Do Threads Work Like Cores for pfsense?

darkarn

One more thing: I decided to come up with the question considering this from https://www.pfsense.org/hardware/ :

CPU Selection

The numbers stated in the following sections can be increased slightly for quality NICs, and decreased (possibly substantially) with low quality NICs. All of the following numbers also assume no packages are installed.

10-20 Mbps We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
21-100 Mbps We recommend a modern 1.0 GHz Intel or AMD CPU.
101-500 Mbps No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters.
501+ Mbps Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters.

I was unsure whether this refers to threads too, hence this thread (pun unintended. Really! :D )

Guest

3. Undecided on packages due to inexperience with pfSense; pending further evaluation
4. Internet Types: 1Gbps up/down fiber internet + 100Mbps up/down cable internet (see:

3. Should be clear before starting or starting with a powerful quad core CPU to be sure then!
4. Dual or Quad Core CPU @3,0GHz is then the best way to be able to realize it.

It makes many sense to know before starting if only a pure firewall + VPN connections are in the game
or a fully sorted UTM device should be in the game play. (firewall & VPN + http-Proxy, IDS,
AV Scan, pfBlockerNG)

darkarn

@BlueKobold:

3. Undecided on packages due to inexperience with pfSense; pending further evaluation
4. Internet Types: 1Gbps up/down fiber internet + 100Mbps up/down cable internet (see:

3. Should be clear before starting or starting with a powerful quad core CPU to be sure then!
4. Dual or Quad Core CPU @3,0GHz is then the best way to be able to realize it.

It makes many sense to know before starting if only a pure firewall + VPN connections are in the game
or a fully sorted UTM device should be in the game play. (firewall & VPN + http-Proxy, IDS,
AV Scan, pfBlockerNG)

Yep, I am reading up on them now to confirm stuff

…but I am quite tempted to just get a powerful Quad Core and learn from there! :D (without using too much electrocity I hope)

Guest

without using too much electrocity I hope)

That could be reached with ease if you went the road and go with a Intel Xeon E3 CPU! Not
even the best choice if you are putting even more other single points in that game, but all
for all it matches at the very best to be better suited with an Intel Core i3, i5 or i7 and let
you reach also the goal to get 1 GBit/s at the WAN surely! On top you may should get an
Intel PT Dual or Quad LAN Port NIC to be ensuring from side too, that all will be running
fine for you.

Otherwise it could also be the Jetway NF9HG-2930 board that will you bring up to new horizons
but without a guaranty for the real 1 GBit/s at the WAN port. As an alternative or plain a middle
based solution you should have a look on that board here, it supports pfSense and is able to get
real power but also sorted with many ports too! Jetway NF592-Q170 Intel Core Skylake

darkarn

@BlueKobold:

without using too much electrocity I hope)

That could be reached with ease if you went the road and go with a Intel Xeon E3 CPU! Not
even the best choice if you are putting even more other single points in that game, but all
for all it matches at the very best to be better suited with an Intel Core i3, i5 or i7 and let
you reach also the goal to get 1 GBit/s at the WAN surely! On top you may should get an
Intel PT Dual or Quad LAN Port NIC to be ensuring from side too, that all will be running
fine for you.

Otherwise it could also be the Jetway NF9HG-2930 board that will you bring up to new horizons
but without a guaranty for the real 1 GBit/s at the WAN port. As an alternative or plain a middle
based solution you should have a look on that board here, it supports pfSense and is able to get
real power but also sorted with many ports too! Jetway NF592-Q170 Intel Core Skylake

Whoa, Xeons are kinda overkill; I was thinking something more like second hand i5 or i7 CPUs from Sandy Bridge onwards

I do have an Intel Dual NIC and another Intel Single NIC; I am unsure of their chipsets as they are currently used in my DIY NASes

And while the Jetway sounds good, I can't ship them back to Singapore (that's where I live) unfortunately I am somewhat wrong about this; see my new post

darkarn

I took a look at packages for pfSense and gotten a rough sensing of what I may need:

1. Squid
2. SquidGuard
3. Darkstat
4. Snort
5. HAVP (undecided; I may just stick with the usual antivirus in each PC)
6. DNS related package; idea is to set my WAN to use multiple DNS servers so that if one DNS provider goes down, others will be used automatically

Looks like a proper i5 with proper cores may be more for my usage

As for VPN, seeing that this is mainly for me to connect to my NAS from other computers (or my laptop) in other areas, I will do this on my NAS instead of my router

darkarn

Apparently, I forgot that NewEgg does ship Jetway stuff to Singapore!

http://www.newegg.com/global/sg/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=Jetway

The JetWay JNF9HG-2930 and JetWay JNF591-3150 interest me in particular

Now it's a matter of deciding if going this path is better than building the usual computer

VAMike

@darkarn:

Apparently, I forgot that NewEgg does ship Jetway stuff to Singapore!

http://www.newegg.com/global/sg/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=Jetway

The JetWay JNF9HG-2930 and JetWay JNF591-3150 interest me in particular

Now it's a matter of deciding if going this path is better than building the usual computer

N2930 doesn't have AES-NI, so I wouldn't even consider it if you have any interest in VPN or SSL in the future. Otherwise it's a wash.

darkarn

@VAMike:

@darkarn:

Apparently, I forgot that NewEgg does ship Jetway stuff to Singapore!

http://www.newegg.com/global/sg/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=Jetway

The JetWay JNF9HG-2930 and JetWay JNF591-3150 interest me in particular

Now it's a matter of deciding if going this path is better than building the usual computer

N2930 doesn't have AES-NI, so I wouldn't even consider it if you have any interest in VPN or SSL in the future. Otherwise it's a wash.

Yeah, it's a pity indeed; its 4 Intel NICs (and very new ones!) are indeed a godsend for this price!

So it's either the 3150 or something else

Back to the drawing board; there's no Intel NIC on the 3150 :(

Guest

Looks like a proper i5 with proper cores may be more for my usage

Jetway NF592-Q170 pending on your budget would this also matching then!

Yeah, it's a pity indeed; its 4 Intel NICs (and very new ones!) are indeed a godsend for this price!

Ok, there some differences between you wish and your need or between your need and your budget, or?

Back to the drawing board; there's no Intel NIC on the 3150

There are many powerful and small boxes in the wild.

• SuperServer E200-8B
• SuperServer E200-9B

Whats about your budget??

darkarn

@BlueKobold:

Looks like a proper i5 with proper cores may be more for my usage

Jetway NF592-Q170 pending on your budget would this also matching then!

Yeah, it's a pity indeed; its 4 Intel NICs (and very new ones!) are indeed a godsend for this price!

Ok, there some differences between you wish and your need or between your need and your budget, or?

Back to the drawing board; there's no Intel NIC on the 3150

There are many powerful and small boxes in the wild.

• SuperServer E200-8B
• SuperServer E200-9B

Whats about your budget??

Wow thanks for the options, only problem about them is that they don't ship to Singapore directly (except for the E200-9B). This means that I will need to use proxy services which will bump up prices by a bit. Also I will need warranty too.

I mentioned that it was a pity as there are 4 Intel NICs on that board (which I will need for 2 WANs and 1 LAN; I can use the last port as another LAN I guess) but that the CPU does not have AES-NI, of which I think I should have.

For my budget, currently I am trying to stick with 500 SGD. I have come up with the following builds based on local prices + what parts do I have left:

i3-4170
ASROCKRACK Motherboard H97M WS
2x 2GB DDR3 RAM (personal)
SEASONIC S12G-Non MODULAR 450W from PC Themes
Old Casing (personal)
Old HDD (personal)
Single NIC Intel Card (personal)
Total: 416 SGD

or

i3 6100
ASROCK H110M- ITX/D3
2x 2GB DDR3 RAM (personal)
SEASONIC S12G-Non MODULAR 450W from PC Themes
Old Casing
Old HDD
Dual NIC Intel Card (personal)
Total: 373 SGD

Guest

For my budget, currently I am trying to stick with 500 SGD.

Perhaps you should be looking forward and buy the hardware step-by-step!
ASUS Q87T S$427.20 (SGD)
Celeron G3260 @3,3GHz ~S$99 (SGD)
2 x 4 GB RAM DDR3-1600 ~S$82.00 (SGD)
mSATA 120 GB ~S$89.00 (SGD)
M350 ~S$116.00 (SGD)

I got this over www.qoo10.sg and ebay.com.sg all prices are shipping free from the US or Japan

VAMike

@BlueKobold:

ASUS Q87T S$427.20 (SGD)

That has one intel and one RTL NIC. That shouldn't matter so much, but is why one of the other platforms was already eliminated. It's a shame that freebsd's history of lousy realtek drivers has lead to writing off most of the low cost boards on the planet.

Celeron G3260 @3,3GHz ~S$99 (SGD)

G3260 also doesn't do AES, if he didn't care about that he should just go with the fanless N2930 which is a better fit for purpose. Or at least go with the skylake+aes G3900 or G3920.

darkarn

@BlueKobold:

For my budget, currently I am trying to stick with 500 SGD.

Perhaps you should be looking forward and buy the hardware step-by-step!
ASUS Q87T S$427.20 (SGD)
Celeron G3260 @3,3GHz ~S$99 (SGD)
2 x 4 GB RAM DDR3-1600 ~S$82.00 (SGD)
mSATA 120 GB ~S$89.00 (SGD)
M350 ~S$116.00 (SGD)

I got this over www.qoo10.sg and ebay.com.sg all prices are shipping free from the US or Japan

Hmm. I can find similar motherboards for much cheaper here I am afraid (see my earlier post as example)

@VAMike:

@BlueKobold:

ASUS Q87T S$427.20 (SGD)

That has one intel and one RTL NIC. That shouldn't matter so much, but is why one of the other platforms was already eliminated. It's a shame that freebsd's history of lousy realtek drivers has lead to writing off most of the low cost boards on the planet.

Celeron G3260 @3,3GHz ~S$99 (SGD)

G3260 also doesn't do AES, if he didn't care about that he should just go with the fanless N2930 which is a better fit for purpose. Or at least go with the skylake+aes G3900 or G3920.

I can get a G4400 that can do AES too. And yeah, too bad that most of the dual-NIC motherboards are just one Intel and one [insert other brand here]; I may as well just look for motherboards with just one Intel NIC and then get another dual port Intel NIC from Amazon

VAMike

@darkarn:

And yeah, too bad that most of the dual-NIC motherboards are just one Intel and one [insert other brand here]

Most of the newer intel desktop chipsets have an integrated NIC (that's why there are so many intel NICs all of the sudden–they're free; note that this isn't a particularly special NIC, it's functionally identical to a later-model RTL8111.) The second NIC is a discrete component, and in a business where margins are thin the RTL interfaces have a much more attractive price point and most people in the world do not care (since they are functionally equivalent parts). I've heard that freebsd may finally be getting its realtek drivers under control, which would be nice. (Even openbsd hasn't had the stability problems on re(4) that freebsd has.) There's also a driver from realtek itself that some freebsd users have had good success with, but I don't know if anyone's managed to get it to work with pfsense.

darkarn

@VAMike:

@darkarn:

And yeah, too bad that most of the dual-NIC motherboards are just one Intel and one [insert other brand here]

Most of the newer intel desktop chipsets have an integrated NIC (that's why there are so many intel NICs all of the sudden–they're free; note that this isn't a particularly special NIC, it's functionally identical to a later-model RTL8111.) The second NIC is a discrete component, and in a business where margins are thin the RTL interfaces have a much more attractive price point and most people in the world do not care (since they are functionally equivalent parts). I've heard that freebsd may finally be getting its realtek drivers under control, which would be nice. (Even openbsd hasn't had the stability problems on re(4) that freebsd has.) There's also a driver from realtek itself that some freebsd users have had good success with, but I don't know if anyone's managed to get it to work with pfsense.

Hmm so in terms of performance, in the context of home usage, are these NICs the same?

darkarn

Hmm. After speaking to some people, I think I will like to hold off the planning for now as Kaby Lake is just next month; I may either use that or at least get Skylake for cheaper

Meanwhile, let me use a spare XPS 420, one dual port Intel NIC and another single port Intel NIC and see how that goes

darkarn

So far so good, am into my first 24hrs of pfsense now

The XPS 420's Q6600 (2.40Ghz Quad Core) and 8GB of RAM seems decent but I noticed a slight reduction of net throughput. I have tried some packages but I keep accidentally blocking the entire Internet lol so I decided to remove most of them and then reinstall them on a need-to-use basis (e.g. going with either squid or HAProxy for reverse proxy)

I noticed that pfsense has a very steep learning curve as compared to other custom router firmwares

Taiidan

@darkarn:

@VAMike:

@darkarn:

And yeah, too bad that most of the dual-NIC motherboards are just one Intel and one [insert other brand here]

Most of the newer intel desktop chipsets have an integrated NIC (that's why there are so many intel NICs all of the sudden–they're free; note that this isn't a particularly special NIC, it's functionally identical to a later-model RTL8111.) The second NIC is a discrete component, and in a business where margins are thin the RTL interfaces have a much more attractive price point and most people in the world do not care (since they are functionally equivalent parts). I've heard that freebsd may finally be getting its realtek drivers under control, which would be nice. (Even openbsd hasn't had the stability problems on re(4) that freebsd has.) There's also a driver from realtek itself that some freebsd users have had good success with, but I don't know if anyone's managed to get it to work with pfsense.

Hmm so in terms of performance, in the context of home usage, are these NICs the same?

Benchmark a "gigabit" realtek or broadcom you get at best 70MB/s with intel desktop LOM from 10 years ago you get 115MB/s, server network interfaces theoretically have lower CPU usage, slightly faster speeds and they of course have more features such as SR-IOV, iSCSI boot and or acceleration, etc.

You can pick up server pulls nics for cheap on ebay, such as the silicom 6 port intel chipset (no sr-iov fyi) or mellanox-connectx2 - there are a lot of options and not all of them are intel however anything from broadcom or realtek is garbage.

If you want SRIOV don't buy dell rebrands as they disable that because reasons, and if you want to run it in a vm you want SR-IOV for performance and security (although you need chipset with IOMMU and the like as well, pm me if you want help with finding hardware that works with this)

VAMike

@Taiidan:

Benchmark a "gigabit" realtek or broadcom you get at best 70MB/s

That's simply not true, so the rest can be safely ignored.