AMD FX6300 build (ESXi 6) - results
-
This is a home network with ESXi 6, built on top of:
Gigabyte GA-78LMT-USB3 (1x gb NIC, Realtek, I know…)
AMD FX-6300 (6-core, 3.5Ghz)
various SSD and HDD's across multiple datastoresVM:
2-cores
2GB memory
20GB (on SSD datastore)
pfSense 2.4 (nightly build from 3/31)Network:
Fios 75/75mbit
16 port 10/100/1000 switch, VLAN
Asus rt ac1900pUsing OpenVPN, as expected it easily maxes out the 75/75mbit connection. It uses a single core, at about 25-27%. LAN and WAN VLANs are created and traffic tagged appropriately both in ESXi and the switch, allowing the single NIC to perform all routing between both segments. PfSense is presented with two vNICs on different VLANS in ESXi, so it doesn't even have to be aware of the VLANS. Since it's only doing routing between the LAN and a 75/75 connection, it's not even touching 20% throughput at it's peak.
Overall I really like the build. This has been more of a proof-of-concept in setting up policy-based routing to route only certain traffic through the VPN to see if it's an option. So far it's been mostly positive with minimal impact to home traffic, the exceptions being sites like banks that will outright refuse connections from known VPNs. Workaround is to either make specific rules for these sites, or make the Asus the default GW again to bypass VPN for that specific machine temporarily. There doesn't seem to be a better way around sites that block VPN's besides creating policy rules for each individual one.
The next step is moving this to dedicated hardware at the network edge rather than a shared VM box. Looking at a SG-2220 or a custom build.
Cheers!
-
use the fx6300 - not worth spending money on something else if that does the job - what you save in hydro will not compensate the difference
-
Not so much about power savings, but having a dedicated box at the edge instead of a shared VM box sitting on the LAN. If I go this route and keep using the VM box, I'll likely get a dedicated 2x or 4x Intel based NIC and do away with the VLANS. Physical separation on the network side.