@tman222 said in Actual status Mellanox ConnectX-3 support: Chelsio Hello, I know that people are very positive about Chelsio cards, but I think it are all cards of an older generation. At least here in Europe I have never seen that shops where offering new Chelsio cards. However it is true that you can buy them for cheap on ebay (from the USA). However, I think I am better off with a modern card. As far as I know now: significant smaller (I am using small mini-ITX-systems, for my FreeNAS ans pFSense); far less heat; (important for multiple reasons: safes energy and is easier to keep cool & quiet !!) pcie3 (at the very least pcie2) more processor off-load (10gbit, smb, iSCSI) Using modern Pentium models, not so powerfull right now. actual and future support Thinking that way, and as far as I am aware now, realistically seen, there are only two suppliers: Intel (sfp+ x520, x710 or utp x550) and Mellanox (sfp+ connect3). More choices would be great Intel is OK of course, but is not cheap and they are hardly sold second hand. All recent models are in fact not cheap. And “from the outside” connectX3 seems to have the best price performance, but is it true ….. ? Do they have the same performance? Do they work "out of the box" And if they are installed, are they working without problems Louis

Alright, more digging has been done. Setting the mtu to 9000 gets me 9.90 Gbits/sec. Of course jumbo frames should make a different but sincerely not that much expected. So, I went on with my investigation and created two vms on same server, installed pfsense with the configs from the troublesome ones. Using virtio for net, initially I was getting pretty much the same however enabling tso and lro on vtnet0 which was the "carp" interface pushed to 28 GB/s WITHOUT jumbo frames (because they are on the same machine, local software bridge) However, this introduced new issues such as iperf3: error - unable to write to stream socket: Permission denied, which I am sure is some default limitations that need tweaking.

Hmm, well in that scenario you are moving everything twice across your WAN so it will be limited by the slowest speed but you said it's nominally 1Gbps up and down? Also it's only encrypting in one of those directions..... File copy may not be a good test depending on how it's done. SMB is notoriously bad over any sort of latency for example. An iperf test would be much better. Still seems really very low though. Check the output of top -aSH when testing. Do you see one core at 100%? Steve

Thank you, 200mbit ++ shall be more then enoufh for me.

Wow. Fun.

Ok, thank you for your fast answer. Mike

Glad you got it sorted.

Yup. No 802.11ax support in FreeBSD and hence pfSense. And, yes, also only experimental level ac support and not in pfSense yet anyway. Steve

You could use this: https://www.ebay.com/itm/MSNSwitch-Internet-Enabled-IP-Remote-Power-Switch-with-Reboot/392301437447?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2060353.m1438.l2649

Could be model dependant but according to HP it's mSata https://support.hp.com/gb-en/document/c04017240

@kiokoman said in IBM Intel Pro 1000 PT Quad Port Server Adapter PCI-E-39Y6138: i found this more recent.. https://www.reddit.com/r/PFSENSE/comments/813qo3/recommend_50_nics_for_building_a_pfsense_router/ i see people that had trouble with that card if used with new motherboard, it seems that it's too old for / incompatible with new gen pci-e Alright, thanks for the link and the information given. I hope the forum has a sticky so to show all the compatible NIC available from Intel/IBM/HP/DELL. So that builders like me, can refer it as a quick reference. Lesson learned here, not all Intel NICs are supported, you need to do your thorough research before it is too late to return it back to the supplier. Especially most supplier does not allow to accept any return, if it is not faulty. Thank you.

Generally speaking most things should work. If something works with FreeBSD 11.1 it will almost certainly work with 11.2 or 11.3 (or 12). The sort of regression that would prevent that is very unusual. Brand new hardware may require FreeBSD 12 for example or even not be supported at all so it's better to use stuff that has been around for a while in most cases. I don't have any specific recommendations though. Steve

I think you shouldn't be concerned whatever you go for... I suggest to buy a server grade machine because they are cheap... Also your WAN speeds combined seems not a big deal so I think any dual CPU server will do the work... For example I have Cisco UCS C210 M2 with 2x X5650 6 core CPU, 24 GB DDR3 RAM, 2x Broadcom dual SFP+ 10G NIC... This machine have configured 4 WAN : 2x 10 Gbit/s plus (2x 1 Gbit/s trough onboard ports) from 4 separate ISP, 2x LAN ports 10 Gbit/s, OpenVPN and some other things... I share internet to some of my neighbors as well... Never had any problems and never seen load exceed 10% even with lots of traffic... As I remember before few months ago there was a new game released and we are eager to play, so 4-5 of my friends including me started to download at the same time and we accumulated near 800 MB/s without a problem :)

@Grimson Thanks, will share there also!

Nice. Easy fix! Steve

Thank you for all your replies and help. I ended up going with the SG-3100, which includes a built-in switch. I believe it's going to be fast enough based on my research. At the very least, it'll be more secure (if I can get Suricata working).

@stephenw10 Thanks for the response. I am sure that the life cycle for the my APU is pretty much done. She has served me well, but considering that I will probably be looking to use squid and suricata, it might be time for me to bite the bullet and upgrade accordingly.

Its really knowledgeable discussion thanks for the advice.