Choosing Hardware For pfSense
-
Is it PPPoE? If so that can only use one CPU core in FreeBSD/pfSense currently so you need a CPU with good single thread performance.
-
@stephenw10 said in Choosing Hardware For pfSense:
Is it PPPoE? If so that can only use one CPU core in FreeBSD/pfSense currently so you need a CPU with good single thread performance.
Hi @stephenw10 - no PPPoE, just a regular fiber connection. The other thing I was wondering about too is if having more cores would benefit packet processing since most fast network cards these days support a large number of RX/TX queues, which could then each be handled by a separate CPU core. Thanks again.
-
@tman222
The Atom C3958 is capable of handling 10-20 Gbit/s for NAT, while the Xeon D-1718T can handle around 20-30 Gbit/s. Both are overkill for 2 Gbit/s tasks. For simple NAT with many parallel queues, the Atom is better, but for tasks involving DPI and NAT, the Xeon performs better. -
@w0w said in Choosing Hardware For pfSense:
@tman222
The Atom C3958 is capable of handling 10-20 Gbit/s for NAT, while the Xeon D-1718T can handle around 20-30 Gbit/s. Both are overkill for 2 Gbit/s tasks. For simple NAT with many parallel queues, the Atom is better, but for tasks involving DPI and NAT, the Xeon performs better.Thanks @w0w - could you share some more details on how you came up with those NAT numbers for each of these processors? I looked on the Netgate appliances page and just extrapolated the firewall performance based on the 6100/8200 for the Atom C3958 and the 8300 for the Xeon D-1718T. This led to a number closer to 30Gbit/s for the Atom and closer to 20Gbit/s for the Xeon. However, perhaps my calculations were too simplistic / not comprehensive enough. Thanks again.
-
I'd be surprised to see numbers that high to be honest.
There is some scaling with more CPU cores but not everything. For example most NICs can use 4 or 8 queues but not 16.
But, yes, if you don't have PPPoE then either should be fine for 2Gbps.
-
Hola buenas tardes, xq no pruebas los nuevos equipos oficiales Netgate, nosotros en la empresa que trabajo, adquirimos uno, y nos ha ido bastante bien.
-
@tman222 said in Choosing Hardware For pfSense:
D-1718T
It depends on the topology, board design, and the ethernet card itself. Some cards can be expensive, you know.
https://www.servethehome.com/supermicro-x12sdv-4c-sp6f-review-25gbe-and-intel-xeon-d-1718t/3/
For example, 2x25Gbit Ethernet. I'm not claiming that my opinion is 100% correct, but those numbers should be achievable. However, I haven't tested it myself. -
hi all,
looking at a refurbished Dell Optiplex 7010 as a new pfSense platform.
Will be looking at a couple of them... some with Proxmox for other purposes also / clustered,
for pfSense,
- what's the Intel chip that is best supported for 2.5GbE.
- Also want to look at a dual port SFP+ card, Intel chip recommendations.
G
-
@georgelza said in Choosing Hardware For pfSense:
what's the Intel chip that is best supported for 2.5GbE.
Intel made the i225 and i226 in several variants. The i226 uses less power. The early revisions of the i225 had issues with spontaneously losing link.
@georgelza said in Choosing Hardware For pfSense:
Also want to look at a dual port SFP+ card, Intel chip recommendations.
Hard to beat the x520 IMO. What do you plan to use it with though?
Steve
-
@stephenw10
will fit 1 x dual port 2.5GB and 1 x dual port SFP+
the 2.5's will be used initially,
1 to fiber provider ONT
1 to Unifi switch
to be later replaced with 1 x SFP+ to fiber provider and 1 x Unifi switch.
My NAS will also get a 2.5GbE card and the additional machines that will go into a Proxmox cluster that will run a EKS cluster and various other VM's.The pfSense will be redeployed onto the Dell, with i5 CPU and 8GbE RAM.
looking at the 7010 atm, but might look for something i5 but smaller that can take the 2 cards. that use less power.
the Proxmox cluster will be 4 x 7010's, the unit's i can get is 8GbE and 500GB SSD, will initially take as is, but upgrade to either 16 or 32GB RAM.
storage will be from the NAS.
Might have some 4TB HDD becoming free, replace the 4TB's with 8 or 10TB's in the NAS. so they can be local storage in the Proxmox nodes.G
-
So using the SFP_ ports at 10G? And with fiber SFP modules?
-
As a start the dual port 2.5Gb i226 will be the in port from Fiber provider and out to core.
Then that will be migrated/replaced via the Fiber plumbing.
10GbE SFP+ based as that is what the Unifi switch have as uplink port.
So as a start I will still come into the pfSense via the 2.5GbE port, but go out to Unifi Core switch via the SFP+ port/fiber.
Plan is to have the input into the pfSense also go SFP+ fiber based.G
-
Should be fine then. Where people usually run into issues is trying to use an SFP port at 2.5 or 5G. Or even at 1G with a module that doesn't offer it.
-
Not to worry
Know dif between 2.5 GbE that can run over cat 5+ copper
SFP which is 1 GbE based fiber and
SFP+ which is 10GbE based fiber.G
