Fanless gbit pfSense router?
-
I agree. I will never ever buy an Atom as it makes no real sense when it comes to $ v/s CPU power. Some folks who are using Atom are sorta die hard fans (even when they know within that they should had gone for a G530/i3 ;D ) and swear by it.
Frankly, for a fully loaded UTM I cross out Atom immediately. Even if someone is trying to build even a basic pfSense firewall with no add-on packages, its just makes no sense by not going the G530/i3 route for a few extra bucks, unless you are extremely tight on budget and every dollar counts for your end decision.
what about ram amounts? I'm thinking I want to build a nice(ish) UTM…
-
Ram is cheap, get lots. ;)
If you have a new build with current technology RAM then just fill it. RAM in £/MB is more expensive in older modules.
If you want to run Snort and Squid I would look at 4GB.This is getting a bit OT but there is still one area where the Atom is king; very low power consumption passively cooled setups.
Yes the Akasa euler can do it for 35W 'real' CPUs but there's cost involved there. The Atom currently fills a niche between the Alix and significantly more expensive passive cooling solutions that can handle higher TDP. A niche that will hopefully be filled by the new Alix board. ;)Steve
-
I agree. I will never ever buy an Atom as it makes no real sense when it comes to $ v/s CPU power. Some folks who are using Atom are sorta die hard fans (even when they know within that they should had gone for a G530/i3 ;D ) and swear by it.
Frankly, for a fully loaded UTM I cross out Atom immediately. Even if someone is trying to build even a basic pfSense firewall with no add-on packages, its just makes no sense by not going the G530/i3 route for a few extra bucks, unless you are extremely tight on budget and every dollar counts for your end decision.
what about ram amounts? I'm thinking I want to build a nice(ish) UTM…
Start with 4GB. My sweet spot is 6GB ;D. Snort, Squid, dans with clamd, pfBlocker.. all run like smooth butter and memory usage sits between 40 to 43%. I have kept 8GB just because I have extra in my server and its a VM. RAM usage is between 30 to 33%. If needed I will pull it down to 6GB.
-
Any idea what it peaks at?
Unused RAM is doing no good to anyone. ;)Steve
-
I think its wise to keep 25% in reserve to handle momentary spikes in memory usage. Could be wrong.
-
Here are the screenshots of my UTM. Network activity has gone down drastically this week due to schools re-opening. Last month was modest as well.. just shy of 350GB.. as we were on family vacations.
-
2
-
3
-
Yeah - Similar here. I like to have a safety buffer also.
-
My memory consumption goes up and down depending on how much cache is in the RAM. Old data flushes out periodically and brings down the usage. Snort has come a really long way from its initial days where 2GB was just not enough to load it and would crash while turning on the service. It's not like that anymore since 2011.
-
Same same… Goes up to 75% and then pops back down to 25% periodically.
Disk usage is slowly creeping up to 20% (Its a newly installed SSD - Will take time. I'm usually faster to adopt but SSD has been a bumpy ride)
My screaming processor is a dual core AMD, but you know what? I like it. Its impressively stable for garbage that costs abut the same as a couple cups of coffee. And I'm passionately in love with Mushkin Server Ram. -
At full WAN capacity. Keep in mind in fully loaded UTM with all resource hungry packages running. Maxed my WAN at 51.73 Mbps.
Hardware is begging for more WAN throughput :D
-
No doubt is working well ;)
-
If we do the math..
8% of CPU was able to do 50Mbps of WAN throughput. So my UTM could do just about ….hmmm...
100/8=12.5 times 50Mbps .. that's 625Mbps before it runs out of CPU cycles. Keeping in mind that the Xeon is way more powerful than an i3 and i5, plus it's fully loaded with all resource hungry packages running at full power. I suspect it can reach 1Gbps if I let go of Snort and Dans with clamd.
-
For sure, if I need to handle 625Mbps and every package in the repository, I'd go with modern dual xeons and more RAM and maybe faster/bigger SSDs also. Its just a little businessy / industrial strength for my home. Here my network will top at 150Mps at the WAN for sure. No higher in the next foreseeable decade or so. If google internet comes here, I'll need something faster.
-
On second thoughts, I forgot I am on VM host. So it's shared CPU. If I load just pfSense with no VM host than the throughput would be better
OR
my strong belief is maybe its because the packages are single threaded and limiting the processing power.
-
Yes - Its a monster build for sure, but…
Is it fanless? ;DI like this guys original specs for his purposes.
-
Mine.. actually yes. Both physical CPU's are fanless with heatsinks. Except for the PSU ;)
-
haha - you win…
-
It's almost impossible to extrapolate accurately like that because, as you say, there are some single threaded processes. Particularly this is true of pf, as has been discussed before. In the worst case scenario you could have all that 8% on one core with the others idle (very unlikely I know). If your CPU appears as 8 cores (I have no idea how many you gave to the VM but this is worst case!) then that would be one core at 64% giving only 36% headroom or maximum throughput of 68Mbps! :P
Obviously that's not true but I hope it highlights how the calculation is not that simple. ;)Steve
