Another hardware recommendation question
-
OK, so i've been away for som time off. Wow, lot of replies, thanks for all the hardware suggestions!
I still do not really know how to determine my exact needs though :-[
Althouh my connection is 500Mb/s, the only things i really need to have: no wireless, 1xWAN, 2xLAN (or more) (1 for the game console), decent firewall, NAT, DHCP and access control (what machine has internet/wan access and when and preferably parental control by domain, ip and category). With AES-NI not yet fully implemented in pfSense, the only VPN stuff i will use, is done on the clients itself. Maybe need some VPN pass-throug or something like that. Captive portal seems nice for guest access, maybe use a VLAN for that too (but i could also do that in my managed switch), so guests can only use the internet and cannot access the local network.
So taking into account the list from my original post, adding the info above, i guess the hardware requirements are not that high for that, right?
-
Another NewEgg.com deal for the next few days on a similar system. Marked down to $99.00 with free shipping until 29 Jan 2015.
http://flash.newegg.com/Product/N82E16883280460
Refurbished: HP 6000 Pro Desktop PC Intel Pentium Dual Core E6500 (2.93GHz),
2GB Memory, 80GB HDD Storage, DVDROM, DisplayPort Windows 7 Professional 64 BitAlso has VGA port, Serial port, 1 PCI, 3 PCIe slots.
-
Yes, there are a lot of variables here. Really the only thing we have that's fixed is the 500Mbps WAN bandwidth. At the low end if you don't run any packages, so just firewall and NAT, and you only have a single internal interface then almost any old hardware you have to hand will probably be sufficient. 2 NICs in anything faster than a Pentium 4 will pass 500Mbps easily (some P4s also ;)) and that's not a bad way to go initially. Spend no money, gain experience installing/running pfSense and come away with a much better idea of what you might need longer term.
At the other end of the scale you might want to run Snort, Squid/Squidguard and HAVP. Perhaps you want to route all your traffic over a VPN (the full 500Mbps). You could have several internal subnets, segregated wifi and guest wifi. You're going to need something considerable more powerful to do that obviously. It gets much harder to estimate exactly but I would suggest a fast i3 or the previously mentioned Rangely Atoms.Steve
Hey Steve Do you think an old P4 will support Gigabit WAN? OUR ISP is currently building its fiber network in town (Its currently 150/7.5 Cable)
I think it might with good Intel NICs I have an old 2.8GHz S478 Northwood P4, sitting around collecting dust unfortunately all it has is PCI slots not PCIe :(
-
-
Hey Steve Do you think an old P4 will support Gigabit WAN?
I think it might with good Intel NICs I have an old 2.8GHz S478 Northwood P4, sitting around collecting dust unfortunately all it has is PCI slots not PCIe :(Nope. ;) It might get close though, like 700-800Mbps, with no packages and no other throttle points, like PCI.
My home box was running a P4-M underclocked to 1.2GHz and it could push ~300Mbps before all it's capacitors burst and it died. :( It had PCI-X connected NICs (as well as some special network connection bus Intel was using at that time) so there was no hold up there.If you have the hardware already it might be a fun project at zero financial cost. Since it's a single core CPU (without HT?) you should be able to get a good idea of how it will scale to a higher throughput. It will consume electricity at a much higher rate than a newer box though, expect >60W.
Steve
-
@gonzopancho:
With AES-NI not yet fully implemented in pfSense,
Wot?
From the website https://www.pfsense.org/hardware/: Future support of AES-NI acceleration of IPsec is planned, and should significantly reduce CPU requirements on platforms that support it.
-
@gonzopancho:
With AES-NI not yet fully implemented in pfSense,
Wot?
From the website https://www.pfsense.org/hardware/: Future support of AES-NI acceleration of IPsec is planned, and should significantly reduce CPU requirements on platforms that support it.
Yeah, we should update that.
-
@gonzopancho:
@gonzopancho:
With AES-NI not yet fully implemented in pfSense,
Wot?
From the website https://www.pfsense.org/hardware/: Future support of AES-NI acceleration of IPsec is planned, and should significantly reduce CPU requirements on platforms that support it.
Yeah, we should update that.
Cleaned it up real quick, I will probably touch it again in the near future: https://www.pfsense.org/hardware/#sizing
-
4 or 8 core atom 2558 or 2758 board from super micro
8-16gb ddr3
pick a case, hd,etc
that board has everything you will ever need, and can do 1gbs connections
-
@gonzopancho:
From the website https://www.pfsense.org/hardware/: Future support of AES-NI acceleration of IPsec is planned, and should significantly reduce CPU requirements on platforms that support it.
Yeah, we should update that.
Cleaned it up real quick, I will probably touch it again in the near future: https://www.pfsense.org/hardware/#sizing
Will recommended hardware change becauso of this?
-
No, I think most people in this thread were already aware of the current aes-ni support.
Steve