Need help spec'ing new pfSense box - 1 Gbps WAN
-
Last month I got myself a used ASUS RS700-E6/RS4 with the following config.
Intel(R) Xeon(R) Quad Core CPU X5550 @ 2.67GHz
24GB DDR3 SDRAM
4 - 1TB hard drives (SAS)
Dual port Intel gigabit NICs, will be adding a PCIe dual gigabit as well
ASUS PIKE64 LSI RAID cardLoving it. Its still 1U (only thing I don't like.. but I got it for under $450) but it has a zero wire internal design with backup PSU. Lightning fast and pretty less noisy as compared to other comparable servers.
I have 5 VMs (Domain controllers, Exchange, SQL, DLNA) on it including pfSense.. on 75Mbps WAN its running flawlessly and I have yet to reboot it since the day its been up on the network.
The following services are active in pfSense and I have yet to see a processor heavy usage spike.
dansguardian
dhcpd
dnsmasq
miniupnpd
ntpd
openvpn
snort
squid -
I believe that the most important question when designing pf-sense hardware is what king of pipe form outside you are connected to. I have dell 890 that has 8gb of ram and 100mbs from Comcast and my dual core xeon runs at 400 mhz all day long. I have snort installed
-
I believe that the most important question when designing pf-sense hardware is what king of pipe form outside you are connected to. I have dell 890 that has 8gb of ram and 100mbs from Comcast and my dual core xeon runs at 400 mhz all day long. I have snort installed
The outside pipe is Ethernet at 10 Gbps, but we're only using a 1 Gbps drop. Therefore, the hardware will need to be able to handle bursts of up to 1 Gbps, and 100 mbps sustained (doubt it will hit 1 Gbps very often but the hardware still needs to accommodate it).
Thanks for the feedback!
-
Snort might be a little tricky for 1 Gbps throughput. A Intel Pentium G630T (2.3 GHz) caps (hits 100% on the core running Snort) out at ~100 Mbps (torrent traffic, 100/10 Mbps connection). The faster GHz Intel's will probably cap somewhere between 200-500 Mbps too. Remember that a single Snort monitor will only utilize a single core.
This blog post has some ideas on Snort capacity planning: http://mikelococo.com/2011/08/snort-capacity-planning/
Thanks for the info/link. Most likely it will only have bursts to 1 Gbps for very short periods of time, and maintain around 10-100 Mbps for the majority. Sad to see that Snort is only optimized to use a single-cpu.
-
I'm gathering the data here: http://www.pfsense.org/index.php@option=com_content&task=view&id=52&Itemid=49.html may be a little outdated given feedback thus far.
If anyone currently uses pfSense on 1 Gbps WAN uplink, please let me know the hardware you use :)
All other info has been great just hoping to get someone who actually uses 1 Gbps with pfSense.
-
a Xeon with 8GB RAM should suffice your needs. Keep room for RAM growth for future needs.
-
Yes the info on that page is somewhat outdated.
The 1Gbps WAN connection is far less a consideration that trying to run Snort at 1Gbps.
There are plenty of people running 1Gb WANs using relatively low end hardware. For example a Celeron G530: http://forum.pfsense.org/index.php/topic,45439.0.htmlSteve
-
Thanks guys, appreciate all your feedback!
-
For rack mounting, I always recommend 2U boxes as it gives the machine room for air flow and in turn less heat. Hot air dessipates out easily as air circulation is better. The hardware lasts longer in good air flow conditions. You would pay less in electric bills as the fans wont be over tasked in cooling like in a 1U pizza box.
Got an aluminum "pizza box" (Casetronic C159) for US$39.99, I'm unable to use it without 3 40mm fans spinning at 7000rpm just to keep it a Core i3 330M below 50C.
-
You mean like this?:
I hope your fans are arranged better than that. No ducting. CPU cooling fan drawing air from the top which is probably mostly obstructed.
Steve
-
You need to check how your fans spin direction (in or out). My 1U ASUS RS700-E6/RS4 has 7 fans and I have kept just 3 of them placed close to the CPUs which have passive cooling. My fans speeds rarely go over 5500 RPM. Usually they hover around 4500/4800 RPM.
-
There is no other way to use the fans.
-
We are using CARP with two dell poweredge R610 with bi-CPU E5506 and 16Gb of memory.
It has been running well for us.
It handle: a 650Mbps WAN which average at 200Mbps and can peak to 600Mbps for a few hours which generate ~70TB of traffic/month
50000+ states, ~60 simultaneous OpenVPN users, 4 IPSec tunnel (3DES 256bits)
