Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [ Show your pfSenses! ] - Thread - (bandwidth warning!)

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    166 Posts 78 Posters 166.3k Views 19 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      fLoo
      last edited by

      I'd like to raise a pfSense show-off thread. I'm gonna start off with my just build up replacement for my virtual pfSense (moved from ESXi back to hardware)

      • Intel D2500CC (2x 1,8 Ghz)
      • 4 GB Ram
      • 3x Gbit NIC
      • 128 GB SSD
      • 75W power supply
      • pfSense 2.1 (pfSense-memstick-2.1-BETA1-amd64-20121221-0526.img.gz)

      1 Reply Last reply Reply Quote 0
      • E Offline
        extide
        last edited by

        Ok, here is my setup:

        Cable Modem (Cisco/Linksys DPC-3008) sitting on top of machine.

        Hardware:
        Intel Core i3 3220 - 22nm Ivy Bridge - Dual Core 3.3Ghz - HT Disabled
        ASRock Z77 Extreme 3
        2x2GB DDR3 1333
        64GB OCZ Summit SSD (Samsung Controller)
        2x Intel PCI-E Gigabit Ethernet Adapters
        Plextor DVD-RW
        300W Seasonic 80+ Bronze PSU
        Generic Case

        Guts:

        Below is a shot of the whole setup.
        NOTE: The large Compaq server (8-way P3 Xeon) AND the Disk Array sittong on top of it ARE NOT IN USE. They are functioning ONLY AS A SHELF!

        NetGear GS108P PoE Switch
        2x Dlink DAP-2553 Wifi AP's using PoE from the GS108P (one for 2.4Ghz, the other for 5Ghz)
        And the grey rectangle with green sticker on it sitting next to the monitor is the DirecTV DECA adapter. (Connects the DirecTV DECA network, which is ethernet over COAX that co-exists with the sat signals, to the rest of my network.) This way my DVR's all grab IP's from my pfSense box and have full internet access.

        The monitor and keyboard are for when I need to manually go in there and work on something, which is pretty rare. :)

        1 Reply Last reply Reply Quote 0
        • F Offline
          fLoo
          last edited by

          Oh damn - you want the people totally show off? I see - lets continue with me:

          My complete setup (2 Wi-Fi-APs missing here)

          • Cable Modem (Cisco EPC-3212)
          • TP-WR1043ND (Public AP - Routing traffic through vpntunnel.se)

          You can see (or its hidden):

          • 24 Port Management Switch
          • TP-WR1043ND (SamKnows bandwidth measurement)
          • RIPE Atlas node (Network measurement)
          • Raspberry PI + DVB-C Stick to monitor network segment usage of my local internet provider
          • mini-LCD Monitor to monitor network statistics

          • ESXi 5.1 WhiteBox (Core i5, 16 GB Ram / 2x 3 TB + 2x 64 GB SSD)
          • 12 TB Raid-5 Firewire-NAS (hidden on the right)
          • Yes i need to clean the ESXi :)

          1 Reply Last reply Reply Quote 0
          • E Offline
            extide
            last edited by

            Hey, I just posted my router ;) I have a Ubuntu Server running ZFS, a windows server, and a dedicated linux folding@home box as well. :) I can put more pics later.

            Tell me more about the "Raspberry PI + DVB-C Stick to monitor network segment usage of my local internet provider" that is pretty cool… What kinda stats can you see?

            1 Reply Last reply Reply Quote 0
            • F Offline
              fLoo
              last edited by

              @extide:

              Hey, I just posted my router ;) I have a Ubuntu Server running ZFS, a windows server, and a dedicated linux folding@home box as well. :) I can put more pics later.

              Tell me more about the "Raspberry PI + DVB-C Stick to monitor network segment usage of my local internet provider" that is pretty cool… What kinda stats can you see?

              Because i'm using internet via a cable modem you can monitor the network usage of your network segment. The reason is because cable is a shared medium and every single customer in your segment can see every single bit (multicast), although its encrypted. So what u can do is the following:

              Take a DVB-C-Stick (i prefer sundtek.de because of its full linux support), then u tune your dvb-c stick to the same frequency as your cable modem (in europe thats usally 546 - 602 mhz), toggle modulation and use dvbsnoop to read off the statistics of the frequency-channel.

              Result:

              1 Reply Last reply Reply Quote 0
              • E Offline
                extide
                last edited by

                Yes, I understand how cablemodems and DOCSIS networks work, but I had no idea you could get a device to monitor the stuff like that! I am totally going to get one of those and set it up on one of my linux boxes!

                Cool, looks like I can get a PCI-E one also. I may have to rig up some stuff to read the current DS/US channels from the cable modem and then feed that to dvbsnoop to get the infos. How are you making that graph? Are you manually doing it with RRDTOOL or is there some software out there for doing this specifically?

                Thanks for the info BTW!

                1 Reply Last reply Reply Quote 0
                • F Offline
                  fLoo
                  last edited by

                  @extide:

                  Yes, I understand how cablemodems and DOCSIS networks work, but I had no idea you could get a device to monitor the stuff like that! I am totally going to get one of those and set it up on one of my linux boxes!

                  Cool, waiting for your stats. If you need assitance (complete ready scripts for Cisco-Modems + RRDTools) just msg me. Oh and - dont forget to monitor your signal to noise :)

                  1 Reply Last reply Reply Quote 0
                  • E Offline
                    extide
                    last edited by

                    Ok, sweet, I have a Cisco DPC 3008 so hopefully I wont need to modify the scripts much to grab the stats. It's funny, in another thread I posted on here today I asked if there was some software to grab this info from the cable modem and insert it into a DB so you can graph it over time. So, yes, I would love those scripts, thanks!

                    So, are you just using a coax splitter, standard -3.5dB one? Going to the DVB-C stick and the other side to the modem ?

                    1 Reply Last reply Reply Quote 0
                    • F Offline
                      fLoo
                      last edited by

                      No wait - its a Coax splitter for your TV-Signal, not the one for the modem. You should have a multimedia-splitter already at your wall (1x modem, 1x tv, 1x radio) you split the tv one! And yes, its a standarf 3.5dB splitter, so you should keep care of your stats. Maybe some adjustment of your cablenetwork is needed (increase the power on your cable amplifier and use an -3,5 attenuator for your cable modem).
                      For me it worked just out of the box, without modifying anything, because its just - 3.5dB :)

                      IF YOU MODIFY YOUR AMPLIFIER - KEEP AN EYE ON THE SLOPE :)

                      So u got

                      PIN_
                      –---O-----
                      ----/------
                      LOG___TV

                      Regarding your question: Using RRDTool with complete custom (self written) templates and also own scripts to feed the RRD (which i can supply).

                      Photo:

                      1 Reply Last reply Reply Quote 0
                      • G Offline
                        gderf
                        last edited by

                        Cray XD1 with 11,000 interfaces running pfsense 2.1 snapshot.

                        1 Reply Last reply Reply Quote 1
                        • C Offline
                          cmb
                          last edited by

                          Good idea for a thread. We're going to gather pictures from a variety of threads like these in the future and create some kind of micro-site showing off people's deployments. In the mean time, might as well get another thread going.  :)

                          Here's our primary colocation facility, where this site and most of our others run, as well as the snapshot and release build servers. The firewalls are virtual in ESX, a HA pair with primary on one ESX server and secondary on another.



                          1 Reply Last reply Reply Quote 0
                          • F Offline
                            fLoo
                            last edited by

                            Sweeeeeeet :o Thats what i'm trying to accomplish but i still need more money (although my setup is already too fat for home networking) ;)

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              Well I can't pass up this opportunity.

                              Yes, I have a problem. I'm trying to cut down.  ;)

                              Steve

                              1 Reply Last reply Reply Quote 1
                              • C Offline
                                cmb
                                last edited by

                                @stephenw10:

                                Well I can't pass up this opportunity.

                                Yes, I have a problem. I'm trying to cut down.  ;)

                                haha  Those aren't running the Watchguard software I presume?  ;D

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  I'd love to say none of them are but the X-edge boxes at the top are Arm based and I haven't managed to hack a workable OpenWRT image onto them. Yet.  ;)

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • K Offline
                                    kilthro
                                    last edited by

                                    Well I wish I had a fancy setup. Here is a a pic of my pfSense box.

                                    SUPERMICRO SYS-5015A-EHF-D525 1U Intel Atom D525 Dual Gigabit LAN w/ IPMI Server
                                    4 gig ram
                                    Intel EXPI9402PT 10/ 100/ 1000Mbps PCI-Express PRO/1000 PT Dual Port Server Adapter
                                    two 250gig WD black 2.5 inch drives mirrored
                                    1500AV UPS (not shown) for 1.5 hours of backup time.
                                    And for the heck of it a Crystalfontz display. :-D
                                    Have gigabit wireless access point as well hooked up. (not shown)

                                    Don't make fun of my makeshift fan bracket (zip ties in vent). lol The system is "passively cooled"  and I didn't like the 65°C so i put a case fan in and now its 40°C. Not exactly where i would want it but much better.

                                    1 Reply Last reply Reply Quote 0
                                    • E Offline
                                      extide
                                      last edited by

                                      @fLoo:

                                      No wait - its a Coax splitter for your TV-Signal, not the one for the modem. You should have a multimedia-splitter already at your wall (1x modem, 1x tv, 1x radio) you split the tv one! And yes, its a standarf 3.5dB splitter, so you should keep care of your stats. Maybe some adjustment of your cablenetwork is needed (increase the power on your cable amplifier and use an -3,5 attenuator for your cable modem).
                                      For me it worked just out of the box, without modifying anything, because its just - 3.5dB :)

                                      IF YOU MODIFY YOUR AMPLIFIER - KEEP AN EYE ON THE SLOPE :)

                                      So u got

                                      PIN_
                                      –---O-----
                                      ----/------
                                      LOG___TV

                                      Regarding your question: Using RRDTool with complete custom (self written) templates and also own scripts to feed the RRD (which i can supply).

                                      Photo:

                                      Heh, sounds like you guys have a slightly different cable setup over there. I have no cable amplifier, and I do not use the cable for my TV's (I use DirecTV for TV), so my coax is one single lin from the drop to the modem, no splitters no amps, nothing, its just raw right into it. So, yeah, I will be using a little simple 2-way slitter. But, my wife will be pissed if I buy the DVB-C card/stick right now so it will be a little bit. I WILL be working on making a scraper for my modem stat page, and then use that data to feed into the RRD graphs, though.

                                      1 Reply Last reply Reply Quote 0
                                      • S Offline
                                        syro
                                        last edited by

                                        Colocation setup:

                                        pfSense 2.1-DEV based cluster running on two TYAN Transport servers ;D

                                        Basic information:

                                        • 1x CPU: Intel(R) Pentium(R) 4 CPU 3.00GHz (2992.51-MHz 686-class CPU)

                                        • 2x Intel(R) PRO/1000 Legacy Network Connection (1.0.3)

                                        • 1x 3Com 3c905B-FX/SC Fast Etherlink XL (PFSYNC, XMLRPC via Fiber Optical)

                                        • real memory  = 4294967296 (4096 MB)

                                        The switching stack was built using two NETGEAR GS724TS (stacked via HDMI). The firmware is a pure pain but when tamed it somehow gets the job done. It's the cheapest stack I found and using LACP accross multiple physical units is definitely a big plus! Our provider runs LACP for our uplink as well so even the wan connection survives a dead unit :)

                                        The entire setup is considered stable and runs for almost 13 months now w/o any service interruptions (e.g. crashes or similar).




                                        @Home:

                                        • 1x PCEngines Alix 2D13, 4GB CF

                                        • 1x HP Switch 1900-8G (formely known as 3com OfficeConnect 3CDSG8)

                                        • 1x Linksys WRT54G running DD-WRT (Kamikaze)

                                        • 1x WRT54G running DD-WRT (some release)

                                        • 1x APC SmartUPS 500VA (in the back)

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S Offline
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Nice.  :)

                                          @syro:

                                          1x Linksys WRT54G running DD-WRT (Kamikaze)

                                          Isn't 'Kamikaze' an OpenWRT code name?

                                          Steve

                                          1 Reply Last reply Reply Quote 0
                                          • S Offline
                                            syro
                                            last edited by

                                            @stephenw10:

                                            Nice.  :)

                                            @syro:

                                            1x Linksys WRT54G running DD-WRT (Kamikaze)

                                            Isn't 'Kamikaze' an OpenWRT code name?

                                            Steve

                                            Yeah, damn straight ;)

                                            Fixed it, thanks!

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.