Advantages to Plus

michmoor

Curious but will there be any features available to PLUS customers in the future that are features with some substance?
Just wondering where are all the new features on Plus. The updates are indeed faster than on CE so i suppose thats a feature. I appreciate that.
But in the future if im going to pay 129/yr, i dont think a ZFS Widget or AWS VPN Wizard for example are exactly reasons to pay. Whats the feature roadmap for Plus. Redmine doesnt have anything
Id imagine Plus will remain no cost until there is something worth paying for?

rcoleman-netgate

@michmoor ZFS Boot Environments being in the GUI is a big difference.

But there will be others. What? Not my department :)

michmoor

@rcoleman-netgate said in Advantages to Plus:

But there will be others. What? Not my department :)

You really going to keep me in suspence?!?! Man...........
LOL

rcoleman-netgate

@michmoor I just work in TAC. I literally only deal with the current release, and two back for support reasons... You want an enginerd for your answers :D

michmoor

@rcoleman-netgate I appreciate the response, no worries. If the Devs want to chime in it would great.

SteveITS

@michmoor There was a thread a year ago:
https://forum.netgate.com/topic/170085/is-there-a-versus-showing-what-are-differences-between-ce-and-plus/4

TL,DR:

OpenVPN import tool
QAT Crptyo
ZFS Widget
AWS VPN Wizard
IPsec Export: Apple Profile
IPsec Export: Windows Powershell
Cert based LDAP auth

And
boot environments (backwards, forwards, auto-recover).
IPsec-MB
Firewall Ethernet Filtering
DCO

If you search the docs for "Plus only" it finds the word "plus" a lot but can show feature notes.

Dobby_

@michmoor said in Advantages to Plus:

Id imagine Plus will remain no cost until there is something worth paying for?

The most users are looking for features, but I think
it is more a private usage and business usage "thing".

The better or more features will be coming by site or
on top, time after time.

RobbieTT

@michmoor
QAT of course but this week the boot environments saved my day in around 90 seconds. It does not get any better than that!

️

michmoor

@RobbieTT Im thinking in terms of the future. At some point in the future plus will be $129/yr.
Is QAT or boot environments really worth that? Doesnt seem like the proper value add. The reason they will charge is that they expect growth and an increase in revenue. Thats fine. But in order to get that increase you need buy-in from customers and at the end of the day I dont think there is any powerful enough marketing to say "Pay us and get QAT".
To @Dobby_ point, it comes down to the feature set. There is no doubt i think in anyone's mind that if there were subscription-based packages such as url filtering or remote management, as a great example, people will pay. In fact they can charge $499/yr and people will pay.
Im sure Netgate has the pulse of the community but at this time im trying to figure out the "Why use Plus" question.

Patch

@michmoor said in Advantages to Plus:

will there be any features available to PLUS customers in the future that are features with some substance?

Is there some reason you would like to accelerate this process?
Imo it will happen at a rate balancing Netgate's marketing, finance and possibly development testing imperatives.

As for your request they should inform you of their current schedule. Seriously you have to be joking. You are not even a paying customer, never mind a Netgate owner.

Dobby_

@michmoor said in Advantages to Plus:

Im sure Netgate has the pulse of the community but at this time im trying to figure out the "Why use Plus" question.

If you run your business and make money with their code,
you give them "something" from that money or you will
be not able to use it! This makes sense for me, because
if a project reaches a day where the "project holders" say
that they should be able to life from that or the entire
project will be dying or must die, then it is for us all, the
CE and Plus users the best option as I see it right.
Please fell free to correct me if I am wrong with that here.

And on top the CE version is still there, so there is nothing
to complain about.

will there be any features available to PLUS customers in the future that are features with some substance?

It is pretty new, the Plus version I mean, and when there
are much more differences, more features and also more
other "things" I am pretty sure they take that $129/year
because then it is "worse" and during that let us it call
growing phase it is not taken.

Again, I am not the Netgate owner or an employee, so
please accept it could be verry wrong or far away from
the real point it goes around, but for my self it is more
something like that;

You are an individual and use it private and don´t make
money with their code, it is free and you can´t hold or take
them responsible for any behaviour. And if you are doing business and making money with their code you should
pay for it.

If you count all in all together, it is not only that $129/year
as I think about, urlHaus and spamHaus fees, snort rule fees
and such things comes on top of all and perhaps the
freeradius was not for using it in business too!!!!

OpenSource is for me the option that the source code is
open to watch it over and not free of charge software
for everyone, and on Sunday if a problem occurs the
code writers must be still available for a free call and
help too! This is not like it should running if the rest
is doing business with that code and earning money
much as able to realize.

michmoor

@Patch who’s accelerating?
I purchased 15x 6100s…I’m not a paying customer? Are you ok? You need some therapy bud

RobbieTT

@michmoor said in Advantages to Plus:

@RobbieTT Im thinking in terms of the future. At some point in the future plus will be $129/yr.
Is QAT or boot environments really worth that? Doesnt seem like the proper value add. The reason they will charge is that they expect growth and an increase in revenue. Thats fine. But in order to get that increase you need buy-in from customers and at the end of the day I dont think there is any powerful enough marketing to say "Pay us and get QAT".

I think my point is that different users will have a different reason to select pfSense Plus, or indeed not to.

The good thing about this change is that Netgate remains committed to the free version (as they should be with a nod towards both development and probably OPNSense), providing Plus for free for individuals or lab use and providing it as part of a Netgate hardware purchase.

The price you suggest would equate to what a 6100 Max would cost over 7 years. It does not seem like a mad price to me, especially with the free or limited use options still available.

️

michmoor

@RobbieTT Oh for sure. My question was really geared toward the value add proposition for Plus. Considering CE and Plus differences are very minor im hoping in the future plus users get more exclusive features because of the proposed charge.

RobbieTT

@michmoor
It's hard to know the future but for me the end of the Netgate experience may be due to the BSD handicap with high-bandwidth PPPoE, rather than a 'must-have' feature.

PPPoE WANs are pretty common in Europe and relying on a single core under BSD is probably a dead-end for Netgate hardware, with or without the Plus.

️

michmoor

@RobbieTT yep good point. Don’t think they will be moving to a Linux based pfSense anytime soon. So where will you go next?

RobbieTT

@michmoor No idea as to the next path. I'm still pretty new to pfSense having leapt from EdgeRouters, but I did so knowing of the PPPoE limitation and that the 6100 would be the minimum required for my needs.

I think I may be able to squeeze 1.4 Gbps through the 6100, which will probably be ok for the next 2 years or so. Of course, I'd like to be able to run more demanding packages too but BSD vs PPPoE makes this impossible.

What made the 6100 even a contender for my use was QAT. The offloading provided by it keeps the router relevant, along with the good selection of interfaces. I also prefer to pay for firewall/routers rather than rolling my own - it makes the compliance process considerably easier.

Of course, there is always hope that with BSD pulls something out of the bag or that PPPoE is dropped from the likes of the UK Openreach network... no breath is being held for either though.

️

rcoleman-netgate

@RobbieTT said in Advantages to Plus:

I did so knowing of the PPPoE limitation and that the 6100 would be the minimum required for my needs.

We have many reports of PPPoE speeds on devices exceeding 800mbps on ~1Gbps service lines.

I have 960Mbps Lumen FTTH that is VLAN'd PPPoE and I get full service speed on a 7100. A coworker is getting 800Mbps on the same service with a 2100.

RobbieTT

@rcoleman-netgate said in Advantages to Plus:

We have many reports of PPPoE speeds on devices exceeding 800mbps on ~1Gbps service lines.

Oh for sure - I am one of them and have also posted positively on this forum.

I run a PPPoE 1 Gbps FTTP service via a 2.5 GbE ONT with FQ_CoDel on upload and download, pfBlockerNG plus some minor services, with a mixed IPv4/IPv6 environment (heavy on the IPv6 side) and LAN and VLANs in a RoS configuration on a single SFP+ (10GbE) interface. When running at the full 920+ Mbps the single core is ~80% loaded, so I currently have some CPU headroom.

Running the above on a synthetic local PPPoE load it seems to top-out at ~1.2 to 1.4 Gbps. My ISP is moving to a 2 Gbps+ service (an actual 1.8 Gbps) later this year; so from then I will be leaving bandwidth on the table.

Ideally I would also be running Suricata and ntopng as additional packages but I just don't have the CPU performance needed for PPPoE.

I should add the other performance metric of note - QAT offloaded IPsec is just epic. I am also trying to tune my PPPoE performance further:

I mean, who amongst us doesn't like to breakout the testing and see how far we can push Netgate & pfSense?

️

rcoleman-netgate

@RobbieTT said in Advantages to Plus:

I mean, who amongst us doesn't like to breakout the testing and see how far we can push Netgate & pfSense?

.... A number of months back I requested allocation of some extra hardware so I could reasonably test 10Gbps PPPoE in the lab.
As of yet... it has not been approved -- but I'm just a TAC support grunt and not in the engineering department nor do I do any testing outside of redmines and future releases.