Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Proper NIC, and microSD support?

    Scheduled Pinned Locked Moved Hardware
    14 Posts 5 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Offline
      stephenw10 Netgate Administrator
      last edited by

      An Intel Pro/1000 PT NIC will work fine, many people are using them.

      If you are running from flash memory, such as an SD card, you should be using the NanoBSD variant of pfSense. That will write onto an SD card no problem, you can write it to anything. As long as the SD card slot connected via USB and is able to be set as bootable in the server it should be fine. Though I've never tested it.  ;) Doing this will avoid any issue you may have had with the disk controllers which can cause problems on very new hardware. I don't believ the disk controller in the gen8 microserver is supported yet for example.

      A question here though is why you are using such a powerful box for a 100Mbps connection? Do you need wirespeed between internal interfaces? How many interfaces do you need? I'm unsure as whether the built in Broadcom NICs are supported, a similar question was asked earlier today.

      Steve

      1 Reply Last reply Reply Quote 0
      • B Offline
        biggsy
        last edited by

        Had you considered just making a pfSense VM?

        The 3.1 GHz quad core DL320 does seem a bit like overkill.

        1 Reply Last reply Reply Quote 0
        • V Offline
          Vigger
          last edited by

          Thanks for your response :)

          Okay, i don't know if the DL320e uses a USB backend for the microSD slot but it might.

          As far as i know HP only uses 2 drivers for all their SAS controller cciss (<= G5) and hpsa (>= G6), so the hpsa should work shouldn't it?
          If the microSD card works, i don't think i'll be installing any drives anyway.

          First of, i want to make sure we are not misunderstading things, by 100mbps i mean megabytes per second and not megabit so my taget speed is atleast 800 megabit/ps (should i have written uppercase 100MB/s?) so is the PT card still usable for this?

          One reason is i know from experience that i should always buy the double of what i think i need because i usually have a steep learning curve when playing around with new things and quickly find new ways to use them and the needs usually skyrocket along with me learning new stuff.
          I tried it recently when buying one of the servers, i thought 32gb mem and 2x quad core cpu's was more than enough, but all that is used up by now.

          So i have learned a little overkill is a good thing. but do you honestly think i should buy the 2gb mem/dual core version instead? could save me $200.

          I don't plan on using the 2 built in ports as i don't feel like they can be as good as a dedicated card, therefore i'm looking for a dualport intel card :-)

          1 Reply Last reply Reply Quote 0
          • V Offline
            Vigger
            last edited by

            @biggsy:

            Had you considered just making a pfSense VM?

            The 3.1 GHz quad core DL320 does seem a bit like overkill.

            I read here somewhere that using pfsense in a vm is a bad idea perfomance vise, plus i think physically splitting things up makes it all "better", it feels more right.

            Do you think the 3.4 Ghz dualcore is a better solution?

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Ah, 100MBps is a different matter then.  :)

              I would expect the disk controller to work in some mode may you may not be able to use all of its raid features for example. As you say that problem goes away if you're booting from SD.

              A little extra headroom is always a good thing but this could be a lot of overkill. You haven't mentioned if you want to run packages, Snort Squid etc, but those will significantly increase the hardware requirement if you do. For just plain firewall/NAT the dual core CPU would be more than enough for 1Gbps throughput. In fact a 3.4GHz dual core CPU will probably be faster than a 3.1GHz quad core because the pf process runs as a single thread.

              Intel NICs are always prefered but Broadcom are considered second best and I would have no worried using the on-board NICs if they're supported.

              There is some overhead to running virtualized but not too much. There are people here running firewalls at >5Gbps virtualized because currently the drivers under ESXi are able to work with newer 10GbE hardware.

              Steve

              1 Reply Last reply Reply Quote 0
              • V Offline
                Vigger
                last edited by

                Sorry for the confusion :-(

                That is exactly what i mean, currently i will only need very basic NAT'ing but as soon as i start poking around in there i will learn about other exciting things which may require more resources. I just want to be absolutely certain that i will not have to upgrade the machine anytime soon.

                FYI: the quad core has intel turbo boost which goes up to 3.5 Ghz.
                I just want a good, know, supported, 1Gb NIC thats my only interest.
                Obviously i would like a 10Gb network at home, but as far as i know 10G equipment is relatively expensive so my goal is to utilize the 1G network to it's max.

                Any suggestions regarding a widely supported not too expensive 1G nic?

                Thanks for your time so far :)

                @stephenw10:

                Ah, 100MBps is a different matter then.  :)

                I would expect the disk controller to work in some mode may you may not be able to use all of its raid features for example. As you say that problem goes away if you're booting from SD.

                A little extra headroom is always a good thing but this could be a lot of overkill. You haven't mentioned if you want to run packages, Snort Squid etc, but those will significantly increase the hardware requirement if you do. For just plain firewall/NAT the dual core CPU would be more than enough for 1Gbps throughput. In fact a 3.4GHz dual core CPU will probably be faster than a 3.1GHz quad core because the pf process runs as a single thread.

                Intel NICs are always prefered but Broadcom are considered second best and I would have no worried using the on-board NICs if they're supported.

                There is some overhead to running virtualized but not too much. There are people here running firewalls at >5Gbps virtualized because currently the drivers under ESXi are able to work with newer 10GbE hardware.

                Steve

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  If you go with the more powerful machine and the find that even after adding various things you're still only using 10% of its resources you can always switch to running as a VM and run other VMs on the same hardware.

                  I've still got sections of 100Mb ethernet here at home (don't think I have any 10base2 left….) and the fastest connection I could get is ~100Mbps if I wanted to pay for it. 10Gb is way way off!  ::)

                  Go with Intel NICs. Pretty much any Gigabit NIC i350 or older should be good. The newer, cheaper i210 is not supported currently. Search the forum to make sure. The Pro/1000 PT is widely used.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    bryan.paradis
                    last edited by

                    What is your WAN speed? 1Gigabit symmetrical? Or do you mean you want the LAN network to be 1gigabit or 10 gigabit.

                    1 Reply Last reply Reply Quote 0
                    • V Offline
                      Vigger
                      last edited by

                      OK i think i'll just buy the quad core version, it's only $800 anyway. i wont use it for VM's though, i have two nice DL380's with better supported hardware and better specs :)

                      And i think i'll give the PT card a chance and see how it performs it is an old card after all.

                      I only have 30/30 Mb/s connection on the wan side so that is not a problem, it's only between machines on the LAN i need high speeds.

                      Thank so much for your help,

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        If you are only planning to have a single internal interface, LAN, then the traffic through the box can only ever be 60Mbps total. In that case your hardware will be way way overspecified. You could easily pass that traffic with an Atom.
                        Since you clearly have a fair collection of hardware and services going on you may well want to segregate your network into, say, servers, clients, VoIP, wifi etc in which case it would be slightly more justified.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • V Offline
                          vman76
                          last edited by

                          The PT guard will do just fine. Right now, I'm using it in my poweredge 1950 which is currently servicing 1,400 college students they're pushing it to a steady 400 Mbps and 40,000 PPS without it dropping a packet.  I got 960 Mbps out of it for a sustained 5 minutes of testing using iperf before I deployed it in production.

                          1 Reply Last reply Reply Quote 0
                          • V Offline
                            Vigger
                            last edited by

                            @stephenw10:

                            If you are only planning to have a single internal interface, LAN, then the traffic through the box can only ever be 60Mbps total. In that case your hardware will be way way overspecified. You could easily pass that traffic with an Atom.
                            Since you clearly have a fair collection of hardware and services going on you may well want to segregate your network into, say, servers, clients, VoIP, wifi etc in which case it would be slightly more justified.

                            Steve

                            Oh i think i might have overlooked the most obvious problem with this setup.
                            So if device A was downloading data from server A
                            while device B was downloading data from server B then the 2 devices would each download with 31.25 MB/s?

                            If so i might have to ask a new question, can i do it here or should i make a new topic?
                            I honestly don't know how to solve this problem, but couldn't i buy a 1Gb switch which had a single 10Gb port (optical?) which i hook up to my router and thus up to 5 devices at a time would be able to draw the max 125MB/s?
                            Or is there some other option?

                            @vman: Thanks! :)

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              I don't totally understand your question. Where are devices A and B and servers A and B?

                              If you have only two interfaces in the firewall, WAN and LAN, then traffic between devices in the internal network does not flow through the firewall at all. Only traffic that flows in or out of the WAN goes through the firewall and with your 30/30 Mbps connection that means the total firewall throughput, in both directions simultaneously, can be 60Mbps.

                              If you have multiple internal networks separated by multiple interfaces on the firewall then traffic between those networks obviously has to go through the firewall. That traffic could be at Gigabit wirespeed in both directions and you could have many connections between many interfaces so firewall hardware requirements are significantly higher.

                              So really it depends how many interfaces you're planning to have.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.