New firewall, what do you think?
-
pfSense developer Databeestje did a nice write up of testing an Atom D510 here: http://forum.pfsense.org/index.php/topic,27780.0.html
The D525 is faster so you may get 65-70Mbps. Your highest load scenario where both your remote sites are downloading at 10Mbps is well within that capability but might leave you wanting with other services on your 100Mbps connection. That would be exaggerated if you choose to load balance your two connections.
It's hard to know quite how this would scale since the limit on the VPN bandwidth might be a single core of the multicore cpu. That might leave more than enough cpu/cores to route the remaining bandwidth.Either way it definitely rules out running Squid or Snort and will leave you short if you upgrade your WAN bandwidth any time in the future.
Steve
-
There are plenty of example Sandy Bridge builds which don't have to cost that much. For example ~$300: http://forum.pfsense.org/index.php/topic,44269.0.html
Steve
-
I also have no idea where this will be. On a rack or on a shelf. Sitting on a table or floor?
If it doesn't need to fit in a 1U rack, I might even consider taking a obsolete quad-core desktop with 4+ GB of RAM and a couple of dirt cheap PCIe gigabit intel NIC card and building it that way. Repurposed old hardware like that costs almost nothing and is very fast for your purposes and reliable.
-
Thanks for your replies, it will be inside a rack but not necessarily in rack chassis, I prefer a small box for this
So, after some serching, what about this?
ASUS P8H61-I
Celeron G1610
4GB RAM ddr3
M350 case
ssd 16gb or other
intel dual nicThis is more or less 280€ +- $370, almost the same than my first approach lol
Thank you very much
-
I'd get a core i5…
For heavy VPN use and a little future proofing, I like the idea of having the AES routines on chip and the extra threads available at about the same power requirement. Since you are beefing up on your original spec, may as well do it up well.
-
Having an AES-NI capable CPU is nice and would be great for high bandwidth VPN but it's overkill here. The great thing about boards like that is the range of CPUs they support. The Celeron is just about the lowest performing processor that fits, if at some later date you have a wide range of upgrade options which will probably all be cheaper by then. :)
That said I notice the support page for that particular board only lists Sandy Bridge CPUs, not the G1610: http://www.asus.com/Motherboards/P8H61I/#support_CPU
Steve
-
Thanks for your replies, it will be inside a rack but not necessarily in rack chassis, I prefer a small box for this
So, after some serching, what about this?
ASUS P8H61-I
Celeron G1610
4GB RAM ddr3
M350 case
ssd 16gb or other
intel dual nicHow are you planning to fit a dual nic in that case+mobo combination?
This is more or less 280€ +- $370, almost the same than my first approach lol
Thank you very much
-
Not to worry… That CPU will make a great E-Bay item. haha
Then an i5 that fits the socket....
-
http://support.asus.com/cpusupport/detail.aspx?SLanguage=en&p=1&m=P8H61-I%20R2.0&cpu=Intel%20Celeron%20G1610%20%282.6GHz,55W,L3:2MB,2C,rev.P0%29&pcb=ALL&sincebios=0804&memo=
Maybe just a bios update if mobo revision is correct.
-
I choosed it because I found mobo + cpu + ram in ebay as bundle pack xd
http://www.ebay.de/itm/ASUS-P8H61-I-mini-ITX-Intel-Celeron-G1610-2x-2-6GHz-4GB-RAM-DDR3-/310674841980?pt=Komponentenbundles&hash=item4855a9e17cYes the motherboard is version 2.0
i5 would be great as well as xeon e5, but the thing here is do more (or the same) for less money so those cpu are not an option. Thanks for suggestion
Then do you think this build would handle the load well (50 users, Firewall, Internet gateway, vpn roadwarriors, vpn to remote offices, high troughput, no snort)
Thank you very much
-
Without Snort or Squid that board/CPU will handle >1Gbps so, yes, I'd say it will be fine.
Steve
