Looking for high performance, brand name hardware
-
We are an ISP (DSL and web hosting) who has started considering pfSense as an alternative to commercial firewalls.
I have been browsing through the forum and Google, finding out the various recommended mainboard types, mainly for low-pps usage. We are playing around with an Alix board and definitely having fun with it.
Now, to protect our entire server network, we are looking for something "bigger". Our current firewall, a Sonicwall Pro 3060, has a 2 GHz CPU and 256 MB RAM. The CPU usage with our current traffic (about 50 Mbit/s, 20 hosting servers and various small additional services) is about 30%.
I think we're looking at the Intel C2D 2 GHz / 1 GB category with 2-3 GE ports.
We would like to find "brand name" hardware if possible, although a major brand mainboard known to be reliable and fast will also be considered.
Has anyone tried pfSense out with Dell/HP/etc. servers? Does it even make sense?
What mainboard in that category would you classify as "the best", not considering price as a major factor? MSI, Supermicro, I couldn't really find out which models give the "best" result.Thank you in advance for your answers ;D
-
For what it's worth…
I recently purchased an off-lease (used ) HP DL140 G3, 1U rack mount, 3Ghz Xeon, w/SAS drive bays and 2Gig RAM.
The base machine was sub $400.00, by the time I added RAM, drive trays, etc...came to just over $500.00 (plus the cost of shipping and new SAS hard drives....)
I like it so much I ordered another one to keep as a spare.pfSense installed with no issues, and recognized all hardware. I was a bit worried about the SAS controller/drives, but they showed up fine.
Hardware Information
Processors 1
Model Intel(R) Xeon(R) CPU 5160 @ 3.00GHz
CPU Speed 2.99 GHz
PCI Devices - atapci0: Intel 63XXESB2 UDMA100 controller- ehci0: Intel 63XXESB USB 2.0 controller
- isab0: PCI-ISA bridge
- pcib10: ACPI PCI-PCI bridge
- pcib11: PCI-PCI bridge
- pcib12: ACPI PCI-PCI bridge
- pcib13: ACPI PCI-PCI bridge
- pcib14: ACPI PCI-PCI bridge
- pcib1: ACPI PCI-PCI bridge
- pcib2: ACPI PCI-PCI bridge
- pcib3: ACPI PCI-PCI bridge
- pcib4: ACPI PCI-PCI bridge
- pcib5: ACPI PCI-PCI bridge
- pcib6: ACPI PCI-PCI bridge
- pcib9: PCI-PCI bridge
- uhci0: Intel 631XESB/632XESB/3100 USB controller USB-1
- uhci1: Intel 631XESB/632XESB/3100 USB controller USB-2
- uhci2: Intel 631XESB/632XESB/3100 USB controller USB-3
IDE Devices - acd0: DV-28E-C/B.4F
SCSI Devices - da1: COMPAQ RAID 0 VOLUME OK
- da0: COMPAQ RAID 0 VOLUME OK
USB Devices none
Hardware Information
Processors 1
Model Intel(R) Xeon(R) CPU 5160 @ 3.00GHz
CPU Speed 2.99 GHz
PCI Devices - atapci0: Intel 63XXESB2 UDMA100 controller- ehci0: Intel 63XXESB USB 2.0 controller
- isab0: PCI-ISA bridge
- pcib10: ACPI PCI-PCI bridge
- pcib11: PCI-PCI bridge
- pcib12: ACPI PCI-PCI bridge
- pcib13: ACPI PCI-PCI bridge
- pcib14: ACPI PCI-PCI bridge
- pcib1: ACPI PCI-PCI bridge
- pcib2: ACPI PCI-PCI bridge
- pcib3: ACPI PCI-PCI bridge
- pcib4: ACPI PCI-PCI bridge
- pcib5: ACPI PCI-PCI bridge
- pcib6: ACPI PCI-PCI bridge
- pcib9: PCI-PCI bridge
- uhci0: Intel 631XESB/632XESB/3100 USB controller USB-1
- uhci1: Intel 631XESB/632XESB/3100 USB controller USB-2
- uhci2: Intel 631XESB/632XESB/3100 USB controller USB-3
IDE Devices - acd0: DV-28E-C/B.4F
SCSI Devices - da1: COMPAQ RAID 0 VOLUME OK
- da0: COMPAQ RAID 0 VOLUME OK
USB Devices none
The onboard broadcom NIC's (qty-2) seem to be working fine.
iperf over a 100 meg link showed 96.6 ..... I'm good with that....(.022 jitter with a 5 meg UDP test if I remember correctly...)
Currently using 1 drive for pfSense, and the 2nd drive for Squid cache (and a small FTP partition to store access.log files on...)I currently run Squid (with LDAP and a custom authentication helper for eDir auth), snort (emerging rules only..on both LAN and WAN), cron, lightsquid, bandwidthd, darkstat, and ntop.
This model has (I believe) room for 1 more NIC, should I ever need to add one.I haven't got it under heavy load yet, but I have been buring it in for the last couple of weeks with no issues at all.
-
We have pfSense installed in our data center on a pair of Tyan B5377 servers running a quad-core Xeon (2.6GHz) with 2GB RAM, 80GB SATA drive, and a dual-port Intel-Pro GB NIC. Working flawlessly.
If you visit newegg.com, you can see their server barebones offerings. Typically, any Supermicro or Tyan rack-mount servers work very well. Going forward, we will get the Supermicro boards because the IPMI (IP KVM) ports are standard.
-
I recommend Supermicro boards (or barebone servers) simply because they include Intel NIC's on the motherboard. They are one of the best choices for pfSense.
As to which one depends on your budget and needs. When comparing against an incumbent appliance though, you'll want to go a little higher on the CPU to match it. Despite what the BSD zealots will say, FreeBSD is a full multi-purpose operating system and thus is not quite as tuned as an appliance vendor like Cisco, Juniper, Sonicwall etc.
If you want something pre-built with a warranty, this company is known to use Supermicro boards.
http://www.ironsystems.com/products.asp