1gbps Hardware Advice - Hosting
-
Complete newbie here (but I have done a lot of reading).
Based on what I have seen, single core speed matters more than more cores, which resulted in me getting a pentium G3420 for my setup. (3.2ghz haswell x2).
This is overkill for my needs as I have 100/15 cable, but should be capable of snort and squid @ 1gbps.
Based on this, a 3.4 ghz i3 haswell would be my recommendation
-
Based on what I have seen, single core speed matters more than more cores, which resulted in me getting a pentium G3420 for my setup. (3.2ghz haswell x2).
…
Based on this, a 3.4 ghz i3 haswell would be my recommendationYep, a cheap haswell dual core is faster than most multi-socket servers on purely singled threaded low footprint tasks. (like pf in 2.1)
The first MP xeon cpu that comes close is 2 thousand dollars, and its still sandy or ivy bridge so ~5% slower per clock.Haswell i3 support AES-NI and ECC in the right motherboard, some icing on the cake ;)
-
i also run a 1gbps link through pfsense, i run it on an ESXI host with the following specs
Xeon E3 1275V2 @ 3.5Ghz
32gb of RAM
RAIDZ NFS storage from NASThe VM does have the highest priority of all the VMs on the host for the CPU, but only has 1gb of ram allocated to it. I have no problems with speed or running high demand packages such as snort.
-
Aluminum:
for the AES-NI based CPUs, how much of a performance boost do you think you would get using AES-NI?
Would it mainly be used for things like VPN connections?
-
Aluminum:
for the AES-NI based CPUs, how much of a performance boost do you think you would get using AES-NI?
Would it mainly be used for things like VPN connections?
At the moment it's about zero.
-
Aluminum:
for the AES-NI based CPUs, how much of a performance boost do you think you would get using AES-NI?
Would it mainly be used for things like VPN connections?
At the moment it's about zero.
Yep, you can manually tweak some things for a speed boost but generally just wait for 2.2
The way the internet is going though I think encrypting every link is going to be the new normal, and hopefully last mile speeds stop sucking in more places so for future proofing a DIY router its a must have feature IMO. Its not expensive if you shop carefully.
-
Aluminum:
for the AES-NI based CPUs, how much of a performance boost do you think you would get using AES-NI?
Would it mainly be used for things like VPN connections?
At the moment it's about zero.
Yep, you can manually tweak some things for a speed boost but generally just wait for 2.2
The way the internet is going though I think encrypting every link is going to be the new normal, and hopefully last mile speeds stop sucking in more places so for future proofing a DIY router its a must have feature IMO. Its not expensive if you shop carefully.
Very true about encryption but other than VPN your PC is going to be handling the encryption when you surf the net so really don't need anything powerful on the firewall side unless you are serving over 100 people.
-
Very true about encryption but other than VPN your PC is going to be handling the encryption when you surf the net so really don't need anything powerful on the firewall side unless you are serving over 100 people.
Not really, what I mean is that always on VPN is slowly becoming the new normal for tech crowd, definitely for anyone knowledgeable enough to use pfsense or similar configurable devices. Here in NA the monopoly ISP vs user war is starting to go from cold to hot, among other things…
Not just your PC, you want to pipe all your random online devices through it too. -
The always on VPN scenario seems like, often at least, it gives a false sense of security.
Where are you terminating your VPN/exiting your traffic?
The only way it seems likely to help is either you are terminating it somewhere genuinely trustworthy (don't know where that mught be ;)) or you have many VPNs terminating on one machine such that traffic from the terminating machine cannot be eaily tied to any particular VPN.Anyway that's enough thread hi-jacking. Apologies to the OP.
Steve
-
The always on VPN scenario seems like, often at least, it gives a false sense of security.
Where are you terminating your VPN/exiting your traffic?
The only way it seems likely to help is either you are terminating it somewhere genuinely trustworthy (don't know where that mught be ;)) or you have many VPNs terminating on one machine such that traffic from the terminating machine cannot be eaily tied to any particular VPN.Anyway that's enough thread hi-jacking. Apologies to the OP.
Steve
I route all my traffic at home through a server in a near-by data center (consistent 8ms ping). It gets me away from Verizon's crappy routing (read: my Netflix works) and I can do interesting things like run all my web traffic through mod_pagespeed.