Building new Firewall for 20~30K users @ 1Gbps
-
asterix - I'm a bit unclear on how well the firewall process and a few other things work across multiple cores on pfsense?
That got me wondering if 4x 2 core pfsense VMs would better utilize 8 cores than a single pfsense with 8 cores at its disposal?
I don't know? Never tried to scale pfsense very big, but I know some have.
-
asterix - I'm a bit unclear on how well the firewall process and a few other things work across multiple cores on pfsense?
The packet filter is currently single threaded but apps can run in parallel with it.
-
Yeah - Thats what I thought. Whats the best scheme to get the most out of the processors/cores available if packet filtering is the primary load?
-
Forgot to add.. yes since its multiple cores.. the best way to deploy this would be on ESX and multiple VMs as clusters.. on separate hosts.
-
Hmmm - I'd like to see how this turns out. Sounds ambitious. I'm pretty sure pfsense can tackle it.
-
I think you'll be ok with a dual xeon server.. The VM idea would be good too but that would involve a lot more cost.
-
Costs? Describe please?
-
Cost of doing a single machine to handle the load versus the hardware to handle multiple instances plus the cost of VM software itself. I'm sure that would work great but would it be cost effective? You would just have to break down the cost and see what would be the best options.
-
I see - Couldn't do it with Vsphere for free?
http://www.google.com/url?sa=t&rct=j&q=vsphere%20pfsense&source=web&cd=2&ved=0CDMQFjAB&url=http%3A%2F%2Fwww.vmsources.com%2Fresources%2Fdoc_download%2F38-installing-pfsense-in-vsphere-esxi&ei=pS4lUuWUEcLc2QXS_oCwBQ&usg=AFQjCNExtgqa942vB1q4SW-IfJ-Ndx2UQg&cad=rja
Edit - (I initially said Hyper-V - Obviously I was being scatter brained)
Anyway - I know that 32 bit instances of pfsense 2.1 run well on ESXi.
I did have some issue with the 64bit version, but only when using more than 4 WAN IPs.
It was perhaps a glitch in that particular snapshot and may already be resolved. Not sure.
I haven't played as much with 2.1 as I'd like yet. -
I don't believe vSphere is free. I know pfsense offers an install instance you can easily install into a VM environment. But the actual VM software itself I don't believe is free.
-
http://www.vmware.com/products/vsphere-hypervisor/
-
Learn something new everyday lol! If that's the case then all you'll have is hardware at that point and from there you can maybe setup pfsesnse in a load balance type setup.
-
On another note I've found what I'm going to install on my new server I'm going to buy.
-
And that is?
-
ESXi 5.X free hypervisor :)
At least this is how I imagine what he ment :) -
Yep!! I already use it at work for 2 or 3 test machines and since it's free and I have licenses for all the server OSes may as well take advantage of it. :)
-
Good deal.
-
This has got me wondering now how pfsense can be integrated into this with a load balancing type configuration. That would be an ideal solution.
-
There are tons of links here and there on the subject of pfsense / cluster / carp / load balance. Etc Etc.
I haven't tested any of them, but they should work in VM just fine if they work in physical machines.
-
Ha I need to search more but you're right if they work in physical they should work in virtual and better actually.