Server VS HOME
-
you need to compile the driver for that intel 10 GE card i think.
I have them in my zfsguru nas servers and in 1 it works the other not. That runs freebsd 9.1 and does not have the newest intel drivers included even.
Further it is hard to fill up that 10 GE connection also, i only can put 350 Mbyte/sec through it (source system is not faster)
Because you will have tweak parts yourself, take a look here this is one of the many things you can do to speed it up http://forum.pfsense.org/index.php?topic=42952.0;prev_next=prev
also search on google: network tuning
-
Did you post the correct thread link above? Doesn't seem relevant.
My atom example above was just to make the point. You're better off defining your requirements than just choosing the fastest you can get.
Having said that if you need 10Gbps throughput then you'll probably need the fastest single thread CPU you can get.
Steve
-
Did you post the correct thread link above? Doesn't seem relevant.
My atom example above was just to make the point. You're better off defining your requirements than just choosing the fastest you can get.
Having said that if you need 10Gbps throughput then you'll probably need the fastest single thread CPU you can get.
Steve
woops the link and number was correct but did not seem to work correctly when the rest is not there, correct that one.
Sorry, well, this thread was actually ment to know the difference server and home, it had a twist which I do not mind, might be good.
as far I know that could not be a problem, since as far I know openbsd handles multi core pretty well, also polling and offload will be enabled or might that be the problem you ment? that it will use a core?
-
The pf process in FreeBSD, and hence pfSense, uses only a single thread. The OpenBSD pf process, from which is came, is now significantly different.
Building a box with this throughput is outside my experience but it's my belief that you will see the greatest throughput with fastest single thread CPU. http://www.cpubenchmark.net/singleThread.html Open to be corrected on this though. ;)
Steve
-
The pf process in FreeBSD, and hence pfSense, uses only a single thread. The OpenBSD pf process, from which is came, is now significantly different.
Building a box with this throughput is outside my experience but it's my belief that you will see the greatest throughput with fastest single thread CPU. http://www.cpubenchmark.net/singleThread.html Open to be corrected on this though. ;)
Steve
You might be right about that:
Packet routing (and therefore, filtering) are performed in the kernel-space of an operating system. This is the part of a (monolithic) operating system that actually supports multiple threads. However, as I recall, the kernel-mode packet routing and filtering cannot be threaded, so therefore, that will not scale up with multiple CPU.So, I wonder if he ment CPU or Cores, which might refer to the same. Also this is from 2012 and god knows when he heard that, that might already be fixed already.
-
http://mikelococo.com/2011/08/snort-capacity-planning/
If you want to run Snort on a 10 GB link, it's going to need some tweaking. There's no way to get 10 GB throughput through just one Snort instance. You need to split your throughput into smaller chunks and feed them each into it's own Snort instance.
-
This post is deleted! -
Yep. I would think that to do 10G Snort you are going to want all the processing power you can possibly muster! ;) That's way out of my experience though.
I was just pointing out that, due to pf's single thread, you need to look at a CPUs single thread rating rather than it's overall benchmarks. I.e. a 2 core, 4GHz CPU is likely to give faster throughput than a 48 core, 1GHz CPU even though such a CPU would have massive processing power on paper. That's ignoring the Snort requirement.Steve
-
you need to compile the driver for that intel 10 GE card i think.
I have them in my zfsguru nas servers and in 1 it works the other not. That runs freebsd 9.1 and does not have the newest intel drivers included even.
Further it is hard to fill up that 10 GE connection also, i only can put 350 Mbyte/sec through it (source system is not faster)
Because you will have tweak parts yourself, take a look here this is one of the many things you can do to speed it up http://forum.pfsense.org/index.php?topic=42952.0;prev_next=prev
also search on google: network tuning
Thanks, i have no more problems now with the 10GE cards.
I check the logs and it was caused by to low buffers for 10GE cards. -
@SunCatalyst:
the other issue nobody has touched on is the NOISE factor with the 1u and 2u boxes…
1U are USUALLY pretty damn noisy (due to the fans) and if your using this in a home
environment you may not be happy with the Noise.ALSO.
if the OP is wanting to do Wire speed and Snort / Etc with 10GE , your gonna WANT multiple
cores. NOT a single core. and then theres ECC ram.The noise depends on the amount of fans, and the fan itself, but yes it makes to much noise for a regular home, But it is ment for co-location in a datacenter, Do not see any reason why to use a 10gbit lan at home :P
about the, single core, I don't think anyone said a single core is better, they did say that snort uses by default a single core and it would be better to get a cpu with a high rating per core. But indeed, a quad core is required for that speeds.
you need to compile the driver for that intel 10 GE card i think.
I have them in my zfsguru nas servers and in 1 it works the other not. That runs freebsd 9.1 and does not have the newest intel drivers included even.
Further it is hard to fill up that 10 GE connection also, i only can put 350 Mbyte/sec through it (source system is not faster)
Because you will have tweak parts yourself, take a look here this is one of the many things you can do to speed it up http://forum.pfsense.org/index.php?topic=42952.0;prev_next=prev
also search on google: network tuning
Thanks, i have no more problems now with the 10GE cards.
I check the logs and it was caused by to low buffers for 10GE cards.No problem, glad it helped came across it when I was searching for info. Perhaps you can post your speeds here?
Yep. I would think that to do 10G Snort you are going to want all the processing power you can possibly muster! ;) That's way out of my experience though.
I was just pointing out that, due to pf's single thread, you need to look at a CPUs single thread rating rather than it's overall benchmarks. I.e. a 2 core, 4GHz CPU is likely to give faster throughput than a 48 core, 1GHz CPU even though such a CPU would have massive processing power on paper. That's ignoring the Snort requirement.Steve
Yes, you are right, but well it depends how it's used. It's said a single core, is that per instance or per process, there is also something called PFRING which enables you to use multi threading for snort, but i'm not sure how to do that yet nor I have the space to setup a server at the moment :(
