Hardware Advice

jaskerx · Mar 11, 2014, 3:39 PM

I'm living in a rural area with 5 down 1 up DSL and have gigabit LAN with 3 wired and 3 wireless devices. I would like it to be able to route and firewall at 1gbps (for wired), run packages, dns caching, etc. Maybe snort and squid. Choosing the hardware is however driving me crazy, I want a low power device much like I have now (consumer grade router). I could just get the refurbished dell server from the pfsense site but a 7 year old power guzzling processor for an always on device sounds expensive. I would prefer newer hardware, but what? Some questions:

Will these new c2000 series atoms be any good? 4 core? or 8 core?
Any good mITX boards with dual intel nics? Fanless or embedded would be bonus.
What is the bare minimum processor for 1gbps routing/firewall?
Atom? Celeron? T series i3/i5? Over-kill for what I need?
Am I asking the right questions?

tirsojrp · Mar 11, 2014, 4:16 PM

An Recent/compatible Atom ITX with dual NIC should be enough for that bandwidth.

If power consumption is a issue check the new Alix APUc boards.
https://forum.pfsense.org/index.php?topic=59555.0

jaskerx · Mar 11, 2014, 6:00 PM

These would be good:

http://www.supermicro.com/products/motherboard/celeron/X10/X10SBA.cfm
http://www.supermicro.com/products/motherboard/Atom/X10/A1SAM-2550F.cfm

If the NIC's are supported. Otherwise when does 2.2 come out, I will wait.

stephenw10 · Mar 14, 2014, 4:28 PM

Why do you need gigabit capability? I assume you are planning multiple internal subnets/interfaces.

Steve

jaskerx · Mar 14, 2014, 6:11 PM

I know I don't really need gigabit connectivity since I have a 5 megabit dsl connection. Its only that I learned that your common consumer grade home router isn't even capable of routing at gigabit speeds. I'm assuming thats LAN to LAN? No I am not planning multiple internal subnets/interfaces. I'm also guessing that the bottleneck in my network is going to be hard disk read speed (from my NAS) so gigabit would be pointless?

stephenw10 · Mar 14, 2014, 6:48 PM

Traffic between internal machines on the same subnet will not pass through pfSense at all, only your switch. Hence in a machine with 2 interfaces the maximum throughput is limited by which ever is slower, 5Mbps in your case. So if you build a machine capable of firewalling 1Gbps it will be 200X faster than it need be. ;)
Now having multiple internal interfaces is not a bad idea. It allows you to, for example, segregate your wifi clients from wired or add a guest wifi network that has internet access but not access to your NAS.

Steve

jaskerx · Mar 14, 2014, 10:08 PM

In other words the VK-2D13 would do the job? Until the connection exceeds 87 Mbps?

Mar 14, 2014, 11:04 PM

@jaskerx:

In other words the VK-2D13 would do the job? Until the connection exceeds 87 Mbps?

Basically, but there is no headroom in that box.

Wait two weeks, buy an APU from either pfSense directly or Netgate (they come out of the same warehouse, shipped by the same people.)

jaskerx · Mar 15, 2014, 3:32 PM

Yeah 500 Mhz single core with 256 MB of RAM is kind of limited. What comes out in 2 weeks?

stephenw10 · Mar 15, 2014, 4:16 PM

The new PC-Engines APU board I believe:
https://forum.pfsense.org/index.php?topic=59555.0

Steve

jaskerx · Mar 15, 2014, 7:01 PM

The apu.1c4 sounds awesome although I would like to see performance data compared to the older model.