Do Threads Work Like Cores for pfsense?
-
Thanks! I am asking as I am planning for a WAN Gigabit (1GBps up/down) build too; I am unsure if an i3 with 2 core and 4 threads will work the same as an i5 with 4 cores and 4 threads
So…we can't tell you that. As noted, the core functionality of pfsense is mostly single-threaded. It's mostly add-on modules and such that can take advantage of multiple cores/threads. So, the i3 itself having less cores or threads isn't really an issue. As long as the processor will keep up with the throughput you need, you'll be fine.
However, how much is enough? If all you're doing is running pfsense as a router and that's it...not much. The higher speeds will require a faster processor, not more cores. If you're adding on packages/functionality, doing VPN services, that will dramatically increase the load and depending on the functionality, it may or may not benefit from more cores or higher processing power/speed. It just depends.
To get an estimate you'd need to tell everyone: 1) the throughputs you want to achieve and how they'd connect(direct, any authentication methods, via VPN....which is hopefully slower than the full throughput) 2) the number of connections 3) any special functionality you want to enable such as add ons...and for some add ons, information about how it will be used, as their demands can vary substantially based upon options.
-
-
-
Thanks! I am asking as I am planning for a WAN Gigabit (1GBps up/down) build too; I am unsure if an i3 with 2 core and 4 threads will work the same as an i5 with 4 cores and 4 threads
If by "work the same" you mean pfsense will see four processors, yes. But the extra two logical processors won't be as fast as the extra two physical cores in the i5. But… depending on your workload, pfSense may not care. In general, though, the i5 will be faster.
*Edited to restore formatting
-
In general, though, the i5 will be faster.
It really depends on the workload. The i3's tend to have a higher base frequency because they're dual core and draw less power. For a workload that's not heavily threaded, an i3-6100 @3.7GHz will be faster than an i5-6500 and faster than an i5-6600 if the load is sustained (while costing literally half as much).
-
Wow, thanks for the responses, let me answer as much as I can…
Thanks! I am asking as I am planning for a WAN Gigabit (1GBps up/down) build too; I am unsure if an i3 with 2 core and 4 threads will work the same as an i5 with 4 cores and 4 threads
Threads are just a way to improve utilization of a core. It will speed up some workloads, slow down others, and not make any difference at all for many. I'd focus more on single thread performance (MHz) for this application. It may be possible to get a 2 core i3 clocked faster than a 4 core i5, and that would likely perform better for this.
I see, this is actually the crux of the issue; faster i3 with less cores or slightly slower i5 with more cores despite both processors having same number of threads?
Thanks! I am asking as I am planning for a WAN Gigabit (1GBps up/down) build too; I am unsure if an i3 with 2 core and 4 threads will work the same as an i5 with 4 cores and 4 threads
So…we can't tell you that. As noted, the core functionality of pfsense is mostly single-threaded. It's mostly add-on modules and such that can take advantage of multiple cores/threads. So, the i3 itself having less cores or threads isn't really an issue. As long as the processor will keep up with the throughput you need, you'll be fine.
However, how much is enough? If all you're doing is running pfsense as a router and that's it...not much. The higher speeds will require a faster processor, not more cores. If you're adding on packages/functionality, doing VPN services, that will dramatically increase the load and depending on the functionality, it may or may not benefit from more cores or higher processing power/speed. It just depends.
To get an estimate you'd need to tell everyone: 1) the throughputs you want to achieve and how they'd connect(direct, any authentication methods, via VPN....which is hopefully slower than the full throughput) 2) the number of connections 3) any special functionality you want to enable such as add ons...and for some add ons, information about how it will be used, as their demands can vary substantially based upon options.
Ah, sorry, I forgot to put out my requirements, let's see if this is ok:
1. 5 permanent users (me + family members); need to be able to scale up to 25 users in case of visitors
2. 20 permanent devices (7 PC/laptops, 13 mobile devices); need to be able to scale up to 50 devices in case of visitors
3. Undecided on packages due to inexperience with pfSense; pending further evaluation
4. Internet Types: 1Gbps up/down fiber internet + 100Mbps up/down cable internet (see: https://www.starhub.com/personal/broadband/dual-broadband-plan/price-plans.html#Dual-Broadband) => Dual WAN features like failover required
5. Possibility of VPN usage (e.g. outside computer connecting to a certain PC in network)
6. Possibility of cryptography features if any => AES-NI desired
7. LAN: 1 8-port TP-Link Smart Switch (TL-SG2008), Wifi: Asus AC66u as Wireless Access Point (connected via Sineoji PL1800EP as it will be placed in a different room for house-wide access)… for a WAN Gigabit (1GBps up/down) build ...
Wiil your WAN be PPPoE?
well that's a horrifying thought :D
Good question guys, thankfully it is not (I hope); heard that the requirements are way higher for these connections
Thanks! I am asking as I am planning for a WAN Gigabit (1GBps up/down) build too; I am unsure if an i3 with 2 core and 4 threads will work the same as an i5 with 4 cores and 4 threads
If by "work the same" you mean pfsense will see four processors, yes. But the extra two logical processors won't be as fast as the extra two physical cores in the i5. But… depending on your workload, pfSense may not care. In general, though, the i5 will be faster.
*Edited to restore formatting
Ah I see, so one of the deciding factors is what packages will I be using?
Sidenote: I wonder if the same applies to virtualisation; this may mean I need to re-plan my NAS-cum-VM-server but that's another thread for another forum I guess?
In general, though, the i5 will be faster.
It really depends on the workload. The i3's tend to have a higher base frequency because they're dual core and draw less power. For a workload that's not heavily threaded, an i3-6100 @3.7GHz will be faster than an i5-6500 and faster than an i5-6600 if the load is sustained (while costing literally half as much).
Thanks for the example, that made things a bit clearer
-
One more thing: I decided to come up with the question considering this from https://www.pfsense.org/hardware/ :
CPU Selection
The numbers stated in the following sections can be increased slightly for quality NICs, and decreased (possibly substantially) with low quality NICs. All of the following numbers also assume no packages are installed.
10-20 Mbps We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
21-100 Mbps We recommend a modern 1.0 GHz Intel or AMD CPU.
101-500 Mbps No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters.
501+ Mbps Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters.I was unsure whether this refers to threads too, hence this thread (pun unintended. Really! :D )
-
3. Undecided on packages due to inexperience with pfSense; pending further evaluation
4. Internet Types: 1Gbps up/down fiber internet + 100Mbps up/down cable internet (see:3. Should be clear before starting or starting with a powerful quad core CPU to be sure then!
4. Dual or Quad Core CPU @3,0GHz is then the best way to be able to realize it.It makes many sense to know before starting if only a pure firewall + VPN connections are in the game
or a fully sorted UTM device should be in the game play. (firewall & VPN + http-Proxy, IDS,
AV Scan, pfBlockerNG) -
@BlueKobold:
3. Undecided on packages due to inexperience with pfSense; pending further evaluation
4. Internet Types: 1Gbps up/down fiber internet + 100Mbps up/down cable internet (see:3. Should be clear before starting or starting with a powerful quad core CPU to be sure then!
4. Dual or Quad Core CPU @3,0GHz is then the best way to be able to realize it.It makes many sense to know before starting if only a pure firewall + VPN connections are in the game
or a fully sorted UTM device should be in the game play. (firewall & VPN + http-Proxy, IDS,
AV Scan, pfBlockerNG)Yep, I am reading up on them now to confirm stuff
…but I am quite tempted to just get a powerful Quad Core and learn from there! :D (without using too much electrocity I hope)
-
without using too much electrocity I hope)
That could be reached with ease if you went the road and go with a Intel Xeon E3 CPU! Not
even the best choice if you are putting even more other single points in that game, but all
for all it matches at the very best to be better suited with an Intel Core i3, i5 or i7 and let
you reach also the goal to get 1 GBit/s at the WAN surely! On top you may should get an
Intel PT Dual or Quad LAN Port NIC to be ensuring from side too, that all will be running
fine for you.Otherwise it could also be the Jetway NF9HG-2930 board that will you bring up to new horizons
but without a guaranty for the real 1 GBit/s at the WAN port. As an alternative or plain a middle
based solution you should have a look on that board here, it supports pfSense and is able to get
real power but also sorted with many ports too! Jetway NF592-Q170 Intel Core Skylake -
@BlueKobold:
without using too much electrocity I hope)
That could be reached with ease if you went the road and go with a Intel Xeon E3 CPU! Not
even the best choice if you are putting even more other single points in that game, but all
for all it matches at the very best to be better suited with an Intel Core i3, i5 or i7 and let
you reach also the goal to get 1 GBit/s at the WAN surely! On top you may should get an
Intel PT Dual or Quad LAN Port NIC to be ensuring from side too, that all will be running
fine for you.Otherwise it could also be the Jetway NF9HG-2930 board that will you bring up to new horizons
but without a guaranty for the real 1 GBit/s at the WAN port. As an alternative or plain a middle
based solution you should have a look on that board here, it supports pfSense and is able to get
real power but also sorted with many ports too! Jetway NF592-Q170 Intel Core SkylakeWhoa, Xeons are kinda overkill; I was thinking something more like second hand i5 or i7 CPUs from Sandy Bridge onwards
I do have an Intel Dual NIC and another Intel Single NIC; I am unsure of their chipsets as they are currently used in my DIY NASes
And while the Jetway sounds good, I can't ship them back to Singapore (that's where I live) unfortunatelyI am somewhat wrong about this; see my new post -
I took a look at packages for pfSense and gotten a rough sensing of what I may need:
1. Squid
2. SquidGuard
3. Darkstat
4. Snort
5. HAVP (undecided; I may just stick with the usual antivirus in each PC)
6. DNS related package; idea is to set my WAN to use multiple DNS servers so that if one DNS provider goes down, others will be used automaticallyLooks like a proper i5 with proper cores may be more for my usage
As for VPN, seeing that this is mainly for me to connect to my NAS from other computers (or my laptop) in other areas, I will do this on my NAS instead of my router
-
Apparently, I forgot that NewEgg does ship Jetway stuff to Singapore!
http://www.newegg.com/global/sg/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=Jetway
The JetWay JNF9HG-2930 and JetWay JNF591-3150 interest me in particular
Now it's a matter of deciding if going this path is better than building the usual computer
-
Apparently, I forgot that NewEgg does ship Jetway stuff to Singapore!
http://www.newegg.com/global/sg/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=Jetway
The JetWay JNF9HG-2930 and JetWay JNF591-3150 interest me in particular
Now it's a matter of deciding if going this path is better than building the usual computer
N2930 doesn't have AES-NI, so I wouldn't even consider it if you have any interest in VPN or SSL in the future. Otherwise it's a wash.
-
Apparently, I forgot that NewEgg does ship Jetway stuff to Singapore!
http://www.newegg.com/global/sg/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=Jetway
The JetWay JNF9HG-2930 and JetWay JNF591-3150 interest me in particular
Now it's a matter of deciding if going this path is better than building the usual computer
N2930 doesn't have AES-NI, so I wouldn't even consider it if you have any interest in VPN or SSL in the future. Otherwise it's a wash.
Yeah, it's a pity indeed; its 4 Intel NICs (and very new ones!) are indeed a godsend for this price!
So it's either the 3150 or something elseBack to the drawing board; there's no Intel NIC on the 3150 :(
-
Looks like a proper i5 with proper cores may be more for my usage
Jetway NF592-Q170 pending on your budget would this also matching then!
Yeah, it's a pity indeed; its 4 Intel NICs (and very new ones!) are indeed a godsend for this price!
Ok, there some differences between you wish and your need or between your need and your budget, or?
Back to the drawing board; there's no Intel NIC on the 3150
There are many powerful and small boxes in the wild.
Whats about your budget??
-
@BlueKobold:
Looks like a proper i5 with proper cores may be more for my usage
Jetway NF592-Q170 pending on your budget would this also matching then!
Yeah, it's a pity indeed; its 4 Intel NICs (and very new ones!) are indeed a godsend for this price!
Ok, there some differences between you wish and your need or between your need and your budget, or?
Back to the drawing board; there's no Intel NIC on the 3150
There are many powerful and small boxes in the wild.
Whats about your budget??
Wow thanks for the options, only problem about them is that they don't ship to Singapore directly (except for the E200-9B). This means that I will need to use proxy services which will bump up prices by a bit. Also I will need warranty too.
I mentioned that it was a pity as there are 4 Intel NICs on that board (which I will need for 2 WANs and 1 LAN; I can use the last port as another LAN I guess) but that the CPU does not have AES-NI, of which I think I should have.
For my budget, currently I am trying to stick with 500 SGD. I have come up with the following builds based on local prices + what parts do I have left:
i3-4170
ASROCKRACK Motherboard H97M WS
2x 2GB DDR3 RAM (personal)
SEASONIC S12G-Non MODULAR 450W from PC Themes
Old Casing (personal)
Old HDD (personal)
Single NIC Intel Card (personal)
Total: 416 SGDor
i3 6100
ASROCK H110M- ITX/D3
2x 2GB DDR3 RAM (personal)
SEASONIC S12G-Non MODULAR 450W from PC Themes
Old Casing
Old HDD
Dual NIC Intel Card (personal)
Total: 373 SGD -
For my budget, currently I am trying to stick with 500 SGD.
Perhaps you should be looking forward and buy the hardware step-by-step!
ASUS Q87T S$427.20 (SGD)
Celeron G3260 @3,3GHz ~S$99 (SGD)
2 x 4 GB RAM DDR3-1600 ~S$82.00 (SGD)
mSATA 120 GB ~S$89.00 (SGD)
M350 ~S$116.00 (SGD)I got this over www.qoo10.sg and ebay.com.sg all prices are shipping free from the US or Japan
-
@BlueKobold:
ASUS Q87T S$427.20 (SGD)
That has one intel and one RTL NIC. That shouldn't matter so much, but is why one of the other platforms was already eliminated. It's a shame that freebsd's history of lousy realtek drivers has lead to writing off most of the low cost boards on the planet.
Celeron G3260 @3,3GHz ~S$99 (SGD)
G3260 also doesn't do AES, if he didn't care about that he should just go with the fanless N2930 which is a better fit for purpose. Or at least go with the skylake+aes G3900 or G3920.
-
@BlueKobold:
For my budget, currently I am trying to stick with 500 SGD.
Perhaps you should be looking forward and buy the hardware step-by-step!
ASUS Q87T S$427.20 (SGD)
Celeron G3260 @3,3GHz ~S$99 (SGD)
2 x 4 GB RAM DDR3-1600 ~S$82.00 (SGD)
mSATA 120 GB ~S$89.00 (SGD)
M350 ~S$116.00 (SGD)I got this over www.qoo10.sg and ebay.com.sg all prices are shipping free from the US or Japan
Hmm. I can find similar motherboards for much cheaper here I am afraid (see my earlier post as example)
@BlueKobold:
ASUS Q87T S$427.20 (SGD)
That has one intel and one RTL NIC. That shouldn't matter so much, but is why one of the other platforms was already eliminated. It's a shame that freebsd's history of lousy realtek drivers has lead to writing off most of the low cost boards on the planet.
Celeron G3260 @3,3GHz ~S$99 (SGD)
G3260 also doesn't do AES, if he didn't care about that he should just go with the fanless N2930 which is a better fit for purpose. Or at least go with the skylake+aes G3900 or G3920.
I can get a G4400 that can do AES too. And yeah, too bad that most of the dual-NIC motherboards are just one Intel and one [insert other brand here]; I may as well just look for motherboards with just one Intel NIC and then get another dual port Intel NIC from Amazon
