How much traffic can I route with a 633MHz CPU?
-
Hi Guys,
Myself and friends have been using pfSense 1.2.3 for load balancing two 15mbit ADSL connections for a small LAN party. Things are scaling up and we could potentially have a (single) 100mbit symmetric internet connection soon, courtesy of a nearby university.
Currently I run pfSense 1.2.3 on a 633MHz VIA Eden ESP 6000 CPU (VIA EPIA-CL6000E motherboard) with 512MB of DDR400 RAM. 2x VIA VT6105 LOM for onboard 10/100 NICs, and a Realtek FA311 :-[ in the PCI slot. (yes I'll buy an Intel card soon)
We won't have complex firewall rules, pfSense will just be providing captive portal functionality and "static" DHCP assignments (or aforementioned load balancing when we're in our old venue).
[b]Do I need to upgrade to route 100mbps full duplex? It was a real hassle to track down hardware that was compatible, and I've got the added problem of it needing to fit in a 1U rackmount case.
Thanks in advance
-
My guess is you may be fine with 100 Mb wire speed. That's potentially cutting it a bit close and it'll depend on the specific combination of hardware. You can test that pretty easily by putting it into a test setup of sorts with a device on LAN and one on WAN, and see what throughput you can achieve between those hosts. If you can get 100 Mb wire speed in that scenario, you should also be able to with a small LAN party. Replacing the NICs with better quality ones will get you at least somewhat better throughput if you're currently CPU-bound at less than 100 Mb, but you may be fine as is.
-
I have some of those. You will hit about 65mb to 75mb and start to fall over. And when full, forget logging in to the firewall.
Look at one of the newer Atom dual core boards, and use Intel chipsets for the nics when possible.
-
@Lee:
I have some of those. You will hit about 65mb to 75mb and start to fall over. And when full, forget logging in to the firewall.
Look at one of the newer Atom dual core boards, and use Intel chipsets for the nics when possible.
I can only find boards with the dreaded Realtek LAN chipset. Any pointers? Is it better to go for boards with no integrated LAN and buy a 2 or 4 port PCIe/x card? Also, I hope I can find something that's small enough to fit a 1U enclosure…
Thanks guys, I'll do some tests and post the results here with my current setup.
-
Recent Realtek chipsets are not at all that bad as their predecessors. You might have some driver issues with the older pfSense versions but the latest betas 2.1 should be good enough.
U always have the option to add a dual port gigabit Intel card and keep the Realtek as standy/backup just in case. -
This Intel board has a Atom D2500 and dual Intel NIC's.
http://www.intel.com/content/www/us/en/motherboards/desktop-motherboards/desktop-board-d2500cc.html
-
Yeah that's what I've been looking at. After I've tested the actual throughput of my current box I think I'll keep it for a home firewall and build something like this:
Intel D2500CC-E Mini-ITX Motherboard £76.90~
Samsung 2GB SODIMM DDR3 1066MHz RAM £4.99
Xcase ITX-19 1U Mini-ITX Case £35.99
120GB SATA 2.5" Hard drive £0.00 (spare, already own)I've found a few old threads hinting at a few install problems with the D2500CC board - no 64bit support and graphical glitches. Is this still the case?
Thanks guys, really helpful info!
-
I've run some tests on the 633MHz box (specs below) and with iperf on default settings it can route 84mbit from one client to one server. It's probably safe to assume that this is a best case scenario, and with more clients and connections the performance will probably degrade.
Specs:
pfSense 2.0.1
633MHz VIA Eden ESP 6000 CPU
VIA EPIA-CL6000E motherboard
512MB of DDR400 RAM
2x VIA VT6105 LOM (Onboard 10/100 NICs)Hope this helps someone in the future. Thanks for all your help.