Fanless gbit pfSense router?
-
Same same… Goes up to 75% and then pops back down to 25% periodically.
Disk usage is slowly creeping up to 20% (Its a newly installed SSD - Will take time. I'm usually faster to adopt but SSD has been a bumpy ride)
My screaming processor is a dual core AMD, but you know what? I like it. Its impressively stable for garbage that costs abut the same as a couple cups of coffee. And I'm passionately in love with Mushkin Server Ram. -
At full WAN capacity. Keep in mind in fully loaded UTM with all resource hungry packages running. Maxed my WAN at 51.73 Mbps.
Hardware is begging for more WAN throughput :D
-
No doubt is working well ;)
-
If we do the math..
8% of CPU was able to do 50Mbps of WAN throughput. So my UTM could do just about ….hmmm...
100/8=12.5 times 50Mbps .. that's 625Mbps before it runs out of CPU cycles. Keeping in mind that the Xeon is way more powerful than an i3 and i5, plus it's fully loaded with all resource hungry packages running at full power. I suspect it can reach 1Gbps if I let go of Snort and Dans with clamd.
-
For sure, if I need to handle 625Mbps and every package in the repository, I'd go with modern dual xeons and more RAM and maybe faster/bigger SSDs also. Its just a little businessy / industrial strength for my home. Here my network will top at 150Mps at the WAN for sure. No higher in the next foreseeable decade or so. If google internet comes here, I'll need something faster.
-
On second thoughts, I forgot I am on VM host. So it's shared CPU. If I load just pfSense with no VM host than the throughput would be better
OR
my strong belief is maybe its because the packages are single threaded and limiting the processing power.
-
Yes - Its a monster build for sure, but…
Is it fanless? ;DI like this guys original specs for his purposes.
-
Mine.. actually yes. Both physical CPU's are fanless with heatsinks. Except for the PSU ;)
-
haha - you win…
-
It's almost impossible to extrapolate accurately like that because, as you say, there are some single threaded processes. Particularly this is true of pf, as has been discussed before. In the worst case scenario you could have all that 8% on one core with the others idle (very unlikely I know). If your CPU appears as 8 cores (I have no idea how many you gave to the VM but this is worst case!) then that would be one core at 64% giving only 36% headroom or maximum throughput of 68Mbps! :P
Obviously that's not true but I hope it highlights how the calculation is not that simple. ;)Steve
-
I agree. I will never ever buy an Atom as it makes no real sense when it comes to $ v/s CPU power. Some folks who are using Atom are sorta die hard fans (even when they know within that they should had gone for a G530/i3 ;D ) and swear by it.
Frankly, for a fully loaded UTM I cross out Atom immediately. Even if someone is trying to build even a basic pfSense firewall with no add-on packages, its just makes no sense by not going the G530/i3 route for a few extra bucks, unless you are extremely tight on budget and every dollar counts for your end decision.
It's not about the bucks, it's about heat and electricity use. A D525 Atom uses only 13Ws vs 65Ws for a G530. For a basic pfSense firewall with a couple of packages running, it's barely pushing 5% CPU; so all those extra cycles on the G530 is wasted, and consuming electricity. So over the course of a year, you're paying about 35.00 in extra electricity costs for what? Also, my box can pretty much fabless versus a G530 which would at least require a CPU fan.
I'm happy with the performance, never goes past 10% CPU utilization with the packages I'm running and the processor can easily do 200mbps+ of throughput.
-
Ahem.. :o
65W at full 100% usage ;D. Typical consumption is around 1 to 5% tops. No one is paying for 65W unless they are running 100% 24x7 ;)
-
Exactly.
Also if you want a fanless box capable of Gigabit speeds you're better choosing a 35W tdp CPU. The required cooling solution is based on the maximum heat dissipation and 65W passively is big!Steve
-
It's almost impossible to extrapolate accurately like that because, as you say, there are some single threaded processes. Particularly this is true of pf, as has been discussed before. In the worst case scenario you could have all that 8% on one core with the others idle (very unlikely I know). If your CPU appears as 8 cores (I have no idea how many you gave to the VM but this is worst case!) then that would be one core at 64% giving only 36% headroom or maximum throughput of 68Mbps! :P
Obviously that's not true but I hope it highlights how the calculation is not that simple. ;)Steve
Yeah I agree on that. I have allocated all 8 cores, even though pfSense won't be able to utilize them.
Honestly, in this date I was expecting FreeBSD to evolve more on the multiple core support plus all the packages out there. It's a shame to see so much CPU cycles sitting idle ant not being taken advantage off. pfSense response times would be lighting fast if all the packages along with the core OS was designed for multiple cores.
-
So, use them for something else… I'm sure you must have some need for those cores elsewhere?
-
So, use them for something else… I'm sure you must have some need for those cores elsewhere?
I think what he's trying to convey, is that in the industry where multicore has been gaining ground for 12 years; BSD and Pfsense by default, is stuck in the past, sure the old enterprise "it's stable so why change it" applies in quite a few minds, BUT;
everything else has "gotten with the times"cisco, juniper, even UBNT.com's new Edgerouter Lite, are all multicored now.
I can't think of many things that can't (with proper programming) be made MUCH better with multi-core support (SNORT anyone?)
-
Yep - I go that, but in the mean time asterix can make use of those cores and ram for something else running beside pfsense. Maybe some other useful server? By the time that sort of advance is made in pfsense, asterix will have upgraded hardware. I'm just suggesting use those resources in the mean time.
-
Yep - I go that, but in the mean time asterix can make use of those cores and ram for something else running beside pfsense. Maybe some other useful server? By the time that sort of advance is made in pfsense, asterix will have upgraded hardware. I'm just suggesting use those resources in the mean time.
LOL.. you forget.. its on ESXi VM. I have 5 other servers running in there along with pfSense. Dr_Drache got it right this time.. heheh :D
-
So, use them for something else… I'm sure you must have some need for those cores elsewhere?
I think what he's trying to convey, is that in the industry where multicore has been gaining ground for 12 years; BSD and Pfsense by default, is stuck in the past, sure the old enterprise "it's stable so why change it" applies in quite a few minds, BUT;
everything else has "gotten with the times"cisco, juniper, even UBNT.com's new Edgerouter Lite, are all multicored now.
I can't think of many things that can't (with proper programming) be made MUCH better with multi-core support (SNORT anyone?)
Well Snort, Dans and Squid all need to move to multi-core sooner or later.. sooner would be better. But maybe its because of lack of support (maybe lack of enthusiasm ;) ) from FreeBSD on moving towards multicore.
-
"I have allocated all 8 cores, even though pfSense won't be able to utilize them."
That threw me…Cool - Coffee time.
