Xeon vs Celeron
-
Hi Chris,
At the moment there will be 3 VPN's (all IPSEC) but its possible that might have to be upped a little in the future, but its not going to be loads.
Bandwidth wise, a guesstimate would be around 40 megabits per second.
Regards
Ben
-
OK, comparing to what I have to draw some conclusions from that:
-
16MB/512k ADSL
-
PIII Celeron 1100MHz
-
512MB Ram
-
one permanent IPsec tunnel
-
and another one when I'm on the road - but I don't watch my CPU then
phpSysInfo reports: Load Averages 0.13 0.07 0.05
I have not seen my CPU graph reaching 100% unless I trigger lightsquid to rebuid its data. It usually flutters between 0% and 25%.
Since you would have three times the CPU power for only 2.5 times the bandwidth the 3.2 GHz Celeron CPU should be sufficient. Assuming you give it enough RAM to breathe and good NICs that don't load the CPU too much (like Intel Server NICs).And if you need more power in the future you still have the opportunity to upgrade the CPU.
But don't nail me to it. This are estimates!
-
-
40 Mbps of IPsec, or 40 Mbps of total traffic? Huge difference, the overhead for encryption for IPsec is processor intensive.
If you're looking at 40 Mbps of total throughput, and less than 5 Mbps of consistent IPsec traffic, the Celeron would be more than adequate. That should scale up to 1 Gbps, guessing roughly. You can probably get 2 Gbps with the Xeon, as another rough estimate.
-
Thanks for that,
40Mps was approximate overall bandwidth, so it looks like the celeron will be fine for the moment, and if the traffic does scale up to the point where it needs to be replaced, then I'll spend the extra then, as its probably a way off yet.
Ram wise, will 1Gig be OK, or should I give it some more? (I'd like to be running snort, but thats pretty the only additional package really. And I know that can be memory hungry).
Regards
Ben
-
As always: more is always better. But 1GB should be sufficient for the moment.
Snort's memory usage depends on the ruleset you define. The more rules the more memory.
-
1 GB should be fine. But the price differential between 1 and 2 GB is probably very minimal, so I'd likely go for 2 GB.
-
I use a pentium D Dual core 3.00 ghz processor. It run's great! i have run on server different processor's.
dual 500 P III (256 MB) with a 512K fractional t-1
dual P II 266 (384 MB) DSL, and a 512K fractional t-1
Pentium D Dual Core(64 bit processor) 3.00 MB / 512 DSL
C3 GIGA Pro ((733 MHZ clone) 256 MB of ram) 3.00 MB / 512 DSL
Tested on a Compaq 6400R with 4 - 500 MHZ Xeon processors with no issues 3.00 MB / 512 DSLMy luck has been great. I think that a faster processor and more ram is important. I have customer sites that connect to my IPSEC VPN. All three use different VPN end points.
1- Symantec gateway - Fractional T-1
1 - Netgear 380 - Cable connection
1 - Linksys with VPN endpoint - Fixed IP DSL 5 mb / 768 ,mAll three work great connected to my endpoint. My end point is a DELL SC400 with 2 - GB network adapters. One is a broadcomm and the other is a $14.00 special no name. They both work great. I have those connected to a vlan on my DELL 8 GB managed switch. I have a web server, ftp server, terminal server, and a few other services set up behind my firewall (PF-Sense) The system works really good. I am on 1.2-RC3
built on Thu Oct 18 15:19:54 EDT 2007.I am not upgrading at this point. This snapshot is ultra stable and I have had no issues with the services that I am running from behind my firewall. I am in the process of testing a Veloiraptor 700 firewall to see if I can get PF-Sense or Monowall to run on it. If I it would be great.
My other thing I am going to setup is a virtual firewall on vmware. I am planning to use a new 4 way server with 2.6 Gb of ram and run that virtual device as my firewall. Then I can backup my image and always recover in the event a upgrade does not work correctly.
My new question is there any progress on the 64 bit verision of code or a release on Freebsd on release 7.0?
But back to your prginal point I like a Xeon processor in any flavor, I am not crazy about the Celeron processors. I do agree more is better in any case.
RC
-
i run a AMD Athlon 900 with 768mb pc133
with 3 3com cardsthis is the company firewall/ vpn concentrator and all the other goodies that PFsense offers.
and i run aprox 15-20% at full capacity
3 different Vpn with 10 users total on the other side of the 3 different VPN (open Vpn)
my connections are
2m x 2m cable and
3m x 768kb
under full load it still works fine.i personally think that the Celeron will pull you though with minimal issues.
1gb will do you good… but pending on what you are running all with the base pfsense that could change in a mouse click -
I'm running on a P4 2.66Ghz, 512MB of RAM, 40GB HD, 2 onboard Intel NICs and 1 RealTek NIC for DMZ.
On my system I'm running squid proxy and this machine runs fine! I don't usually see more then 10 to 25% CPU usage on average and the only time the machine goes down is for some sort of hardware upgrade!
My internet connection is 6Mb/512Mb with a server hosting email, TS and a web server and 3 home work stations that draw quite a bit of bandwidth because we are power users, always downloading something, always have something pulling bandwidth. I average 4 to 10GB a day of download.
Awesome firewall!!!
-
Hi!
If I recall right HP sell a firewall server for Microsoft ISA, the hardware is a HP DL320 and the CPU are Celeron, that why I think that for pfSense I am sure that the Celeron must be more than enough.
And for the NIC the recommendations is a good quality net cards (right now Intel or Broadcomm chipset, you get probably VLAN support, QoS tag, TCP Offload, etc.) and if possible all the cards must be the same model/brand.
Greetings…
