Why does Gigabit throughput require such high end hardware?
-
Depends on where you get your power from….
You can easily get a sunpanel that can power your datacenter and thereby cut your spendings in half or more....
Optical has many weaknesses (IMHO).
-
@gonzopancho:
… and you've completely ignored the PHY, which is where the real power consumption occurs.
10GBase-T components today require anywhere from 2 to 5 watts per port at each end of the cable –depending on the distance of the cable –while SFP+ requires approximately 0.7 watt, regardless of distance.
For sure thats right but compared to the entire cost of the cards and SFP+ transceivers to the
throughput, it will then perhaps better to support more Mellanox ConnectX
-3 Pro VPI adapters.
Then you will be able to get 10 GbE/40 GbE or 40GbE/56/GbE and this for a smaller budget.
Rangeley C2758 & ConnectX-3 VPI would be great to see some supprt for those cards in the future. -
I don't see Melanox ConnectX-3 being significantly less expensive than Chelsio T5-based product.
For example:
Melanox ConnectX-3 dual-port 10G adapter $235:
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=1303&idcategory=6Chelsio T520-SO-CR dual-port 10G adapter: $234:
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=2084&idcategory=6Mellanox ConnectX-3 Dual-Port 40G Adapter $470:
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=1327&idcategory=6Chelsio T580-SO-CR 40 Gigabit adapter: $399
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=2083&idcategory=6And, of course:
Rangeley C2758 via Netgate $999:
http://store.netgate.com/Firewall/C2758.aspxChelsio T520-SO-CR via Netgate $245:
http://store.netgate.com/Chelsio/T520-SO-CR.aspx -
@gonzopancho:
I don't see Melanox ConnectX-3 being significantly less expensive than Chelsio T5-based product.
For example:
Melanox ConnectX-3 dual-port 10G adapter $235:
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=1303&idcategory=6Chelsio T520-SO-CR dual-port 10G adapter: $234:
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=2084&idcategory=6Mellanox ConnectX-3 Dual-Port 40G Adapter $470:
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=1327&idcategory=6Chelsio T580-SO-CR 40 Gigabit adapter: $399
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=2083&idcategory=6Ahhh for sure I was not recognizing that Chelsio is also offering 40 GBit/s equipment!
So far and in short thats it, for sure you are right with the comparing, but before the European
pfSense Shop is opening I was thing to refer before about the new Intel Atom C2000 Boards
something, and I was finding up this thread here very exiting: A Rangeley Board Review and so I was triggered to research over the Mellanox cards and where finding this equipment right here: 12 Port Mellanox Switch &
Mellanox Dual Port 56 GBit/s card and this was bringing me to the point that it could perhaps being interesting to get support for.And, of course:
Rangeley C2758 via Netgate $999:
http://store.netgate.com/Firewall/C2758.aspxChelsio T520-SO-CR via Netgate $245:
http://store.netgate.com/Chelsio/T520-SO-CR.aspxFor sure the "Rangeley" platform will be the right thing as I see it now also.
A little bit sad for the IPSec will not profit from AES-NI but ok I can life with that
for sure if the QuickAssist is speeding up then other things. Perhaps this is owed also
to the circumstances that I was having a looking eyes an a Supermicro platform at first!
Because there are boards with one PCIe slot for the Comtech AHA compression card I want
to use inside and adding much more RAM is also a point that was given, but wit three miniPCIe
slots for mSATA, Modem and WLAN and more GB lan ports it will be also very interesting for me
otherwise. For sure not so easy to come closer to a right decision these days.So let me see what is going on if the pfSense shop in Europe is opened.
But for the detailed informations you draw spread over so many threads I will say thank you
at this time first, glad to here about those things more and more. -
@BlueKobold:
@gonzopancho:
I don't see Melanox ConnectX-3 being significantly less expensive than Chelsio T5-based product.
For example:
Melanox ConnectX-3 dual-port 10G adapter $235:
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=1303&idcategory=6Chelsio T520-SO-CR dual-port 10G adapter: $234:
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=2084&idcategory=6Mellanox ConnectX-3 Dual-Port 40G Adapter $470:
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=1327&idcategory=6Chelsio T580-SO-CR 40 Gigabit adapter: $399
http://www.colfaxdirect.com/store/pc/viewPrd.asp?idproduct=2083&idcategory=6Ahhh for sure I was not recognizing that Chelsio is also offering 40 GBit/s equipment!
So far and in short thats it, for sure you are right with the comparing, but before the European
pfSense Shop is opening I was thing to refer before about the new Intel Atom C2000 Boards
something, and I was finding up this thread here very exiting: A Rangeley Board Review and so I was triggered to research over the Mellanox cards and where finding this equipment right here: 12 Port Mellanox Switch &
Mellanox Dual Port 56 GBit/s card and this was bringing me to the point that it could perhaps being interesting to get support for.And, of course:
Rangeley C2758 via Netgate $999:
http://store.netgate.com/Firewall/C2758.aspxChelsio T520-SO-CR via Netgate $245:
http://store.netgate.com/Chelsio/T520-SO-CR.aspxFor sure the "Rangeley" platform will be the right thing as I see it now also.
A little bit sad for the IPSec will not profit from AES-NI but ok I can life with that
for sure if the QuickAssist is speeding up then other things. Perhaps this is owed also
to the circumstances that I was having a looking eyes an a Supermicro platform at first!
Because there are boards with one PCIe slot for the Comtech AHA compression card I want
to use inside and adding much more RAM is also a point that was given, but wit three miniPCIe
slots for mSATA, Modem and WLAN and more GB lan ports it will be also very interesting for me
otherwise. For sure not so easy to come closer to a right decision these days.So let me see what is going on if the pfSense shop in Europe is opened.
But for the detailed informations you draw spread over so many threads I will say thank you
at this time first, glad to here about those things more and more.IPsec does profit from AES-NI, it's AES-CBC + HMAC-SHA1 that suffers. We're not done, either. For now, using AES-GCM with AES-NI will provide the largest gains. Again, we're not done here, but the current project is QAT.
I don't have as much interest in Mellanox as I do in Chelsio and the newer Intel 10G/40G parts.
-
I don't have as much interest in Mellanox as I do in Chelsio and the newer Intel 10G/40G parts.
For sure, after I was lead by your last comment that Chelsio is also having 40 Gbit/s adapters
it is really obsolete. -
In MO… We have 10/1 MB ($40/m) now and cable co start to offer 100/20 MB ($110/m)...and here you guys talking GB!!$$$$
-
Current offerings here in Denmark is 1Gbit/1Gbit for around 349DKK which is the equivalent of 49USD with current exchange rates….
-
In MO… We have 10/1 MB ($40/m) now and cable co start to offer 100/20 MB ($110/m)...and here you guys talking GB!!$$$$
You are talking about the WAN speed! And we where talking about the LAN speed!
This is quite different from each other, and the ConnectX 2 Series from Mellanox is supported
so it was only in my mind to find out if the new series will be perhaps also be supported, not
more and not less. And if we are talking about 40 GBit/s adapters this is more for the LAN
connection and not the WAN connection..and here you guys talking GB!!$$$$
pfSense is not only used in home networks and in corporate networks you have to deal
also with other throughput for the entire company to deliver a moderate speed to all
the clients, servers and SANs and there fore it would even be great, to be able not
to create a so called bottleneck inside your LAN. -
Current offerings here in Denmark is 1Gbit/1Gbit for around 349DKK which is the equivalent of 49USD with current exchange rates….
In HK 1G up/down is less than 30 USD/month, and there is vendor planning to work out a 10G residential plan.
-
Thats freaking crazy! :D
Sponsored by Chinese INtelligence??? ;)
-
Why do governments act like children on the internet?
-
In Hungary we have 1G/300M for about 15USD/month including 110 DVB TV channels and landline phone.
-
In Manila we have 5/1 coax connection for about $30 per month and TV is another $15 extra… And the picture is shit... (-:
-
Thats freaking crazy! :D
Sponsored by Chinese INtelligence??? ;)
I already consider this expensive, there exist cheaper 1G/1G options (and previous 2 yrs I was paying USD 15 for 500M/500M)
And of course we want to separate with mainland China (GFW is blocking lots of stuff)…...
-
I know. Do you use VPN to overcome that?
Thats freaking crazy! :D
Sponsored by Chinese INtelligence??? ;)
I already consider this expensive, there exist cheaper 1G/1G options (and previous 2 yrs I was paying USD 15 for 500M/500M)
And of course we want to separate with mainland China (GFW is blocking lots of stuff)…...
-
In Hungary we have 1G/300M for about 15USD/month including 110 DVB TV channels and landline phone.
I guess everything is relative but still. :o
Steve
-
I know. Do you use VPN to overcome that?
Thats freaking crazy! :D
Sponsored by Chinese INtelligence??? ;)
I already consider this expensive, there exist cheaper 1G/1G options (and previous 2 yrs I was paying USD 15 for 500M/500M)
And of course we want to separate with mainland China (GFW is blocking lots of stuff)…...
Staying in HK, I don't need to do anything, GFW is only within mainland China border.
If people need to go to China, they definitely need VPN, but it's still not that easy because GFW apparently knows the OpenVPN traffic, that's why I'm going to construct an OVPN obfuscation proxy to my OVPN server for hiding myself…. -
@gonzopancho:
IPsec does profit from AES-NI, it's AES-CBC + HMAC-SHA1 that suffers. We're not done, either. For now, using AES-GCM with AES-NI will provide the largest gains. Again, we're not done here, but the current project is QAT.
At my last place, they used a patch from a consulting company that implemented AES-CBC with HMAC-SHA-xx with AES-NI acceleration. I have since moved on. If I can get more info / link on that, I will share.
-
You can't accelerate SHA with AES-NI.
Very modern Intel CPUs have instructions that will accelerate SHA/SHA2, but there is no support for that in FreeBSD or pfSense yet.
