Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1gbps Hardware Advice - Hosting

    Scheduled Pinned Locked Moved Hardware
    12 Posts 8 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      Keljian
      last edited by

      Complete newbie here (but I have done a lot of reading).

      Based on what I have seen, single core speed matters more than more cores, which resulted in me getting a pentium G3420 for my setup. (3.2ghz haswell x2).

      This is overkill for my needs as I have 100/15 cable, but should be capable of snort and squid @ 1gbps.

      Based on this, a 3.4 ghz i3 haswell would be my recommendation

      1 Reply Last reply Reply Quote 0
      • A Offline
        Aluminum
        last edited by

        @Keljian:

        Based on what I have seen, single core speed matters more than more cores, which resulted in me getting a pentium G3420 for my setup. (3.2ghz haswell x2).
        …
        Based on this, a 3.4 ghz i3 haswell would be my recommendation

        Yep, a cheap haswell dual core is faster than most multi-socket servers on purely singled threaded low footprint tasks. (like pf in 2.1)
        The first MP xeon cpu that comes close is 2 thousand dollars, and its still sandy or ivy bridge so ~5% slower per clock.

        Haswell i3 support AES-NI and ECC in the right motherboard, some icing on the cake ;)

        1 Reply Last reply Reply Quote 0
        • A Offline
          Atlantisman
          last edited by

          i also run a 1gbps link through pfsense, i run it on an ESXI host with the following specs

          Xeon E3 1275V2 @ 3.5Ghz
          32gb of RAM
          RAIDZ NFS storage from NAS

          The VM does have the highest priority of all the VMs on the host for the CPU, but only has 1gb of ram allocated to it. I have no problems with speed or running high demand packages such as snort.

          1 Reply Last reply Reply Quote 0
          • M Offline
            midacts
            last edited by

            Aluminum:

            for the AES-NI based CPUs, how much of a performance boost do you think you would get using AES-NI?

            Would it mainly be used for things like VPN connections?

            1 Reply Last reply Reply Quote 0
            • J Offline
              jasonlitka
              last edited by

              @midacts:

              Aluminum:

              for the AES-NI based CPUs, how much of a performance boost do you think you would get using AES-NI?

              Would it mainly be used for things like VPN connections?

              At the moment it's about zero.

              I can break anything.

              1 Reply Last reply Reply Quote 0
              • A Offline
                Aluminum
                last edited by

                @Jason:

                @midacts:

                Aluminum:

                for the AES-NI based CPUs, how much of a performance boost do you think you would get using AES-NI?

                Would it mainly be used for things like VPN connections?

                At the moment it's about zero.

                Yep, you can manually tweak some things for a speed boost but generally just wait for 2.2

                The way the internet is going though I think encrypting every link is going to be the new normal, and hopefully last mile speeds stop sucking in more places so for future proofing a DIY router its a must have feature IMO. Its not expensive if you shop carefully.

                1 Reply Last reply Reply Quote 0
                • D Offline
                  Darkk
                  last edited by

                  @Aluminum:

                  @Jason:

                  @midacts:

                  Aluminum:

                  for the AES-NI based CPUs, how much of a performance boost do you think you would get using AES-NI?

                  Would it mainly be used for things like VPN connections?

                  At the moment it's about zero.

                  Yep, you can manually tweak some things for a speed boost but generally just wait for 2.2

                  The way the internet is going though I think encrypting every link is going to be the new normal, and hopefully last mile speeds stop sucking in more places so for future proofing a DIY router its a must have feature IMO. Its not expensive if you shop carefully.

                  Very true about encryption but other than VPN your PC is going to be handling the encryption when you surf the net so really don't need anything powerful on the firewall side unless you are serving over 100 people.

                  1 Reply Last reply Reply Quote 0
                  • A Offline
                    Aluminum
                    last edited by

                    Very true about encryption but other than VPN your PC is going to be handling the encryption when you surf the net so really don't need anything powerful on the firewall side unless you are serving over 100 people.

                    Not really, what I mean is that always on VPN is slowly becoming the new normal for tech crowd, definitely for anyone knowledgeable enough to use pfsense or similar configurable devices. Here in NA the monopoly ISP vs user war is starting to go from cold to hot, among other things…
                    Not just your PC, you want to pipe all your random online devices through it too.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      The always on VPN scenario seems like, often at least, it gives a false sense of security.
                      Where are you terminating your VPN/exiting your traffic?
                      The only way it seems likely to help is either you are terminating it somewhere genuinely trustworthy (don't know where that mught be  ;)) or you have many VPNs terminating on one machine such that traffic from the terminating machine cannot be eaily tied to any particular VPN.

                      Anyway that's enough thread hi-jacking. Apologies to the OP.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • J Offline
                        jasonlitka
                        last edited by

                        @stephenw10:

                        The always on VPN scenario seems like, often at least, it gives a false sense of security.
                        Where are you terminating your VPN/exiting your traffic?
                        The only way it seems likely to help is either you are terminating it somewhere genuinely trustworthy (don't know where that mught be  ;)) or you have many VPNs terminating on one machine such that traffic from the terminating machine cannot be eaily tied to any particular VPN.

                        Anyway that's enough thread hi-jacking. Apologies to the OP.

                        Steve

                        I route all my traffic at home through a server in a near-by data center (consistent 8ms ping).  It gets me away from Verizon's crappy routing (read: my Netflix works) and I can do interesting things like run all my web traffic through mod_pagespeed.

                        I can break anything.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.