Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    10GbE Hardware Recommendations

    Scheduled Pinned Locked Moved Hardware
    5 Posts 4 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mallard
      last edited by

      I'd like to preface this by saying some of the requirements/requests are likely overkill. I prefer to build in overhead and like working my way from top to bottom in terms of performance.

      I currently have 1Gb/s up/down connection and will possibly be upgraded to 2Gb/s in the near future. I'm currently thinking that I would like to use the pfSense box to handle the 10GbE connections which would include my personal PC, FreeNAS/RockStor NAS, a switch, and an AP. Additional devices would be connected via the switch. I'm planning on using Snort, Squid, OpenVPN and probably a few others as I continue to dive in. The system will be rack mounted but would like to try to keep it relatively quiet. I'm currently in the process of planning out the entire network so comments on any of the pieces are appreciated.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        i have no knowledge of hardware below the $ridicilous dollar range that will do snort/openvpn at even 5gb/s .

        also: rack hardware thats relatively quiet is hard to find - rack hardware that can push 10GbE, that is relatively quiet is probably non-existing.

        1 Reply Last reply Reply Quote 0
        • H
          heper
          last edited by

          http://store.pfsense.org/XG-1540/

          this could potentially get you well passed the 2gbit marker just doing NAT.

          no clue what it would do when adding snort.

          openvpn at 2gbit is probably impossible using freebsd at this time. this might improve when the next version of openvpn comes around (no clue when that'll be)

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            @Mallard

            Take two D-Link DGS1510-20 Switches for the 10 GBit/s LAN routing and let the pfSense
            being smaller and feed it with 2 x 1 GBit/s WAN connection. So the pfSense is powerful
            enough for the WAN only routing and the switches will be sufficient enough for the LAN
            routing.

            Other wise and as suggested before the XG-1540 together with a Chelsio adapter will do this
            job also for you.

            1 Reply Last reply Reply Quote 0
            • K
              Keljian
              last edited by

              You will have more luck with suricata than snort at 10gbps. The former is multithreaded.

              A Chelsio t420 + an i7 (1550/1551)or equivalent Xeon would do it for you.  Just grab 6-8 gig of ram

              You could look at some mikrotik switch gear if you are looking to save some $$

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.