Building a router, would like criticism/input on the exact setup
-
So I have two setups in mind that would allow me to build a box on the cheap using mostly parts that I already have, allowing me to spend <$100 on new parts for this project.
My main question basically comes down to which CPU I should use, as everything else will be relatively similar/equal.
My secondary question would be if I should virtualize or not.END GOAL:
Be able to sustain gigabit speeds between WAN/LAN, I am going to be moving into a house where I will have gigabit fiber available and want to be able to take full advantage of this.
I want the server to handle being a router, a seedbox, plex server, and teamspeak server, potentially more as time goes on, ultimately reducing the neccesity to ever have to leave our desktops on overnight wasting power. I want to consolidate all 24/7 ops onto one server so I can waste less energy and save money long term.So the two choices (in my head, maybe you could suggest a better setup) are as follows:
1.) Dual socket/Quad core server processors (E5345, 2.33GHz/4cores/two sockets)
With this setup I would probably want to virtualize since I have abundant resources that I shouldnt have to worry about any overhead reducing overall performance, at least not enough to care.
I would likely have pfsense on its own VM with 3 or 4 of the 8 cores assigned, and 4GB ram, with a couple other VMs using the rest of the resources for their respective duties.2.) i5-2500k (4-core, non hyper-threaded, 3.3GHz base, 3.7 turbo)
With this setup I would more than likely not virtualize and just throw all the apps onto whatever OS i decide to use (centOS probably)I understand that demands on the other server processes will factor in here, but I dont think in either scenario that those external conditions should factor in.
I have about a thousand other concerns and questions regarding this setup, but I think my biggest concern is that if I use the server CPUs, the 2.33GHz doesnt match up to the recommended 3.5GHz for gbit speeds on pfsense. If I use the desktop processor, only have 4 cores concerns me that the server wouldnt be able to handle the overall activity on the server with everything else involved.
I also like the idea of virtualization as I think it would allow me to better segregate internal and external traffic as far as security is concerned, as well as keeping plex streaming traffic separate from the router itself as that will stay internal.
Thanks in advance for any input/insight on this build.
EDIT: I should mention that if I used the server CPUs, I would be using a mobo with onboard dual intel NICS from ~2006 rated at gbit.
If I used the desktop CPU I would be buying a couple pcie intel NICS. -
I don't think you need 3.5GHz processors to achieve 1Gbps NAT WAN-LAN throughput, I used low end CPU like 1037U, N2930 and they are capable to deliver 1Gbps NAT WAN-LAN speed.
Second thing is, in a non-VM environment, putting other unnecessary application on firewall is not recommended.
BTW, I think the actual speed of i5-2500k is comparable to 2 x E5345 because E5345 is really too old even it's a Xeon.
-
I don't think you need 3.5GHz processors to achieve 1Gbps NAT WAN-LAN throughput, I used low end CPU like 1037U, N2930 and they are capable to deliver 1Gbps NAT WAN-LAN speed.
Second thing is, in a non-VM environment, putting other unnecessary application on firewall is not recommended.
BTW, I think the actual speed of i5-2500k is comparable to 2 x E5345 because E5345 is really too old even it's a Xeon.
I would agree with edwardwong regarding your upcoming setup. Generally it is a good idea to at least separate firewall to another dedicated machine even if it's on VM and since there's a saying "don't put all your eggs into one basket" , i guess it does make sense when comes to pfSense installation.
-
Yeah, I definitely like the idea of seperating the router on a VM, but I was concerned with doing so on my i5-2500k as there are only 4 corse available, and Im not confident that splitting those four cores between 2,3 or potentially 4 VMs would allow enough resources for each VM/server purpose.
As far as the hardware being able to handle gigabit, im not worried about that in a theoretical setup, my concern is that if/when i have a torrent seeding with however many connections, that if my router isnt powerful enough I may start to see hiccups elsewhere when streaming netflix or twitch or whatever normal user consumption. So to be clear, I want it to handle gigabit speeds with potentially hundreds of connections (although to be fair, hundreds is on the high end for what I would expect with the type of stuff I seed, i dont download game of thrones from public trackers for example so there is no concern of a flash crowd of thousands all trying to connect.
-
Depends on what you want to achieve, the term "VM" itself is not giving us any clue on how much resources required, you can host a VM with Windows XP for your own use, or a VM with database server serving thousands of clients. In normal situation a single core of the i5 is enough for pfSense applications, the 2xE5345 provides more processors but each of the core is much slower than a single core of i5, if the i5 is incapable to handle the load, I really doubt whether the 2xE5345 is able to handle such workload.
Streaming is different story, to be fair, this technology is to allow server to serve different bitrate video to client with different connectivity, as long as the server itself can do transcoding properly, even with a slow internet connection you can play the streamed video smoothly.
Modern hardware can handle hundreds of connections easily, even the ATOM processors, in China I saw internet cafe using those all-in-one ATOM D525/2500/Celeron 1037U as firewall and no issue at all.
Yeah, I definitely like the idea of seperating the router on a VM, but I was concerned with doing so on my i5-2500k as there are only 4 corse available, and Im not confident that splitting those four cores between 2,3 or potentially 4 VMs would allow enough resources for each VM/server purpose.
As far as the hardware being able to handle gigabit, im not worried about that in a theoretical setup, my concern is that if/when i have a torrent seeding with however many connections, that if my router isnt powerful enough I may start to see hiccups elsewhere when streaming netflix or twitch or whatever normal user consumption. So to be clear, I want it to handle gigabit speeds with potentially hundreds of connections (although to be fair, hundreds is on the high end for what I would expect with the type of stuff I seed, i dont download game of thrones from public trackers for example so there is no concern of a flash crowd of thousands all trying to connect.
-
It is impossible for us to tell you what will and won't work. It all depends on the packages you run on pfsense, and the load of the other servers (in VMs)
I have a number of VMs myself. one of which is pfsense.
If all you're doing is routing, you don't need much in terms of hardware…It's when you add stuff (packages) that it starts to add up.
-
I've had much success running pfsense in VMware on cpus ranging from older Core2 based Xeons to the X5550. I would not use any of them for a 1Gbps connection in a VM. I'd suggest running all your other workloads virtualized and get a dedicated box to run pfsense.