This post has some recent Alix 2D13 private testing: https://forum.pfsense.org/index.php/topic,70911.msg387295.html#msg387295
The Netgate store has some performance specs that are known to be good: http://store.netgate.com/Netgate-m1n1wall-2D3-2D13-Black-P216C83.aspx
If you just need internet speed in those ranges, then you are fine. The GB ethernet port from your ISP is going to plug into the Alix 100Mbps WAN port - so obviously it will be impossible to achieve over 100Mbps! And the Alix CPU just doing basic NAT and is going to max out at 80-something Mbps anyway.

As nichabod_crane says, you will be able to use Squid+SquidGuard, but obviously with no disk cache, and the max throughput for web browsing will obviously be much lower than 80-something Mbps.

There are multiple threads on the forums about SSD vs. HD… search is your friend.

That said, I think the summary...

1.) If you are doing an install with anything that does extensive writes (Dans, squid, snort) then you want either an SSD or HD - don't try to do it on a memory card or stick (they will quickly die).
2.) SSD's should theoretically be more reliable as long as you get a quality SSD with a modern (non Jmicron) controller. I've gotten cheap SSD's and had them die... just don't do it!
3.) An SSD will draw slightly less power, not make any noise, and run cooler.
4.) You definitely want (and a quality modern SSD will have) TRIM support. There are manual steps to turn on TRIM support in 2.1 (again - search is your friend).

I'll let someone else comment on whether they think there's a performance advantage to an SSD - I've never been able detect any performance benefit of an SSD (other than boot time) for Dans/Squid in my home environment.

I run pfsense in esxi 5.1 on an Atom 330. I am looking at a pair of boards running 1037Us to run faster vm cluster with :)

I run subsonic, pfsense, pfsensedev, pfsensedevweb and a mumble server on there all low usage. The 1037U completely smokes the N 330 and not only that it has vt-x support as well.

@goformickey

What I usally do when i want to use any  wireless routers and so on as JUST a wifi access point is to give the wifi router an statick IP on the lan and then just turn of the DHCP on it, and then just link up the lan port on it to the switch of the lan.

And hey presto you have a WIFI accesspoint without any more fuzz.. just connect to the IP u set on it and config the wifi settings and that is it.

@foonus:

Just last night went to bare metal to see if I was missing anything in performance but except for CPU temp and HDD smart diagnostics there is no difference.

I ran into this issue – I haven't found any useful docs on writing my own CIM provider. Not that I think I should need one for a bog-standard SuperIO chip from 2006.

What are you pinging from where in that log? You say:
@n0hc:

if I try to ping the x500 I get no response.

So if that is the X500 you're pinging it gets slow (very slow) but does respond. How much packet loss are you seeing?
This is the sort of thing that can happen when your WAN goes down and pfSense tries to reconnect. What;s in the system logs for the same time period?

Steve

@stephenw10:

That Atom doesn't do hyper-threading right? So you see 2 logical cores?
Depending on how you are measuring the CPU usage you might be closer to the limit than you think. The PF process is (currently) limited to a single thread so it can only use one core. If that core is at 80% usage then the total CPU usage, shown on the dashboard, might only show 45%. Check with 'top -SH' at the console to see how the cores are being loaded.
Have a read through this thread: https://forum.pfsense.org/index.php/topic,67411.0.html
User maverick_slo eventually managed to get 640Mbps from his D2500CC after some tuning. I can't remeber if that was between the two on board NICs or not. (probably was though since additional NICs would have to be PCI)

Steve

Steve,

Thanks for the thoughtful reply.

It has two cores, pfSense sees it as two cores (not hyperthreaded). It appears from the "top -SH" command that the CPU is being utilized by the interrupts, and all are showing up on CPU 0. During these test runs, I ignored the WebUI and only looked at "top", and it looks like you are correct, maybe 85% (of 200%) are eaten up by the "intr" command and all are running in CPU0. If I extrapolate that, and if it can't be distributed across cores (maybe it makes no sense to do so), then I am truly near topped out.

I'll check out that other thread. Thanks a bunch.

https://forum.pfsense.org/index.php/topic,69486.msg379897.html

My solution:
Reboot the pfsense box too:
https://forum.pfsense.org/index.php/topic,71335.0.html

@SunCatalyst:

you got beyond extremely lucky…  Bios's almost never work in systems they werent designed for....

with removable Bios chips (rarity these days) , Hot swapping PLCC chips isnt the best idea..
i prefer to order a blank and program it and change it out with the system turned off and unplugged.

We have messed around with BIOS swapping between 10-15 years ago and actually had pretty good success. There is always the issues of certain items not working but if your just trying to get a board to boot…  Besides-  One more box...

Since this is about the ES200 they most likely are all built with the same or very similar motherboard.  It was an experiment and if I had to choose- experimenting with a box bound for the trash heap turned out good. Hopefully this will help open up some more equipment for those who have them.

Obviously I should have added a disclosure on the first post.

If your going to try this- Your On Your Own if you break it!    YMMV!

Thank you very much for your answers.

I will try other hardware as I cannot plan to install ESXi for my case.
If I have a chance to try this installation, I will let you know.

Did you get the Telit module to work? We just ordered two of those, and the company selling them was very enthousiastic about the card itself and the support they could give.

I know it's an old thread, but just wondering if you got the Syba ExpressCard working?

On a related note… I'm trying to find a gigabit ExpressCard to use under pfSense 2.1. The only one that I've found posts confirming it works is the Startech EC1000s... but I was hoping for a cheaper alternative.

Does anyone have a less expensive ($10-$20 range) gigabit ExpressCard working on 2.1?

Not quite sure what you have in mind here. You mean a page script that can set the status of an LED device depending on the status of various things? With webgui front end?

The low level hardware side of this should really be done by configuring the leds as proper /dev/led devices. JimP once challenged me to do that for the firebox LEDs but I have so far failed that challenge.  :(

Steve

Laptops can make for a great firewall appliance.

Preferred Hardware Inside
Intel Ethernet Chip-Set
Low voltage Intel CPU and Chip-Set

I chose the 12" HP 2530p Laptop …. Very Compact, Powerful yet Stylish.
Laptop only draws 17 watts powered on .... and for the Passmarks it provides, you cant beat it .....

As for needing dual interfaces I don't see the need for it. 30 Users and a 50Mbps connection is nothing more than a stroll in the park with a single interface setup.

Ebay like new for $220 or so and down from there. If you search ebay long enough, I'm sure you can find a laptop of some sorts in the $80 dollar range that Pfsense can run on.

hp-elitebook.jpg
hp-elitebook.jpg_thumb

firewall is updated. after boot MBUF status is 32% (165510/512000)  in server with 4 ixgbe NICs and 2 igb NICs. looks little bit high for system after boot. there is no traffic thru this FW and in 20 min MBUF count raised to 166406. so looks like the problem of MBUFs is not fixed

Hi Steve,

yes I changed the RAM , and I also tried to boot from another CF Card, I tried m0n0wall Image, and get the same result.
I think it makes no sense to investigate more here, I buy a new one, but thank you for help as always

best regards
Michael

I'm sure people have done plenty of work on this subject, there's probably more reading material than you could get through in a rational time!
It's interesting to look at other hardware. Many 'hardware' firewalls use a dedicated ASIC/FPGA to speed up routing duties also many newer system on chip style devices have dedicated hardware for doing so. In pfSense we are using all software and since it's built on FreeBSD there is little hope of seeing support for obscure hardware acceleration devices. Also the FreeBSD Marvell driver used here does not seem to perform as well as the equivalent Linux driver used by Watchguard. Even so if you look at those figures you'll see that on the X550e the CPU is not the limiting factor. It's just not possible to read and write the data across the PCI bus fast enough. I did spend some time trying to decide what the maximum theoretical throughput would be between two devices sharing the same PCI bus but failed to reach any useful conclusion. The maximum bus speed is (33MHz x 32bit) 1056 Million bps, ~1Gbps. The data path depends on reading the data, processing it, and writing it out again which can not be done simultaneously. Thus I expect the maximum speed, given an infinitely fast CPU, to be ~512Mbps. That seems to line up with the results above but I've seen other figures stating more than that. Perhaps the bus speed is >33MHz or wider than 32bit? I'm unsure how to find out.

Slightly off topic but all the calculations you ever see on this state 133MB/s calculated by 4bytes (32bit) x 33MHz. However that seems to completely ignore the fact that Mega is 33MHz is 1x10^6 where as the Mega in 133MBps is 2^20.  ???

If you come up with some definitive numbers on this I'd love to know.  ;)

Steve