My pfsense build
-
So I decided to build my own pfsense box. I am hopping to get some good feedback from these forums on my build.
1. The Case
I want a case that is rack mountable. I want the IO to be in from so I can easily access the NICs. I have found only a few options for front IO server chassis. I prefer the power supply to remain in the back but not a huge deal if its in the front too. The thing I cannot seem to find in a case with front IO and a front 5.25" external drive bay. Probably doesn't exist but I would like to ss as I have a 4 X 2.5" hot swappable drive cage I can put in a 5.25" drive bay. I will have to see what I can get. I pan on using two SSDs in a RAID 1 so not much chance of failure but I would like easy hot swappable access in case one does manage to fail.2. The Motherboard
I still have alot of work to go on deciding the motherboard for this build. I am thinking either low-end server grade a a decent consumer grade board. The main thing is it needs a fast bus to avoid bottlenecking my thoughput, and it needs to support my CPU obviously.3. The CPU
This is the part of the build I have actually narrowed down to a specific part I am looking to get. This is a Intel i3 dual core 2.6GHZ CPU with a power draw of only 35 watts. And its affordable. I would really like to get feedback on this CPU choice before I actually purchase it. http://www.newegg.com/Product/Product.aspx?Item=N82E168191150944. The RAM
Nothing special here, I was thinking 3Gigs should suffice for my needs. Since I am planning on running virus scanning and web caching packages.5. The Harddrives
I already mentioned this but I am looking to get 2 low capacity SSD's (probably used to save some money). RAID1 for redundancy in the unlikley even one manages to fail. I want a failure to be a 0 downtime issue.6. The NICs
I am looking to have 1 4-port gigabit NIC to start with (plus hopefully two one board for WAN interfaces). I am also looking to have room to expand with at least 1 more 4 port card in the future.My 3 goals for this build in order:
- Maximize network throughput
- Keep costs low
- Keep power consumption/heat low
Any feedback you can give or recommendations especially on a case to meet my needs is appriciated.
-
What sort of throughput are you looking for? WAN to LAN or between internal subnets?
Steve
-
My WAN is a 40MBps (down) Cable connection, I want to at the very least keep pace with that. Between subnets the closer I can get to Gigabit the better. But I'm not sure if this regular desktop CPU I am looking at is even compatible with a decent server grade motherboard with a PCI-X bus to support high throughput.
-
That CPU will push >1GBps of traffic doing just NAT/firewall. It will easily saturate the 40Mbps WAN with web caching and virus scanning. I'm sure you can find a motherboard that will take it, I wouldn't have thought it very difficult. You will be looking at PCI-e in any board that will take it so forget about PCI-X.
Quad port NICs are expensive, especially if you get Intel NICs and that's highly recommended. A rack mountng case with a front 5.25" bay and two PCI expansion slots could be very difficult to find! Have you considered using a managed switch and VLANs instead?
Steve
-
That CPU will push >1GBps of traffic doing just NAT/firewall. It will easily saturate the 40Mbps WAN with web caching and virus scanning. I'm sure you can find a motherboard that will take it, I wouldn't have thought it very difficult. You will be looking at PCI-e in any board that will take it so forget about PCI-X.
Quad port NICs are expensive, especially if you get Intel NICs and that's highly recommended. A rack mountng case with a front 5.25" bay and two PCI expansion slots could be very difficult to find! Have you considered using a managed switch and VLANs instead?
Steve
How well will PCIe perform?
I did some more research into cases. I found one it had the front IO and it had a rear 5.25" external bay which would have worked ok since I would not need access to the drive bay often but it was spendy at $300. I think I decided to go with a generic rackmount case with the standard rear IO then connect the NICs to a patch panel mounted above the server to give me access to rewire as needed. I suspect I could find a mobo with 4 expansion slots and I can use just dual port NICs I've seen those on ebay for $20-$30 each.
-
How well will PCIe perform?
Much better than PCI-X. Even a PCIe X1 slot has 2.5Gbps bandwidth.
I would still rather use VLANs and more standard looking hardware. How easy or quickly will your box with external PCI-e cards be to replace if you have problem?
Steve
-
-
If you have a Microcenter close by then go for a mini-ITX or micro-ATX (with 2 PCIe slots) motherboard with i3 CPU. mini-ITX typically have just one PCIe slot.
Also get 4GB of RAM instead of 3.. an extra GB doesn't hurt.. plus they are cheap.
For the NIC check eBay and get 2 PCIe Intel dual-port gigabit network cards. Hook the WAN to the onboard NIC and use the 4 Intel ones for you internal network.
For the enclosure I had a 2U. It gives room for adding hardware plus the extra room is good for hardware air circulation.. keeps it better cooled than a 1U. It is not that big. I converted it to a VMware machine and had pfSense hosted on it along with a few other VMs. The i3 will work ok on VMware but it wont be lightning speeds if you add additional VMs on it. OR just keep plain pfSense on the it with no VMware.
http://www.plinkusa.net/webG2220S.htm
-
Buy a slightly old MOBO with a slightly old chip-set and slightly old NICs.
Preferably Intel NICs, but others also work.
Then check the specs against the boards BEFORE YOU BUY. -
You can get a cheap supermicro case, or one second hands. For the mainboard I would have chosen a supermicro mainboard because it has ipmi and is made for servers, so is always betters than regular mainboard from asrock, asus etc
RAM might or might not be important, but it is always prefered to have to much than to little. 4, 8, 16 GB does not cost much, in some cases linux will cache and that will or might increase the speed, even if it is a little. For the HDD you might consider a 10k or 15k rpm harddisk, ssd is good but I would not put reliablity on consument ssd's. The NIC is good because you will not need it with a low end system.
-
So if I go that i3 processor linked in my OP, a server grade mobo with pcie bus and gigabit NICs. It sounds like I can saturate the gigabit NICs and maximize my thoughput, is that correct?
I am also curious as to why you would recommend mechanical drives over ssds? Because I don't need much capacity ssds I can get 2 32GB ssds for $70-$80. As I understand ssds have extremely low power consumption generate little heat and because they don't have any moving parts have faster IO and are less prone to failure, am I missing something here?
For the mobo I found this: http://www.ebay.com/itm/Intel-S1200BTL-LGA-1155-Server-Motherboard-GG3-/330967844318?pt=Motherboards&hash=item4d0f3885de
http://ark.intel.com/products/53557/
What are your thoughts on this mobo? My processor isn't listed as compatible with this motherboard though. It says the i3-2120 is but thats just a slightly more powerful version of what I was looking at the 2120T, if necessary I could just go with the 2120 but I prefer the 2120T listed above because it uses less power and should be powerful enough for this. It does state it is compatible though with the i3-2100T which is also low power but the clock speed is a little lower at 2.5GHz, newegg has discontinued it but I can find it here http://www.amazon.com/Intel-i3-2120T-Dual-Core-Processor-Cache/dp/B005LMPN7M/ref=sr_1_2?ie=UTF8&qid=1377033526&sr=8-2&keywords=i3-2100t
-
Depends on which kind of install you plan to do as to if SSD is a good way to go or not. SSDs that are good for a full install of pfsense and won't break are actually sorta pricey. The SSDs you are talking about are probably cheap junk MLCs that rely on TRIM to keep them going more than a month or two. Good SLC versions are better for full installs of current release of pfsense but cost a bit more.
-
Interesting that it doesn't list the 2120T. The 'T' variant have different voltage requirements to get the lower TDP however it lists the G2100T as compatible as you say. I'd be surprised if it didn't work. Perhaps look for reports of compatibility elsewhere before you buy.
Steve
-
I am also curious as to why you would recommend mechanical drives over ssds? Because I don't need much capacity ssds I can get 2 32GB ssds for $70-$80. As I understand ssds have extremely low power consumption generate little heat and because they don't have any moving parts have faster IO and are less prone to failure, am I missing something here?
I've killed several small cheap SSD's running squid and dansguardian on my home network. I finally gave in on the last one and purchased a quality drive (Intel) - so far so good.
-
Which Intel drive did you buy exactly and what do they cost?
-
Which Intel drive did you buy exactly and what do they cost?
Don"t remember which one… it was one of the later models - 40GB. Recommended by someone on this board...
-
Ahhhh - A later model 40GB SSD of some sort.
Yeah - I also heard those are good.
-
Ahhhh - A later model 40GB SSD of some sort.
Yeah - I also heard those are good.
I believe the key was "later model "Intel"… I didn't google it, but I doubt there are many variations on the newer Intel SSD's - they all tend to be pretty good quality.
-
I disagree - I think there is huge room for differences in reliability amongst the drives made by Intel. If not, there would be no need for Intel to sell expensive SLC based drives for enterprise applications. They could just peddle off their MLC stuff to everyone. Personally I think people are dreaming, or perhaps just wishing, when they install MLC into something thats going to have to endure alot of writes.
Every year some company has a new fail proof scheme how to make MLC as reliable as SLC and after a year or so they find they were wrong (after having sold a ton of product of course).
-
I believe the key was "later model "Intel"… I didn't google it, but I doubt there are many variations on the newer Intel SSD's - they all tend to be pretty good quality.
Found it… Intel 320 Series 40 GB,Internal,2.5"
