Hardware List for Gigabit WAN
-
I was hoping I could get someone to take a peek at my hardware upgrade plans before I pull the trigger on the upgrade parts.
About me:
I am an electrical engineer by education, a software engineer and reverse engineer by trade, but by no means an expert of any kind with respect to networking. I know as much as I have needed to know about networking, and nothing more.I've been trying to remedy that lack of knowledge, and I would love any recommended reads on networking.
Current Status (Speed figures in Download/Upload Mbps):
Directly connected, I get approximately 850/850 and up depending on the time of day.
Connected directly through pfsense (No switches in between), I get about 380/380.
Through my E3000 with DD-WRT, I get about 140/140 if I overclock it to 533Mhz.Goal:
At least 750/750 through the pfsense box
Multi Site to Site VPN for sharing access to my local network. 100 Mbps over VPN would be plenty and default routes for other sites would still go through their normal gateway.Current Build:
-
1.6 GHz Intel Atom N330 (http://www.newegg.com/Product/Product.aspx?Item=N82E16813500036)
-
2GB DDR2 RAM (Some really old Corsair XMS or XMS2)
-
HP NC360T Pro/1000 PT
Proposed Build:
-
Intel Core i3-4150 3.5GHz Dual-Core Processor (http://www.ncixus.com/products/?usaffiliateid=1000031504&sku=96206&vpn=BX80646I34150&manufacture=Intel&promoid=1401)
-
8GB DDR3 RAM (http://www.amazon.com/gp/product/B0037TO5C0/ref=oh_aui_search_detailpage?ie=UTF8&psc=1) (Already have this sitting around unused)
-
HP NC360T Pro/1000 PT
-
Zotac H87ITX-A-E Mini ITX LGA1150 Motherboard (http://www.superbiiz.com/detail.php?name=MB-H87I-AE&c=CJ)
-
-
Without having built a box with similar spec or using VPN to test anything, in theory, it should work. My i5 3.2ghz quad core only uses about 4% cpu doing 1.3gb/s, but with 1500byte packets. With synthetic benchmarks, the Intel "i" processors are capable of nearly 1GB/s/core with AES-NI, but still over 100MB/s/core in software.
Unless you're trying to make a core router that may handle lots of small packets, I would say that build would do what you're asking. I don't know a whole lot about the NIC, but it looks to be a re-branded Intel of the sort, so I assume it's good.
Don't expect high performance if you're doing to run anything extra that may be CPU intensive, like snort.
-
Without having built a box with similar spec or using VPN to test anything, in theory, it should work. My i5 3.2ghz quad core only uses about 4% cpu doing 1.3gb/s, but with 1500byte packets. With synthetic benchmarks, the Intel "i" processors are capable of nearly 1GB/s/core with AES-NI, but still over 100MB/s/core in software.
Unless you're trying to make a core router that may handle lots of small packets, I would say that build would do what you're asking. I don't know a whole lot about the NIC, but it looks to be a re-branded Intel of the sort, so I assume it's good.
Don't expect high performance if you're doing to run anything extra that may be CPU intensive, like snort.
Do you mean a core router as described here? http://en.wikipedia.org/wiki/Core_router – I only ask because I originally interpreted your response as the main router for the home.
How much more would it take to run snort? I hadn't really planned on it, but you have caught my interest, and I've been watching my firewall and seeing a lot more activity than I would have expected. DD-WRT didn't tell me as much of what it was doing.
-
That spec will have no problems doing what you've listed. With AES-NI (when that's fully implemented in pfSense) you'll probably see close to or above the line speed even with encrypted traffic.
A Celeron G530 will firewall/NAT at >1Gbps and the i3-4150 is more than double the performance in single or multithread benchmarks.
If anything you may have overshot the target! ;)Steve
-
That spec will have no problems doing what you've listed. With AES-NI (when that's fully implemented in pfSense) you'll probably see close to or above the line speed even with encrypted traffic.
A Celeron G530 will firewall/NAT at >1Gbps and the i3-4150 is more than double the performance in single or multithread benchmarks.
If anything you may have overshot the target! ;)Steve
Thanks for your help!
-
try this..
4 LAN Ports Network Security PC Hardware Platform,Mini itx PC Fanless Firewall Computer …
spec..
Main Board •Intel Atom D2550 Dual Core processor, 1.86GHz •Integrated Intel GMA 3600
Main Memory •1 x DDR3 SO-DIMM socket, support up to 4GB DDR3 1333/800 SDRAM
Storage •2 x 2.5" SATA HDD drive bay •1 x Mini SATA Slot •1 x CF Slot
Lan •4 x Realtek 82583V, 10/100/1000M, Support PXE, Wake on Lan
Watchdog Timer •255 levels, 0~255 sec
BIOS •AMI 16MB DPI Flash ROM
Expansion •1x PCI Slot
I/O Interface-Front • Power on/ off switch
I/O Interface-Rear •4 x RJ-45 •1x COM1( CISCO)+1x COM2(15PIN) •2 x USB2.0 •1 x VGA •1x DC IN
Power Requirements •12V DC IN
Dimensions •225 mm (W) x180 mm (D) x50mm (H)
Construction •Aluminum Chassis with Fanless DesignAs storage use SSD DOM (better for saving energy)..
…. sexy heu?... I order 1 for home ;))
ps : alibaba.com …
-
Link and does it have any WIFI options??
-
You won't see 1Gbps thoughput from an old style Atom. You might see close to 850Mbps with some tuning, probably not with Realtek NICs though. That's without any packages or encryption.
Steve
-
You might see close to 850Mbps with some tuning
Steve, can you please point me into the right direction about this? Just out of curiosity.
-
That was a guess based on one users 640Mbps from a lesser Atom after some tuning. A D510 has been shown to be good for 500Mbps.
Let me see if I can find the posts….Here. 640Mbps from a D2500 with Intel NICs.
Here. 485Mbps from a D510 with Intel NICs.
So in fact the D2550 is almost identical, I was mistaking it for the D2700. The box above is unlikely to get more than 650Mbps.
Steve
-
Thanks.
-
That spec will have no problems doing what you've listed. With AES-NI (when that's fully implemented in pfSense) you'll probably see close to or above the line speed even with encrypted traffic.
A Celeron G530 will firewall/NAT at >1Gbps and the i3-4150 is more than double the performance in single or multithread benchmarks.
If anything you may have overshot the target! ;)Steve
I've seen 2.2Gbps AES-GCM 128bit between two QC Xeon boxes over 10Gbps given recent snapshots. Is that "fully implemented" enough for you?
-
Good enough for me. ;)
-
You won't see 1Gbps thoughput from an old style Atom. You might see close to 850Mbps with some tuning, probably not with Realtek NICs though. That's without any packages or encryption.
Steve
And You think u ll see it with an .
Intel(R) Celeron(R) CPU 1037U @ 1.80GHz
2 CPUs: 1 package(s) x 2 core(s)…..?
-
Yes, though it depends on other hardware. Realtek NICs will slow things down. The C1037U scores more than 3X higher than the D2500 in a single thread benchmark, which is what counts until 2.2 is released.
https://www.cpubenchmark.net/compare.php?cmp[]=605&cmp[]=606&cmp[]=1988
Copy ans paste the above URL, the brackets screw up the code if I put it as a link.
Steve
-
Yes, though it depends on other hardware. Realtek NICs will slow things down. The C1037U scores more than 3X higher than the D2500 in a single thread benchmark, which is what counts until 2.2 is released
In fact i do not have exactly the setup i posted higher :) … As Lan I have this
2x onboard Intel 82574L 10/100/1000 Mb/s Ethernet Controler 1000baseT
-
I just posted this for on another thread which has the hardware details that you can take a look at…..
https://forum.pfsense.org/index.php?topic=86029.msg474387#msg474387
The hardware will easily support your 850/850 bandwidth along with resource intensive packages fully loaded. I have tested the same config in a test environment and it used up the entire 1 gigabit WAN network (my test network is 1 gigabit only) and the CPU was around 39-42% with the resource intensive packages. On base install the CPU never crossed 20%. I thought of doing a 2 gigabit test but it wasn't worth my time.
At current prices you wouldn't get very high cost to power savings ratio by going with the latest Rangley Atoms or 1150s, unless you plan to keep the hardware for 5+ years for the same use.
Get the 3rd generation hardware for 1/3rd of the 1150 price and save some $$
-
very interesting post thanks! i will think about it for the office ;D
but in my situation right now its home and have place only for small appliance (mine is case:19cmx19cmx5cm) and widely enough.
-
This is at my home ;D
The mobo is micro-atx, previously I used a mini-ITX. The hardware is more geared towards supporting higher WAN bandwidth and the same time keeping the hardware real estate small and low power consuming.
-