Hardware Help on first build. 400+ Users 50mbps up & down
-
Blocking protocols will probably not require any additional packages and monitoring is also in the base install to some extent.
There are a few packages that allow a greater level of monitoring, it depends what you want:
http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3FSteve
-
Thanks for all of your help Steve! The PfSense community is awesome.
-
For a simple pfSense installation with just 50mb throughput an i5 and 8gb ram are most likely overkill by a long shot. You may want to get something smaller like a Pentium G630 or something in that line, 4gb are more than enough and maybe spend some extra money in good Intel NICs. You may also want to get an external AP in case you need 802.11n.
-
If i can make a suggestion, at 400 users maybe you could add a second box running carp. (redundancy)
If price is a problem, maybe lower the specs to get two boxes.
(IMHO) :) -
All 400+ users will be on same lan interface ? or is better to use 2 or 3 lan interfaces and split the number
-
I am currently using an i5 system. Have configured 4 VLANs for network sanity and ease of management.
For 400+ users I highly recommend i3/i5 system especially if you are concerned of high latency. Don't listen to others who think it's an overkill. It's not… PowerD function drops the CPU clock when not required. You have 400+ users and that demands CPU power for quick responses. I also recommend at least 8GB+ RAM and Squid for caching. Plus install Snort for keeping the network safe from intruders.
-
For 400+ users I highly recommend i3/i5 system especially if you are concerned of high latency. Don't listen to others who think it's an overkill. It's not…
In virtually every network with 400 users, it's absolutely overkill. It won't get you one iota better performance than an Atom. Exceptions might be some unusual circumstances where 400 users can routinely peg a 500+ Mbps Internet connection, those are very rare though. Or if you're doing internal VLAN routing with it, that's generally not the case though.
-
Its 400+ users.. you can't control that high number of user internet activity. During peak hour times the pfSense hardware needs to be capable enough to service every request. Plus later if the owner installs Snort then it would need even more processing power to keep up with all the connections.
In todays time just 1 user can go up in 10 to 15 connections at any given time (email, chat, file transfers..etc). 400 times 10 is 4000 connections. That is just the start.. with heavy network traffic the atom will barely keep up, especially routing data to and fro to all 400+ users. For a simple home and simple routing the Atom might be good enough but not for a 400+ user network.
-
An ALIX can handle vastly more than 4000 connections, that's nothing. An Atom has 8+ times the capacity, it will not get dragged down at all by 400+ users. I see systems all the time of that spec with that much of a load or more, and they're nowhere near capacity.
-
Its 400+ users.. you can't control that high number of user internet activity. During peak hour times the pfSense hardware needs to be capable enough to service every request. Plus later if the owner installs Snort then it would need even more processing power to keep up with all the connections.
In todays time just 1 user can go up in 10 to 15 connections at any given time (email, chat, file transfers..etc). 400 times 10 is 4000 connections. That is just the start.. with heavy network traffic the atom will barely keep up, especially routing data to and fro to all 400+ users. For a simple home and simple routing the Atom might be good enough but not for a 400+ user network.
Not true. Number of connections isn't a factor. The throughput and interrupt loading is a greater factor.
For instance, I've had a Celeron 1.2GHz (the current dual-core atoms are much faster) push >120,000 connection states without breaking a sweat:
-
Whilst I agree that an Atom would easily handle a 50Mbps connection with almost any number of users I have to also agree with Asterix's view that it seems pointless to use an Atom if you're building a new box. Low end Sandybridge systems can be built for almost the same cost and will likely consume a similar power level.
If at some later stage you need to implement Squid, Snort, complex traffic shaping or VPNs you could easily run out of CPU cycles on an Atom.
About the only niche left for an Atom is in an entirely passively cooled system where the maximum power dissipation of a Sandybridge CPU is too high to be practical. That particular niche is rapidly being filled by ARM powered CPUs in other markets.
My own personal view. ;)Steve
-
IMO Passive cooling is a rapidly growing niche, and Intel is doing pretty well with the Atom so far :) But I believe this is getting a bit off-topic. The Atom was first mentioned on this thread just as an example of why the OP shouldn't really need an i5. Many of us suggested to go to a lower-end Sandy like a Pentium or Celeron, but the Atom was never directly suggested as a solution for this, it was only mentioned to make a point.
Whilst I agree that an Atom would easily handle a 50Mbps connection with almost any number of users I have to also agree with Asterix's view that it seems pointless to use an Atom if you're building a new box. Low end Sandybridge systems can be built for almost the same cost and will likely consume a similar power level.
If at some later stage you need to implement Squid, Snort, complex traffic shaping or VPNs you could easily run out of CPU cycles on an Atom.
About the only niche left for an Atom is in an entirely passively cooled system where the maximum power dissipation of a Sandybridge CPU is too high to be practical. That particular niche is rapidly being filled by ARM powered CPUs in other markets.
My own personal view. ;)Steve