PFsense 10Gbs experience anyone?
-
Gotta be a liquid nitrogen cooled i7 clocked at a quadrillion GHZs or something….
-
A real number! ;)
Could you say what CPU you're using and how hard it's working? 4.3Gbps with Snort is impressive.Steve
That number is very similar to what hacom claims is the firewall performance for an E3-1275 V2, which for single-threaded apps (pfSense still uses pf for the main filters, right?) is just about the fastest x86 CPU you can get at any reasonable price. The 1280 and 1290 are a few ticks faster but double or triple the CPU price budget, and the V3 chips might add a few percent more, but it's looking like 5Gb/s might be about what you get with the current crop of hardware available.
-
No idea, I do not have much experience with pfsense, nor how it works.
But as far I know you can use pf_ring with snort to use multi cores.
Why not give it a try, if you have 10gbit stuff laying around.
https://www.google.nl/search?q=pfring+snort&oq=pfring+snort&aqs=chrome.0.69i57j0l3j69i62.1732j0&sourceid=chrome&ie=UTF-8#fp=aba73ede39cbb7b9&q=pf_ring+snort&safe=off&spell=1
-
Interesting. In fact there's a load of posts about running Snort at 10Gbps on FreeBSD even a few years ago on older hardware. However not using pf_ring because it's available as a Linux kernel module.
Steve
-
I'm also interested on some hardware details and about the load of the system under real conditions
-
Hi all
We are thinking of implementing PFsense as a firewall on a 10Gbs internet connection.
But before we do, we would like to know if this have been done before.
Is there anyone in here who is running a setup like that ? And who is willing to share their experience ?Hope to here from a lot of you :)
Is this a 10Gb/s dedicated or lease line or a shared 10Gb/s line?
-
Hi all
We are thinking of implementing PFsense as a firewall on a 10Gbs internet connection.
But before we do, we would like to know if this have been done before.
Is there anyone in here who is running a setup like that ? And who is willing to share their experience ?Hope to here from a lot of you :)
Is this a 10Gb/s dedicated or lease line or a shared 10Gb/s line?
Well, does that matter? in the end it is 10 gbit.
-
I hear lots of people going on about hardware that can't hit 1GB throughput. It will be interesting to see if someone does get 10GB throughput though something that doesn't cost a fortune.
-
No idea, I do not have much experience with pfsense, nor how it works.
But as far I know you can use pf_ring with snort to use multi cores.
Why not give it a try, if you have 10gbit stuff laying around.
https://www.google.nl/search?q=pfring+snort&oq=pfring+snort&aqs=chrome.0.69i57j0l3j69i62.1732j0&sourceid=chrome&ie=UTF-8#fp=aba73ede39cbb7b9&q=pf_ring+snort&safe=off&spell=1
Interesting. Would this work with FreeBSD? If so, I'd be in for a bounty on anyone who would be willing to integrate this into the pfSense package for Snort. I'm actually less interested in this for 10Gbe speeds than I am for running on low-power hardware with multiple cores.
Anyway, I think I've decided to go with a pair of Cisco Nexus 5548UP switches with the L3 modules to solve my routing issue. I've talked to a few people who have installed them and they've all had solid experiences.
-
No idea, I do not have much experience with pfsense, nor how it works.
But as far I know you can use pf_ring with snort to use multi cores.
Why not give it a try, if you have 10gbit stuff laying around.
https://www.google.nl/search?q=pfring+snort&oq=pfring+snort&aqs=chrome.0.69i57j0l3j69i62.1732j0&sourceid=chrome&ie=UTF-8#fp=aba73ede39cbb7b9&q=pf_ring+snort&safe=off&spell=1
Interesting. Would this work with FreeBSD? If so, I'd be in for a bounty on anyone who would be willing to integrate this into the pfSense package for Snort. I'm actually less interested in this for 10Gbe speeds than I am for running on low-power hardware with multiple cores.
Anyway, I think I've decided to go with a pair of Cisco Nexus 5548UP switches with the L3 modules to solve my routing issue. I've talked to a few people who have installed them and they've all had solid experiences.
I did read something about SnortSP Beta
Shell-based user interface with embedded scripting language
Native IPv6, MPLS and GRE support (This feature is now included in 2.9.x)
Native support for inline operation (This feature is now include in 2.9.x)
More subsystem plugin types such as data acquisition modules, decoders and traffic analyzers
Multithreaded execution model - multiple analysis engines may operate simultaneously on the same traffic (There are certain subsystems of 2.9.x that are now multi-threaded)
Performance increases
The purpose of this program is toSource: http://www.snort.org/snort-downloads/snortsp/