I want to assemble a pfSense server and am seeking recommendations from expert friends.
-
@SteveITS So, is there any hardware you would recommend for 1500 users?
-
@mettoal said in I want to assemble a pfSense server and am seeking recommendations from expert friends.:
@SteveITS So, is there any hardware you would recommend for 1500 users?
You are putting a 1500 users on a network with only 12 megbits/sec of Internet bandwidth? Those are likely to be some unhappy users what with the typical large amount of web traffic these days. Gone are the days of web pages only downloading a few 10s of kilobytes when accessed.
-
@mettoal The number of users/devices is kind of irrelevant to be honest. 64 GB RAM I'd expect is overkill. Disk speed and size is probably irrelevant as it's only used for logging and installing updates.
I'd start on Netgate's site, and if you don't like their appliances at least you can compare specs. My rule of thumb is, look at the firewall spec:
Firewall
iPerf3 Traffic: 18.62 Gbps
IMIX Traffic: 10.24 Gbps...and expect halfway between those numbers to be the maximum.
-
@bmeeks said in I want to assemble a pfSense server and am seeking recommendations from expert friends.:
1500 users on a network with only 12 megbits/sec
ha, I remembered the "10Gb" above from last night but you're right it wasn't specified, and the bandwidth is by far the most important part of this. A 1 Gbit connection is way different specs than a 10 Gbit connection. Under 500 and the hardware is not terribly important, the 1100 can do around that.
-
@SteveITS said in I want to assemble a pfSense server and am seeking recommendations from expert friends.:
@bmeeks said in I want to assemble a pfSense server and am seeking recommendations from expert friends.:
1500 users on a network with only 12 megbits/sec
ha, I remembered the "10Gb" above from last night but you're right it wasn't specified, and the bandwidth is by far the most important part of this. A 1 Gbit connection is way different specs than a 10 Gbit connection. Under 500 and the hardware is not terribly important, the 1100 can do around that.
And unless the OP breaks the internal network up into a bunch of VLANs, the firewall wil be doing next to nothing except routing to and from the Internet. If the internal network is one big flat segment, then the firewall will see none of that traffic as the switch infrastructure will handle it. In that case, the firewall only has to handle 12 megabits/sec of traffic. You could do that with a Raspberry Pi
. -
@bmeeks Speed wise yes but not with pfSense CE. :). I honestly do not know how far the 1100/2100 CPU is from a Pi? But I digress…
-
@SteveITS said in I want to assemble a pfSense server and am seeking recommendations from expert friends.:
@bmeeks Speed wise yes but not with pfSense CE. :). I honestly do not know how far the 1100/2100 CPU is from a Pi? But I digress…
I wasn't serious with the Pi thing -- just a joke. My point was that just about any hardware these days could handle basic routing fuctions if it only has to work with 12 megabits/sec of actual routed traffic.
-
@bmeeks oh I know, I was “yes and”-ing you.
-
I read that as more likely 12Mbps per user. Which is obviously more than the total available but may work. OP may want to try bandwidth sharing scheme with dynamic Limiters.
-
@bmeeks 12 mbits per user, for 1 person :)
-
@mettoal said in I want to assemble a pfSense server and am seeking recommendations from expert friends.:
@bmeeks 12 mbits per user, for 1 person :)
ah- that is different. That was not immediately clear from the post (at least that's not how I interpreted it).
-
@mettoal what’s the actual total speed though..? That’s like 95% of your question.
Any packages? Captive portal?
-
@mettoal Let me say it another way… under 500 Mbps a 2100 is probably sufficient at least in terms of power.
For headroom/future expansion and I’d guess up to around 4-5 Gbps a 4200 should suffice. Get two 4200s or two of something with 3 NICs in it to use High Availability. 4 NICs if you want the hotel network isolated from guests. (Otherwise that could have its own router etc. Continue with other networks or PCI/credit card, etc)
4200: CPU: Intel Atom C1110 with AVX2, 4-core @ 2.1 GHz, and 4 total NICs
-
Would the following hardware be sufficient? for 1500 users my backbone switch 25 gbe support already. ı am looking just server hardware
Processor: Xeon E5-2697A V4
RAM: 64 GB DDR4 2400 Mhz
NIC: Intel X710 Da2 10Gbe
SSD: 500 GB Samsung 980 Pro M2 NVMe -
@mettoal ok well 25 Gbps is the complete other end of the scale. :) Perhaps Steve can comment on the upper limits of pfSense related to that CPU but it’s why Netgate developed TNSR.
-
@mettoal said in I want to assemble a pfSense server and am seeking recommendations from expert friends.:
E5-2697A V4
Yeah you need something like that to pass 10G if that's what you need to do. 25G is really beyond pfSense for the most part.
-
What's the existing load on the 1Gig connection at peak times ? If it's below 100%, then there's your required bandwidth. If it's often maxed out, then you need the 10G link before confirming PfSense hardware.
