclude fake browser from hitting the real portal page. This will decrease the load of the webserver making room for real browsers.


Here you can tweak the web server settings, this is also important when the system is put under load with many portal redirects. If the system becomes too slow it may be needed to set the max server processes to a lower value, this means the web server will accept fewer connections. But setting it too low may cause the web server to respond slowly because all connections are used up but the server could not be under load at all. Important to check the CPU load before changing this setting (system ⇒ task manager). The keep alive setting also has a big impact on the system and also on the max server process setting. Keep alive means that a connection is kept open to transfer multiple files quicker rather than opening a new connection for each file. When there is no load, keep alive can speed up portal display. Just make sure that you also increase the max server processes because much more connections will be open all the time. When the system is under a lot of load by many pending users, it is recommended to disable the keep alive because almost 90% of the redirects are background services, they will use up all the available connections because they are kept open for as long as the keep alive timeout.

  • Max server processes: Sets the limit of simultaneous requests that will be served, Setting the value too high can decrease the performance of the device.
  • Start processes: Amount of processes created on start. Cannot be higher than Max servers.
  • Min spare: Minimum amount of spare processes, spare processes are already created but consume resources. Cannot be higher than Max servers.
  • Max spare: Maximum amount of spare processes, spare processes are already created but consume resources. Cannot be higher than Max servers.
  • Timeout: Amount of second the server will wait for certain events before failing a request.
  • Keep alive timeout: The number of seconds the connection will stay open. The higher the timeout, the more server processes will be kept occupied.
  • Keep alive: Allows multiple request to be sent over the same TCP connection.


You can tweak the memory consumption and the amount of connections that can be setup to the database. Giving the database more resources can be interesting when the user database is very big. It is possible to verify memory usage of the system via the health widget in the home screen. Based on this information it is possible to give the database more memory. Do this only when the system becomes slow.

  • Max connections: Maximum number of client connections allowed
  • Memory: Memory (in MB) that is dedicated to the database


  • Max post size: Maximum size (in MB) of POST data that PHP will accept.
  • Maw upload size: Maximum allowed size (in MB) for uploaded files.


Here you can tweak settings related to TCP/IP handling. Only change these values when you know what they mean or when instructed by support. When using multiple public ip's is it needed to increase the nf_conntrack_max value to 64000 * the amount of public ip's. At least when these public ip's are used for natting. You can always check the nf_conntrack documentation for more info.

  • nf_conntrack_generic_timeout
  • nf_conntrack_tcp_timeout_syn_sent
  • nf_conntrack_tcp_timeout_syn_recv
  • nf_conntrack_tcp_timeout_established
  • nf_conntrack_tcp_timeout_fin_wait
  • nf_conntrack_tcp_timeout_close_wait
  • nf_conntrack_tcp_timeout_last_ack
  • nf_conntrack_tcp_timeout_time_wait
  • nf_conntrack_tcp_timeout_close
  • nf_conntrack_tcp_timeout_max_retrans
  • nf_conntrack_tcp_timeout_unacknowledged
  • nf_conntrack_udp_timeout
  • nf_conntrack_udp_timeout_stream
  • nf_conntrack_icmp_timeout
  • nf_conntrack_events_retry_timeout
  • nf_conntrack_max
  • Read / Write mem default
  • Read / Write mem max

Content filter

You can adjust the content filter (if licensed). It's best to increase the amount of maxchildren to the amount of licensed subscribers. Maintain roughly the same ratio between the values as they had with their default values.

  • Maxchildren: Maximum number of processes
  • Minchildren: Minimum number of processes
  • Minsparechildren: Minimum number of processes to be kept ready
  • Preforkchildren: Minimum number of processes to spawn when it runs out
  • Maxsparechildren: Maximum number of processes to have doing nothing
  • maxagechildren: Maximum age of a child process (number of connections before exiting)


The DNS resolver only has two settings to tweak. The first setting Max cache entries is the number of cached DNS queries. Set to zero to disable caching and has a maximum value of 10000. The second parameter is Max simultaneous requests which limits the amount of generated DNS queries towards upstream servers to maximum this value simultaneously.

howto/tweak-the-performance.txt · Last modified: 2021/06/03 14:40 (external edit)