Need advice on hardware that will support 1GB fiber full duplex
-
@keyser Agreed. However, I'm not using a USB NIC. Here's my current config:
Dell 6420 laptop with i7, 128GB SSD and 8GB RAM
PfSense Version 23.09-RELEASE-p1 (amd64)
CPU Type Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Current: 800 MHz, Max: 2701 MHz
4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (active)Sonnet Technologies Presto Gigabit Ethernet Pro ExpressCard/34 which has a Broadcom chip (BCM57762) which covers down on WAN connection. I use the Internal Intel NIC on my LAN connection.
All that said, I'm no expert on Express Cards and how the MOBO handles the throughput. It might work fine, but it might not be able to handle 1GB pipes No idea.
-
@FrankZappa Theoretically the expresscard has the needed bandwidth (2.5Gbit), but that may not be the complete story.
back in those days (your system is a 12 year old Sandy Bridge setup) there were a LOT of systems where the I/O buses in no way was actually designed or implemented in systems so it could use its full potentential.But my intial guess is you should be fine to handle 1Gbe Full duplex on that setup
-
@keyser Thanks Kyser. I was thinking the same thing. However, I am unable to get 1GB down on my current setup. Not sure why.
-
@FrankZappa Perhaps try a quick synthetic test? Place a 1Gbe machine on the WAN link, and do a iPerf test through your pfSense to a client on the inside?
-
@FrankZappa So when Netgate lists numbers like this for the 4100:
L3 Forwarding
IPERF3 Traffic: 8.15 Gbps
IMIX Traffic: 3.24 GbpsFirewall (10k ACLs)
IPERF3 Traffic: 4.09 Gbps
IMIX Traffic: 1.40 GbpsIPsec VPN (AES-GCM-128 w/QAT)
IPERF3 Traffic: 960 Mbps
IMIX Traffic: 312 Mbps…based on experience and forum posts I find about halfway between the “firewall” numbers is an expected rate. As implied by the VPN numbers that decreases for CPU intensive activity such as Suricata.
-
Quick test from my PC, on a pfSense "1 Gbits" LAN network :
during this test several other PC's where also active, as it is monday morning and people tend to do 'things' with their PC right now.
My ISP promised me 1 G bits symmetrical : if they have it available, I'll get it.My "4100" with some minor pfBlockerng DNSBL doesn't sweat at all (about 10 % CPU usage).
( Btw : I don't have anty snort, suricata bandwithd, ntop etc packages)Keep in mind : my box uses a
Intel(R) Atom(TM) CPU C3338R @ 1.80GHz - 2 CPUs : 1 package(s) x 2 core(s)
You have an i7
-
@Gertjan Thanks for all the info. I connected my laptop PC directly to my Unifi switch (via CAT6) and ran iperf (server hosted on pfSense box). It's pulling around 940Mbps (Close enough to 1GB). However, when I run a speed test (Ookla) I'm only pulling down around 540Mbps. I'm just wondering if the express card might be the limiting factor.
I'll connect my laptop PC directly to the Cox modem next. Have to wait a bit on that one as the Internet in the house will go down and it tends to get loud in this house when that happens.
Stay tuned.
-
@FrankZappa The best test would be to briefly connect your WAN (Expresscard) to your Unifi Switch, and assign the pfSense and iPerf Client static addresses so you can perform the exact same iPerf test as before - only this time using the Expresscard.
-
@keyser So switch the LAN and WAN Interfaces? Right now my Express Card is connected to the Cox Modem. Internal LAN is connected to the switch. I'm 99% certain the express card supports 1GB (according to the manufacturer). However, I'm unsure if the computer (Dell Laptop) MOBO can simultaneously handle 1GB on internal LAN Port and 1GB on express card.
All that said, I'll try your technique and report back.
-
@FrankZappa Well switching interfaces will acomplish the same thing so yeah - that test will reveal if the expresscard is the bottleneck.
I’m certain your cpu can handle 2 Gbit traffic, But the labtop itself might have some badly designed connectivity that either cannot reach its actual potential, or might prevent other parts from doing so. A Very bad BIOS/UEFI might influence that too.
I’m only interested in seeing if the expresscard is the bottleneck, or if something Else is af play -
@keyser Ok. I'm om it, but might have to wait till no one in the house. Like I said before, when the Internet goes down in this house, there's panic at the disco.
Thanks for the advice.
-
@FrankZappa FWIW, I am on Cox cable with 2Gb down (only 100Mb up), which the Netgate 6100 handles well.
DOWNLOAD Mbps 2203.15 UPLOAD Mbps 106.11 -
@dennypage Nice speeds. I'm hoping fiber will give me 1GB up and Down
