Embedded hardware for snort
-
8 Cores may sound promising but I doubt it would be a huge difference. Atoms are not meant to do heavy processing. Plain vanilla pfSense will work great for basic home use.
Check this out.
http://www.neweggbusiness.com/Product/Product.aspx?gclid=CJSdjOuFsb0CFaVQOgodZBUAiw&Item=9B-13-182-855&nm_mc=KNC-GoogleBiz&cm_mmc=KNC-GoogleBiz--pla--Server+Motherboards-_-9B-13-182-855&ef_id=Uy4ydQAAAaRIQhwV:20140326203218:s
Looks great with Quad Gigabit NICs. Worth a shot :)
-
I just got that SuperMicro A1SRi-2758F. Really, really nice. It's practically purpose-made for a networking implementation. Pretty much on idle with Snort and Suricata running.
-
8 Cores may sound promising but I doubt it would be a huge difference. Atoms are not meant to do heavy processing. Plain vanilla pfSense will work great for basic home use.
Check this out.
http://www.neweggbusiness.com/Product/Product.aspx?gclid=CJSdjOuFsb0CFaVQOgodZBUAiw&Item=9B-13-182-855&nm_mc=KNC-GoogleBiz&cm_mmc=KNC-GoogleBiz--pla--Server+Motherboards-_-9B-13-182-855&ef_id=Uy4ydQAAAaRIQhwV:20140326203218:s
Looks great with Quad Gigabit NICs. Worth a shot :)
I'm not sure what your point was. You said an Atom isn't enough and then posted the very same Atom board I've got here as a replacement for my DN2800MT. The Avoton/Rangeley cores are significantly faster than the older Atoms. They really should have changed the name.
-
8 Cores may sound promising but I doubt it would be a huge difference. Atoms are not meant to do heavy processing. Plain vanilla pfSense will work great for basic home use.
Check this out.
http://www.neweggbusiness.com/Product/Product.aspx?gclid=CJSdjOuFsb0CFaVQOgodZBUAiw&Item=9B-13-182-855&nm_mc=KNC-GoogleBiz&cm_mmc=KNC-GoogleBiz--pla--Server+Motherboards-_-9B-13-182-855&ef_id=Uy4ydQAAAaRIQhwV:20140326203218:s
Looks great with Quad Gigabit NICs. Worth a shot :)
I'm not sure what your point was. You said an Atom isn't enough and then posted the very same Atom board I've got here as a replacement for my DN2800MT. The Avoton/Rangeley cores are significantly faster than the older Atoms. They really should have changed the name.
LOL. My point was if embedded hardware is what the OP really wanted then he could try this…. based on your recommendation of C2758.
-
I just got that SuperMicro A1SRi-2758F. Really, really nice. It's practically purpose-made for a networking implementation. Pretty much on idle with Snort and Suricata running.
Have you loaded all of Snort rules just to test it? If not, could you please load the entire list of Snort rules and do a speed test to see how much bandwidth is available with this new Atom processor.
It looks good to me but way too expensive for an Atom at the moment.
-
I just got that SuperMicro A1SRi-2758F. Really, really nice. It's practically purpose-made for a networking implementation. Pretty much on idle with Snort and Suricata running.
Have you loaded all of Snort rules just to test it? If not, could you please load the entire list of Snort rules and do a speed test to see how much bandwidth is available with this new Atom processor.
It looks good to me but way too expensive for an Atom at the moment.
Using the "Balanced VRT" ruleset, plus a dozen group selections from ET, my DN2800MT hit 100% on a single core from snort at ~48Mbit/s. The C2758 maxes my FiOS at 83Mbit/s with snort at 20% of a single core. Assuming that it scales up linearly, that would put it at a cap of 400Mbit/s, just about right since I've seen numbers of 5-10x the speed of the previous generation depending on the task.
Snort is supposed to be able to take advantage of QuickAssist but I've no idea if it actually is. If not, there's more progress to be made here.
EDIT: Updated C2758 with "real world" snort percentage & throughput estimate. I'm not sure what speedtest.net does, but it drives snort nuts…
-
Hmm.. so I suppose sticking with an i3/i5 is still best for faster routing speeds. I doubt the annual power consumption difference in terms of $$ between the latest Atom and i3 are going to be that huge.
-
Hmm.. so I suppose sticking with an i3/i5 is still best for faster routing speeds. I doubt the annual power consumption difference in terms of $$ between the latest Atom and i3 are going to be that huge.
Depends. If you're talking about two interface FW performance then yes, a dual-core i3 with a high clock speed is going to walk all over it. If you're talking about running it as a "router" with 4, 6, 8 or more interfaces, and you plan to use snort on those interfaces, I suspect the C2758 will come out ahead.
-
Shouldn't Snort running on multiple interfaces need to have rules loaded for each of those interfaces, which in turn require more RAM for loading rules?
How do I make pfSense run just as a "router". Isn't it functioning as a firewall and a router at the same time?
-
Yeah, but RAM is cheap. The new box I put in at home has 16GB now with room to expand to 32GB. Once 16GB SODIMMs are available I could bump to 64GB.
If you don't want to run snort then don't install it.