New to pfSense: new help sorting out pfSense hardware concerns
-
Hi all
I will try to make this both brief and as descriptive as possible.
I am a PC Service tech exploring the world of routers and security as I am heading toward a Cisco tract of certs.
In my home I have a dedicated small office where I do PC service and repair work.
My provider is Centurylink and can only manage 6mbps over aging copper. I have rewired the entire house with Cat 6a shielded cable from the point of entry outside through every single connection to every desktop PC.
My DSL modem is TP-Link TD-8817, my old router was a TP-Link 1043ND flashed to DD-WRT, my switch is TP-Link Gigabit TL-SG1024. I had not heard of pfSense and decided to give it a try.I repurposed a midtower PC I had under my desk. SPECS:
Asus A8N-SLI mobo
PCI graphics card
2gb Corsair DDR 3500LLPro ram
A pair of Intel EXPI9301CT PCI-Express Gigabit Network Cards (WAN and LAN)
New Kingston HyperX 120gb SSD 500+ MB/s reads and writes but on SATA2 (interface limited)
AMD Opteron 180 Dual Core CPU overclocked to 2.7GHz (2.4 stock)
TP-Link 1043ND router with three 8dbi antennae is now used only as a wireless AP feeding into the switch.I have read about some of the common packages and have set out to learn a bit.
I have installed SNORT w/free rules and emerging threats. I have all the emerging threats rules selected and only the ones on the free rules for malware, spyware, attacks, social networking, and P2P stuff. I also selected the high performance memory option (AC) for SNORT so it is using a LOT of memory. I am at 83% overall right now.
I have been using SSD’s for a few years and have 4 of them in RAID0 for a couple years now in my main Rig without any issue. I read a post here that was very frightening claiming SSDs die in like 3 months or something. I believe if that were the case one of my four would have died long ago as my main workstation has not been turned off since they were installed. My plan is to put as much RAM as I can for now into a new motherboard along with a fast CPU. I have been watching my performance number in Dashboard over the last day or two and a few things have finally settled down at bit. My memory usage has been increasing steadily and my CPU usage has dramatically dropped. My CPU is in the 2-15% usage range but memory is at 83%. My pagefile shows 23% now. Disk usage is only at 1%. If I understand things, I should increase RAM and remove the pagefile altogether. This is what I did with my i7-3930K @4.5GHz. I put in 32gb of 2133MHz RAM and the OS installed on a RAID0 Array of 4 SSDs.
I am concerned about the high memory usage and plan to install a new Z77 motherboard with a i5-3570K CPU and 16gb (upgradable to 32gb) of DDR3-1600. I want to run as much as I can within RAM.
There are 6 workstations, 2 Home theater PC’s, two 30tb media servers (primary and Backup), iPods, a couple of laptops plus 1 to 5 of my client’s machines depending on how busy I am. This is the workload but never is all of this stuff loading the network at once. I really do not have any network speed issues, just slow internet if I am running P2P which is all the time.
MY PURPOSE for pfSense:
-I installed pfSense to learn more about it – learning tool (routers and networking in general)
-Increase performance of my limited DSL bandwidth
-Better protect myself from intrusionsSo far I have installed : SNORT, squid3, widescreen, darkstat, Filer, and lightsquid.
I have been reading various how to guides on tweaking the settings and such trying to make adjustments and observe behavior over time. I forgot to mention I am using the pfSense-LiveCD-2.0.2-RELEASE-amd64.iso image.I see lots of people really making use of older hardware and doing wonderful things with old P3’s, 4’s and Atom chips. I started out thinking maybe micro-ITX but the more I read the more it looked like SNORT and Squid would quickly load up a really old CPU. One thing I am certainly guilty of and that is an finding excuses to buy new hardware. ;-)
I would appreciate if those in the know could take a look at my setup and tell me if my thinking is flawed and maybe point me in the correct direction
Thanks
-
As long as you have at least some swap space free, I wouldn't be too concerned about how much swap space is in use. I would be more concerned if your system is doing a lot of swapping or paging. Swap space MIGHT be used to store text segments of programs that have exited. They can probably be started more quickly from the swap space than by reading them again from the file system.
-
Running Snort and Squid together with pfSense, you should have more than 2GB RAM, your Mobo supports 4GB so just double the RAM for now and save yourself some coin ($25 on eBay for 4GB PC3200 RAM). Your CPU is obviously not being taxed at 2-15% so no need to upgrade your mobo/cpu for what you're doing with it. You could also try within Snort, AC-BNFA which is still considered high performance but will lower your memory usage for some headroom.
I really do not have any network speed issues, just slow internet if I am running P2P which is all the time.
Look into Traffic Shaping with pfSense and you can lower the priority of P2P traffic and get your internet line speed back without P2P bogging it down.
If you're dead set on getting new hardware, look into the i3's for lower power consumption with great performance.
http://www.tomshardware.com/reviews/d510mo-intel-atom,2616.html
-
Running Snort and Squid together with pfSense, you should have more than 2GB RAM, your Mobo supports 4GB so just double the RAM for now and save yourself some coin ($25 on eBay for 4GB PC3200 RAM). Your CPU is obviously not being taxed at 2-15% so no need to upgrade your mobo/cpu for what you're doing with it. You could also try within Snort, AC-BNFA which is still considered high performance but will lower your memory usage for some headroom.
I really do not have any network speed issues, just slow internet if I am running P2P which is all the time.
Look into Traffic Shaping with pfSense and you can lower the priority of P2P traffic and get your internet line speed back without P2P bogging it down.
If you're dead set on getting new hardware, look into the i3's for lower power consumption with great performance.
http://www.tomshardware.com/reviews/d510mo-intel-atom,2616.html
I had read somewhere that the CPU performance benchmark I wanted to look at was the single thread bench pertaining to pfSense. I did not get the i5-3570k but got the i3-3220 instead and saved $80. Passmark single thread score for the i5-3570k was like 2,013 and for the i3-3220 was 1,768. My current Opteron is like a 748 score.
I pulled the trigger on the mobo/CPU/RAM upgrade because I really wanted more than my mobo's max of 4gb. I also got a pair of Kingston HyperX DDR3-1600 CL9 sticks for $43 and an ASUS P8B75-M/CSM mb with 4 ram slots and micro ATX. It's similar to the Z77 but no RAID functions and fewer USB 3.0 ports. All of it was $259 out the door with tax. I do wish it had all PCI express slots but unfortunately 2 of the four are older PCI.
uTorrent has settings to limit bandwidth but I am not sure if it can also lower the priority of its requests. I will look into Traffic shaping in pfSense.
Cant wait to do the re-install in the morning and check out performance of the new i3 DDR3 vs the Operteron DDR1 setup.
-
Running Snort and Squid together with pfSense, you should have more than 2GB RAM, your Mobo supports 4GB so just double the RAM for now and save yourself some coin ($25 on eBay for 4GB PC3200 RAM). Your CPU is obviously not being taxed at 2-15% so no need to upgrade your mobo/cpu for what you're doing with it. You could also try within Snort, AC-BNFA which is still considered high performance but will lower your memory usage for some headroom.
I really do not have any network speed issues, just slow internet if I am running P2P which is all the time.
Look into Traffic Shaping with pfSense and you can lower the priority of P2P traffic and get your internet line speed back without P2P bogging it down.
If you're dead set on getting new hardware, look into the i3's for lower power consumption with great performance.
http://www.tomshardware.com/reviews/d510mo-intel-atom,2616.html
I had read somewhere that the CPU performance benchmark I wanted to look at was the single thread bench pertaining to pfSense. I did not get the i5-3570k but got the i3-3220 instead and saved $80. Passmark single thread score for the i5-3570k was like 2,013 and for the i3-3220 was 1,768. My current Opteron is like a 748 score.
I pulled the trigger on the mobo/CPU/RAM upgrade because I really wanted more than my mobo's max of 4gb. I also got a pair of Kingston HyperX DDR3-1600 CL9 sticks for $43 and an ASUS P8B75-M/CSM mb with 4 ram slots and micro ATX. It's similar to the Z77 but no RAID functions and fewer USB 3.0 ports. All of it was $259 out the door with tax. I do wish it had all PCI express slots but unfortunately 2 of the four are older PCI.
uTorrent has settings to limit bandwidth but I am not sure if it can also lower the priority of its requests. I will look into Traffic shaping in pfSense.
Cant wait to do the re-install in the morning and check out performance of the new i3 DDR3 vs the Operteron DDR1 setup.
OK just did the hardware upgrade. I did not notice before on the old A8N-SLI board but on the new one pfSense would not find my SSD to install to with AHCI turned on. I had to install as an IDE device on the SSD. Is this normal?
Also I am very please with performance thus far. Snort installed and updated rules correctly the first time without 2 dozen retries. CPU usage with a single torrent running is only about 2% (down from 2-15%). Memory usage is down to from 84% to 12% even after I increased the Proxy local RAM cache from 256meg to 1GB. I am satisfied that I went with the i3 and not the i5 at the last minute. It is really overkill for what I am doing but I do not want to worry with replacing it any time soon. I can invest the extra coinage in a slim line case or RAM or something later.
-
I had read somewhere that the CPU performance benchmark I wanted to look at was the single thread bench pertaining to pfSense.
This is due to the single threaded nature of the 'pf' process at the heart of pfSense. The limit of your boxes performance is likely to be the speed at which this can be run. If you are running other cpu intensive processes such as Snort and Squid then multicore cpus help.
OK just did the hardware upgrade. I did not notice before on the old A8N-SLI board but on the new one pfSense would not find my SSD to install to with AHCI turned on. I had to install as an IDE device on the SSD. Is this normal?
It can be. Which version of pfSense have you installed? 2.1Beta has newer drivers and may be able to talk to your drive in AHCI mode. It's unlikely to make much difference though.
Steve
-
I had read somewhere that the CPU performance benchmark I wanted to look at was the single thread bench pertaining to pfSense.
This is due to the single threaded nature of the 'pf' process at the heart of pfSense. The limit of your boxes performance is likely to be the speed at which this can be run. If you are running other cpu intensive processes such as Snort and Squid then multicore cpus help.
OK just did the hardware upgrade. I did not notice before on the old A8N-SLI board but on the new one pfSense would not find my SSD to install to with AHCI turned on. I had to install as an IDE device on the SSD. Is this normal?
It can be. Which version of pfSense have you installed? 2.1Beta has newer drivers and may be able to talk to your drive in AHCI mode. It's unlikely to make much difference though.
Steve
I am running the 2.0.2 stable version. I am sure I am losing the newer features such as NCQ running in IDE mode. I do not know if it is a chipset issue of a UEFI BIOS problem. I am just impressed at the performance after the mobo/i3 CPU/RAM update.
