Hardware suggestions
-
Hello
i have a budget of about 1000$ to get hardware on which to run pfsense. we have 8 offices spread over about a 1000 kms, average users around 400-500. VPNs are used frequently and it wont be wrong if i say are used 24x7
I want to get possible hardware which will work efficiently for next 3-4 years during which it is expected the number of users may increase by around 100-150.
currently running pfsense on soekris 6501 boards which give throughput of about 600 mbps on full load and on vpn throughput of around 120mmbps. Goal is to double the throughput (if possible)
I'd want to have the box similar in size to that of soekris
Any suggestions will be much appreciated
Thanks -
it'll probably depend on the type of VPN.
-if you wish to accomplish this with openvpn then you $1k budget might be on the low-end if you wish this to be in a 19" appliance type of device. (openvpn needs lots of cpu power or hardware crypto card = i5/i7/xeonE5 ish)
-recently there have been huge performance gains when using IPSEC by enabling AES-NI (freebsd & pfsense & netgate worked together to get this working in 2.2 … )
http://store.pfsense.org/c2758/ <– high-end model that should probably do more then 300mbit ipsec with AES-NI (ask for confirmation at pfsense-devs ) -
I'm surprised you're seeing 120Mbps from an older Atom.
Jim posted some numbers for an IPSec tunnel between an FW-7551 and a C2758:
https://forum.pfsense.org/index.php?topic=81862.msg471933#msg471933Steve
-
I'm surprised you're seeing 120Mbps from an older Atom.
Jim posted some numbers for an IPSec tunnel between an FW-7551 and a C2758:
https://forum.pfsense.org/index.php?topic=81862.msg471933#msg471933Steve
my bad, it was about 65 mbps
@heper:it'll probably depend on the type of VPN.
-if you wish to accomplish this with openvpn then you $1k budget might be on the low-end if you wish this to be in a 19" appliance type of device. (openvpn needs lots of cpu power or hardware crypto card = i5/i7/xeonE5 ish)
-recently there have been huge performance gains when using IPSEC by enabling AES-NI (freebsd & pfsense & netgate worked together to get this working in 2.2 … )
http://store.pfsense.org/c2758/ <– high-end model that should probably do more then 300mbit ipsec with AES-NI (ask for confirmation at pfsense-devs )How much will an i3/i5 setup cost approx?
-
That seems closer to what I'd expect. ;)
Is is just the VPN speed you're looking for?
The FW-7551 and its successor are a lot less than $1000.
http://store.pfsense.org/SG2440/Steve
Edit: Rogue apostrophe
-
How much will an i3/i5 setup cost approx?
your budget is fine, I would go this rout >>
Get you something like this mobo
SUPERMICRO MBD-X10SLM-F-O
With an i3 or even a Xeon (E3-1220V3)
and you will have nothing to worry about for 3 to 5 years.
(Those 2 + Memories, rackmount case, Supply should get you right around your budget)
-
How much will an i3/i5 setup cost approx?
your budget is fine, I would go this rout >>
Get you something like this mobo
SUPERMICRO MBD-X10SLM-F-O
With an i3 or even a Xeon (E3-1220V3)
and you will have nothing to worry about for 3 to 5 years.
(Those 2 + Memories, rackmount case, Supply should get you right around your budget)
Thanks for the suggestions :)
Will try to go with xeon budget permitting
Main issue currently is finding a mini itx board having 4 NICs that can fit in the soekris casing or something similar of the size (have to say its beautiful :P) -
Thanks for the suggestions :)
Will try to go with xeon budget permitting
Main issue currently is finding a mini itx board having 4 NICs that can fit in the soekris casing or something similar of the size (have to say its beautiful :P)SUPERMICRO MBD-A1SRi-2758F-O is mini ITX with Quad Intel Ethernet, this one have a 8-Core Atom (C2758). Not sure if it will fix the case you refer to.
You can also find it with an i7 (SUPERMICRO MBD-X9SPV-M4-3UE-O)
Or you can add a Quad Intel Nic on PCIe slot to any of the mini ITX LGA1150 boards.
-
Thanks for the suggestions :)
Will try to go with xeon budget permitting
Main issue currently is finding a mini itx board having 4 NICs that can fit in the soekris casing or something similar of the size (have to say its beautiful :P)SUPERMICRO MBD-A1SRi-2758F-O is mini ITX with Quad Intel Ethernet, this one have a 8-Core Atom (C2758). Not sure if it will fix the case you refer to.
You can also find it with an i7 (SUPERMICRO MBD-X9SPV-M4-3UE-O)
Or you can add a Quad Intel Nic on PCIe slot to any of the mini ITX LGA1150 boards.
if your total budget is 1000$, that is going to be difficult for 8 offices. if about 1000$ per office, than go with the above setup to be problem free. use ecc ram
-
Thanks for the suggestions :)
Will try to go with xeon budget permitting
Main issue currently is finding a mini itx board having 4 NICs that can fit in the soekris casing or something similar of the size (have to say its beautiful :P)SUPERMICRO MBD-A1SRi-2758F-O is mini ITX with Quad Intel Ethernet, this one have a 8-Core Atom (C2758). Not sure if it will fix the case you refer to.
You can also find it with an i7 (SUPERMICRO MBD-X9SPV-M4-3UE-O)
Or you can add a Quad Intel Nic on PCIe slot to any of the mini ITX LGA1150 boards.
if your total budget is 1000$, that is going to be difficult for 8 offices. if about 1000$ per office, than go with the above setup to be problem free. use ecc ram
Oh, maybe I misunderstood the OP, I thought the 1K budget was for the VPN server / File server host, not all the 8 offices. I thought the offices will be clients. 1K over those 8 offices would be $125 per office…? no way you will find anything for $125
-
Thanks for the suggestions :)
Will try to go with xeon budget permitting
Main issue currently is finding a mini itx board having 4 NICs that can fit in the soekris casing or something similar of the size (have to say its beautiful :P)SUPERMICRO MBD-A1SRi-2758F-O is mini ITX with Quad Intel Ethernet, this one have a 8-Core Atom (C2758). Not sure if it will fix the case you refer to.
You can also find it with an i7 (SUPERMICRO MBD-X9SPV-M4-3UE-O)
Or you can add a Quad Intel Nic on PCIe slot to any of the mini ITX LGA1150 boards.
if your total budget is 1000$, that is going to be difficult for 8 offices. if about 1000$ per office, than go with the above setup to be problem free. use ecc ram
Thanks for the suggestions
That 3rd gen seems very good.
we have 1000$ per office budget.
Last thing is to get a small 1u casing. Any suggestions regarding that will be greatly appreciated -
Thanks for the suggestions
That 3rd gen seems very good.
we have 1000$ per office budget.
Last thing is to get a small 1u casing. Any suggestions regarding that will be greatly appreciatedCheck out SUPERMICRO SuperChassis CSE-512L-200B
-
Thanks for the suggestions
That 3rd gen seems very good.
we have 1000$ per office budget.
Last thing is to get a small 1u casing. Any suggestions regarding that will be greatly appreciatedCheck out SUPERMICRO SuperChassis CSE-512L-200B
Thanks but looking for something smaller like the soekris casings please
-
Thanks but looking for something smaller like the soekris casings please
You said 1U… that's 1U
soekris casings re custom, not sure there is anything out there that would fit a ITX formfactor
-
http://uk.farnell.com/schroff/20860-120/case-19-inches-1u-220mm-steel/dp/1455923
this is one that i found not sure if it would fit properly though
Secondly. would 4 GB ram suffice? And what brand should i go for -
Supermicro has low depth cases for mini itx bundled with PSU's.
So if you are going that route I would not use a CSE-512L-200B a suggested above, but a CSE-503L-200B : http://www.supermicro.com/products/chassis/1U/503/SC503L-200.cfm
Remember you need a fan assembly, and HDD cage if you are not going to hotglue everything :). These things are also not super quiet. Especially if you use the official fan.It has the depth of general non enterprise switches. And is 1U. I use them even in small 6U mini racks without issue.
I have no idea why you would want to use custom steel cases? The time you need to cut ports in them alone, if you factor in time/cost is ridiculous.
Akasa will some day have very nice passive cases. If they ever release them : http://www.akasa.com.tw/update.php?tpl=product/product.detail.tpl&no=181&type=Fanless%20Chassis&type_sub=Fanless%20Mini%20ITX&model=A-ITX17-M1BSupermicro RMA support is twitchy. So prepare to stock 1 extra 'in case'. Seeing your budget, you should have enough left to buy a 9th setup as a spare.
An A1SRi 2758 / 8GB ECC / SSD / case should be well within 1k.Of course, for your speed requirements. I see no reason why not go the official store route - and support your favorite Firewall Appliance?
http://store.pfsense.org/SG4860/Has everything you could ever want. Smaller form factor if for some reason you want that. Lower power use, passive. 6 ports.
And currently will already do several hundred Mbps VPN tunnels with improvements on the way. -
You will get more bang for the bug buying this one: http://www.xcase.co.uk/1u-rackmount-server-cases/x-case-itx-19-02-1u-rackmount-short-29-95-x-case.html
-
Supermicro has low depth cases for mini itx bundled with PSU's.
So if you are going that route I would not use a CSE-512L-200B a suggested above, but a CSE-503L-200B : http://www.supermicro.com/products/chassis/1U/503/SC503L-200.cfm
Remember you need a fan assembly, and HDD cage if you are not going to hotglue everything :). These things are also not super quiet. Especially if you use the official fan.It has the depth of general non enterprise switches. And is 1U. I use them even in small 6U mini racks without issue.
I have no idea why you would want to use custom steel cases? The time you need to cut ports in them alone, if you factor in time/cost is ridiculous.
Akasa will some day have very nice passive cases. If they ever release them : http://www.akasa.com.tw/update.php?tpl=product/product.detail.tpl&no=181&type=Fanless%20Chassis&type_sub=Fanless%20Mini%20ITX&model=A-ITX17-M1BSupermicro RMA support is twitchy. So prepare to stock 1 extra 'in case'. Seeing your budget, you should have enough left to buy a 9th setup as a spare.
An A1SRi 2758 / 8GB ECC / SSD / case should be well within 1k.Of course, for your speed requirements. I see no reason why not go the official store route - and support your favorite Firewall Appliance?
http://store.pfsense.org/SG4860/Has everything you could ever want. Smaller form factor if for some reason you want that. Lower power use, passive. 6 ports.
And currently will already do several hundred Mbps VPN tunnels with improvements on the way.Thanks a lot for your detailed reply
I guess il go for 503L in the end :)
ECC RAM is the only thing left i think so any suggestions fir that? -
made an error ! enclosure is 505-203b : http://www.supermicro.com/products/chassis/1U/505/SC505-203.cfm
front panel layout is totally different (and wrong..) with a 503.I often just use Kingston 1.35v ECC non buffered without any errors. But if you want to be sure 100% Supermicro has a supported memory list at the spec page of the motherbord.
-
Thanks for the suggestions :)
Will try to go with xeon budget permitting
Main issue currently is finding a mini itx board having 4 NICs that can fit in the soekris casing or something similar of the size (have to say its beautiful :P)SUPERMICRO MBD-A1SRi-2758F-O is mini ITX with Quad Intel Ethernet, this one have a 8-Core Atom (C2758). Not sure if it will fix the case you refer to.
You can also find it with an i7 (SUPERMICRO MBD-X9SPV-M4-3UE-O)
Or you can add a Quad Intel Nic on PCIe slot to any of the mini ITX LGA1150 boards.
Can anyone please confirm if (SUPERMICRO MBD-X9SPV-M4-3UE-O runs freebsd? Checked the os compatibility chart on supermicro site but cant seem to find freebsd for this specific model