My pfsense build
-
What sort of throughput are you looking for? WAN to LAN or between internal subnets?
Steve
-
My WAN is a 40MBps (down) Cable connection, I want to at the very least keep pace with that. Between subnets the closer I can get to Gigabit the better. But I'm not sure if this regular desktop CPU I am looking at is even compatible with a decent server grade motherboard with a PCI-X bus to support high throughput.
-
That CPU will push >1GBps of traffic doing just NAT/firewall. It will easily saturate the 40Mbps WAN with web caching and virus scanning. I'm sure you can find a motherboard that will take it, I wouldn't have thought it very difficult. You will be looking at PCI-e in any board that will take it so forget about PCI-X.
Quad port NICs are expensive, especially if you get Intel NICs and that's highly recommended. A rack mountng case with a front 5.25" bay and two PCI expansion slots could be very difficult to find! Have you considered using a managed switch and VLANs instead?
Steve
-
That CPU will push >1GBps of traffic doing just NAT/firewall. It will easily saturate the 40Mbps WAN with web caching and virus scanning. I'm sure you can find a motherboard that will take it, I wouldn't have thought it very difficult. You will be looking at PCI-e in any board that will take it so forget about PCI-X.
Quad port NICs are expensive, especially if you get Intel NICs and that's highly recommended. A rack mountng case with a front 5.25" bay and two PCI expansion slots could be very difficult to find! Have you considered using a managed switch and VLANs instead?
Steve
How well will PCIe perform?
I did some more research into cases. I found one it had the front IO and it had a rear 5.25" external bay which would have worked ok since I would not need access to the drive bay often but it was spendy at $300. I think I decided to go with a generic rackmount case with the standard rear IO then connect the NICs to a patch panel mounted above the server to give me access to rewire as needed. I suspect I could find a mobo with 4 expansion slots and I can use just dual port NICs I've seen those on ebay for $20-$30 each.
-
How well will PCIe perform?
Much better than PCI-X. Even a PCIe X1 slot has 2.5Gbps bandwidth.
I would still rather use VLANs and more standard looking hardware. How easy or quickly will your box with external PCI-e cards be to replace if you have problem?
Steve
-
-
If you have a Microcenter close by then go for a mini-ITX or micro-ATX (with 2 PCIe slots) motherboard with i3 CPU. mini-ITX typically have just one PCIe slot.
Also get 4GB of RAM instead of 3.. an extra GB doesn't hurt.. plus they are cheap.
For the NIC check eBay and get 2 PCIe Intel dual-port gigabit network cards. Hook the WAN to the onboard NIC and use the 4 Intel ones for you internal network.
For the enclosure I had a 2U. It gives room for adding hardware plus the extra room is good for hardware air circulation.. keeps it better cooled than a 1U. It is not that big. I converted it to a VMware machine and had pfSense hosted on it along with a few other VMs. The i3 will work ok on VMware but it wont be lightning speeds if you add additional VMs on it. OR just keep plain pfSense on the it with no VMware.
http://www.plinkusa.net/webG2220S.htm
-
Buy a slightly old MOBO with a slightly old chip-set and slightly old NICs.
Preferably Intel NICs, but others also work.
Then check the specs against the boards BEFORE YOU BUY. -
You can get a cheap supermicro case, or one second hands. For the mainboard I would have chosen a supermicro mainboard because it has ipmi and is made for servers, so is always betters than regular mainboard from asrock, asus etc
RAM might or might not be important, but it is always prefered to have to much than to little. 4, 8, 16 GB does not cost much, in some cases linux will cache and that will or might increase the speed, even if it is a little. For the HDD you might consider a 10k or 15k rpm harddisk, ssd is good but I would not put reliablity on consument ssd's. The NIC is good because you will not need it with a low end system.
-
So if I go that i3 processor linked in my OP, a server grade mobo with pcie bus and gigabit NICs. It sounds like I can saturate the gigabit NICs and maximize my thoughput, is that correct?
I am also curious as to why you would recommend mechanical drives over ssds? Because I don't need much capacity ssds I can get 2 32GB ssds for $70-$80. As I understand ssds have extremely low power consumption generate little heat and because they don't have any moving parts have faster IO and are less prone to failure, am I missing something here?
For the mobo I found this: http://www.ebay.com/itm/Intel-S1200BTL-LGA-1155-Server-Motherboard-GG3-/330967844318?pt=Motherboards&hash=item4d0f3885de
http://ark.intel.com/products/53557/
What are your thoughts on this mobo? My processor isn't listed as compatible with this motherboard though. It says the i3-2120 is but thats just a slightly more powerful version of what I was looking at the 2120T, if necessary I could just go with the 2120 but I prefer the 2120T listed above because it uses less power and should be powerful enough for this. It does state it is compatible though with the i3-2100T which is also low power but the clock speed is a little lower at 2.5GHz, newegg has discontinued it but I can find it here http://www.amazon.com/Intel-i3-2120T-Dual-Core-Processor-Cache/dp/B005LMPN7M/ref=sr_1_2?ie=UTF8&qid=1377033526&sr=8-2&keywords=i3-2100t
-
Depends on which kind of install you plan to do as to if SSD is a good way to go or not. SSDs that are good for a full install of pfsense and won't break are actually sorta pricey. The SSDs you are talking about are probably cheap junk MLCs that rely on TRIM to keep them going more than a month or two. Good SLC versions are better for full installs of current release of pfsense but cost a bit more.
-
Interesting that it doesn't list the 2120T. The 'T' variant have different voltage requirements to get the lower TDP however it lists the G2100T as compatible as you say. I'd be surprised if it didn't work. Perhaps look for reports of compatibility elsewhere before you buy.
Steve
-
I am also curious as to why you would recommend mechanical drives over ssds? Because I don't need much capacity ssds I can get 2 32GB ssds for $70-$80. As I understand ssds have extremely low power consumption generate little heat and because they don't have any moving parts have faster IO and are less prone to failure, am I missing something here?
I've killed several small cheap SSD's running squid and dansguardian on my home network. I finally gave in on the last one and purchased a quality drive (Intel) - so far so good.
-
Which Intel drive did you buy exactly and what do they cost?
-
Which Intel drive did you buy exactly and what do they cost?
Don"t remember which one… it was one of the later models - 40GB. Recommended by someone on this board...
-
Ahhhh - A later model 40GB SSD of some sort.
Yeah - I also heard those are good.
-
Ahhhh - A later model 40GB SSD of some sort.
Yeah - I also heard those are good.
I believe the key was "later model "Intel"… I didn't google it, but I doubt there are many variations on the newer Intel SSD's - they all tend to be pretty good quality.
-
I disagree - I think there is huge room for differences in reliability amongst the drives made by Intel. If not, there would be no need for Intel to sell expensive SLC based drives for enterprise applications. They could just peddle off their MLC stuff to everyone. Personally I think people are dreaming, or perhaps just wishing, when they install MLC into something thats going to have to endure alot of writes.
Every year some company has a new fail proof scheme how to make MLC as reliable as SLC and after a year or so they find they were wrong (after having sold a ton of product of course).
-
I believe the key was "later model "Intel"… I didn't google it, but I doubt there are many variations on the newer Intel SSD's - they all tend to be pretty good quality.
Found it… Intel 320 Series 40 GB,Internal,2.5"
-
MLC - Get to version 2.1 ASAP and get TRIM running…
