Need help fast - CPU for 1Gb/s
-
@P3R:
WiFi is in my opinion a big security risk, so if it cant be plugged in it cant access my network.
Yes wired is of course more secure but many devices (tablets and smartphones) today doesn't offer wired network connections so once again I'm being a bit more pragmatic. Wireless with WPA2 on a separate firewalled vlan is secure enough for my soho usage.
I get that, which is why devices which cant be plugged in wont be able to connect to the LAN. They can access the internet but first they nee the password to login and their mac needs to be in my server over allowed devices. Once they have access they have a very limited bandwith and a firewall is inspecting the trafic and blocking certain stuff.
@P3R:
if im reading these test, are the g4500 even better then the 1220L?
It's superior regarding single threaded performance due to it's higher clock. My aim with the build was low power and low noise and that's why I ended up with this CPU at the time.
I dont care that much about power since its super cheap here. (100w running 24/7 cost $8/month)
Regarding noise i dont care that much about that as well since the servers are placed in anoher room, the only noize is going to be the CPU cooler which isnt that loud anyway. -
Or should i spend a litle more for the c2758? (everything in one board cpu/mb/nic)
Intel Xeon D-1518 would reach that Limit and is powerful enough to realize all your Needs.
I could even stretch me for a xeon e3 1245v5 or a lower model, but is it overkill and a power drain?
Its the best bet in that game at the Moment nothing beats a Xeon E3, it is really powerful and on top power saving too.
-
@BlueKobold:
Or should i spend a litle more for the c2758? (everything in one board cpu/mb/nic)
Intel Xeon D-1518 would reach that Limit and is powerful enough to realize all your Needs.
A D is overkill and overpriced.
I could even stretch me for a xeon e3 1245v5 or a lower model, but is it overkill and a power drain?
Its the best bet in that game at the Moment nothing beats a Xeon E3, it is really powerful and on top power saving too.
The E3 is also overkill. For this person's requirements (doesn't care about fanless/embedded) the G4500 is fine, or a couple of bucks more for a i3-6100 will get a little more clock speed & hyperthreading.
-
You could get an AMD Biostar AM1ML, that plus a nic and a AMD APU 5350 would run you about $70, low power consumption and you can run it fanless if you want.
It is what I have and it is great, there is no ME/PSP and you can install coreboot (free open source firmware replacement) on it.
https://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/Hey just so everyone knows it is possible to run even 140W server chips near quiet with a 4U tower cooler and large size fans at 100% cpu utilization.
-
Taiidan: I have bad experience with AMD so i rather stick with Intel.
VAMike: I agree that the D is to expensive.
I can get the i3-6300 for the same price as the 6100, would it be a upgrade or a downgrade?Just to clearify for the rest!!
I want 1Gb/s throughput on the pfsense. Im not interested in VPN but im going to use package inspection, filters and other stuff which i might not know about yet.
If i can get a embedded version, thats fine but not a requirement since i can always replace fans for a more silent one.
The performance is importent to me, but i like to keep the cost as minimal as possible. -
I can get the i3-6300 for the same price as the 6100, would it be a upgrade or a downgrade?
For the same price, no reason not to get the 6300.
-
Get the Xeon E3. The C2758 is OK for closer to 1gig throughput but E3 will give better performance with resource intensive packages like snort/suricata, while keeping up with 1gig throughput.
-
I can get the i3-6300 for the same price as the 6100, would it be a upgrade or a downgrade?
For the same price, no reason not to get the 6300.
sweet :)
Looking back on previus entry by P3R, how does this 6300 compare against the e3-1220L? it was running 1Gb/s using 50%, can i aspect the same or even better?Get the Xeon E3. The C2758 is OK for closer to 1gig throughput but E3 will give better performance with resource intensive packages like snort/suricata, while keeping up with 1gig throughput.
I want to be using snort and suricata is definitely something that i want.
Do you believe the i3 6300 can run those + purchase other packages that i dont know yet while keeping up with 1Gb/s? -
I would expect to see 1Gbps firewall and NAT throughput using any of those CPUs. Though it does depend on your traffic type. If you are passing all VoIP with tiny packets you might struggle.
Just to add a random number I can pass 1Gps firewall and NAT using iperf (not a real world test but….) in a box I have here running a Core2 E4500 from 2008. Intel NICs on that helps. The G4400 annihilates that in every test.
http://www.cpubenchmark.net/compare.php?cmp%5B%5D=2564&cmp%5B%5D=936&cmp%5B%5D=2634If you plan to add Snort or Squid or other packages then multicore becomes more important. The igb driver can use multiple CPU cores quite well. There become too many variables though when adding packages to give any sort of throughput estimate. If you need 1Gbps with Snort and a load of signatures then get the most powerful CPU you can.
Steve
-
If you plan to add Snort or Squid or other packages then multicore becomes more important. The igb driver can use multiple CPU cores quite well. There become too many variables though when adding packages to give any sort of throughput estimate. If you need 1Gbps with Snort and a load of signatures then get the most powerful CPU you can.
Thats what i though at first too, but i also liek to keep the cost down and not have to pay or overkill stuff which i wont take full advantage of.
on the topic of multicore, how come c2758 is the top of the line in pfsense store when xeon appear to be so much better?
does those 8cores really do that much difference compared to 4? -
Top of the line in the pfSense store is the Xeon D-1541 based XG-1541:
https://store.pfsense.org/XG-1541-1U-pfSense-Security-Gateway-Appliance-P88.aspx
Which is much more powerful. :)
Steve
-
Top of the line in the pfSense store is the Xeon D-1541 based XG-1541:
https://store.pfsense.org/XG-1541-1U-pfSense-Security-Gateway-Appliance-P88.aspx
Which is much more powerful. :)
Steve
Okey, next best then :P
But still, how any cores do you really need? -
Looking back on previus entry by P3R, how does this 6300 compare against the e3-1220L? it was running 1Gb/s using 50%, can i aspect the same or even better?
The 6300 is several times faster.
-
I can get the i3-6300 for the same price as the 6100, would it be a upgrade or a downgrade?
For the same price, no reason not to get the 6300.
sweet :)
Looking back on previus entry by P3R, how does this 6300 compare against the e3-1220L? it was running 1Gb/s using 50%, can i aspect the same or even better?Get the Xeon E3. The C2758 is OK for closer to 1gig throughput but E3 will give better performance with resource intensive packages like snort/suricata, while keeping up with 1gig throughput.
I want to be using snort and suricata is definitely something that i want.
Do you believe the i3 6300 can run those + purchase other packages that i dont know yet while keeping up with 1Gb/s?i3 6300 can run resource intensive packages. But IDS/IPS, Squid, Clamav scans may slow response times (like site retrieval response) when network activity is high. Go with the Xeon :-)
-
i3 6300 can run resource intensive packages. But IDS/IPS, Squid, Clamav scans may slow response times (like site retrieval response) when network activity is high. Go with the Xeon :-)
What, exactly, do you think that chip will bring to this particular set of requirements, especially to justify the significantly higher price? I mean heck, why not just spec a 22 core E5 because something else just might be slower?
-
As I am remembering there was anywhere told about a budget from 600 - 700 dollars or euros here in that thread or?
And top fit all needs that are posted here it might be, that more then one unit could be really rocking fine and suite all
the wishes for sure, but it is also a thing of how long that will be used, how much power that unit will take and what
is the real head space for future packets, services or options, mostly this will grow up and not scale down!!!A D is overkill and overpriced.
Why? Because you say it? Let us see how much this might be over the 600 - 700 $/ Euro in the real world!
Supermicro Barebone SuperServer SYS-E300-8D for ~760 Euros
2 x 4 GB DDR4-2133 RAM for ~60 Euros
1 x 120 GB mSATA for ~30 EurosThen you will get a;
- Xeon D-1518 4C/8T @2,4GHz
- 6 Intel based RJ45 GB LAN Ports
- 2 Intel based SFP+ Ports (10 GBit/s)
- 1 free PCIe expansion slot
- fast 8 GB DDR4 RAM
- fast 120 GB mSATA
- AES-NI capable
- DPDK capable
All-in-all for 850 Euros that is only 150 bucks over the budget, without any kind of fiddling and ready to go for
many years and installed packets and also for the 1 GBit/s.The E3 is also overkill. For this person's requirements (doesn't care about fanless/embedded) the G4500 is fine, or a couple of bucks more for a i3-6100 will get a little more clock speed & hyperthreading.
In usual there are three different layers you will be in!
1 underperformed - nothing goes right and all went wrong
2 right performed - all runs well, but for how long time?
3 over performed - is not really right because it is likes point two, but for sure for a longer time running!!!The Intel Xeon E3-1231 v3 is able to get as a refurbished CPU for ~140 Euros and a ASUS Q87T is able to get for ~99 Euros
too at eBay and a Intel Quad NIC is able to get for something around likes ~50 Euros at eBay too.What, exactly, do you think that chip will bring to this particular set of requirements, especially to justify the significantly higher price?
If really such power is needed, I would go with server grade parts or with parts for 24/7/365 and not with other hardware.
Xeon E3 is;- AES-NI
- server grade
- power saving
- CPU with 4C/8T
- hyper threading
- 3.40 GHz / 3,8 GHz
Both set ups should be sufficient enough to handle all kind of things here.
-
i3 6300 can run resource intensive packages. But IDS/IPS, Squid, Clamav scans may slow response times (like site retrieval response) when network activity is high. Go with the Xeon :-)
What, exactly, do you think that chip will bring to this particular set of requirements, especially to justify the significantly higher price? I mean heck, why not just spec a 22 core E5 because something else just might be slower?
Xeon E3-1245 v2 3.4GHz 8Gb 1.0TB
Workstation with this config is going for around $250 on eBay. That is one significantly high priced system. ;D -
@BlueKobold:
but it is also a thing of how long that will be used, how much power that unit will take and what
is the real head space for future packets, services or options, mostly this will grow up and not scale down!!!Buying extra compute because you might need it in the future is a sucker's game. The D in particular is overpriced unless you plan on (immediately) running 10Gbps or need a single socket system with 128G (which is its design target).
A D is overkill and overpriced.
Why? Because you say it?
No, because the spec sheets say it.
- Xeon D-1518 4C/8T @2,4GHz
- 6 Intel based RJ45 GB LAN Ports
- 2 Intel based SFP+ Ports (10 GBit/s)
- DPDK capable
All of that is only important if you need it. Otherwise you're paying for things you don't need.
- 1 free PCIe expansion slot
- fast 8 GB DDR4 RAM
- AES-NI capable
The i3 gives you all of that, at a lower price point which makes sense for the requirements given.
The Intel Xeon E3-1231 v3 is able to get as a refurbished CPU for ~140 Euros and a ASUS Q87T is able to get for ~99 Euros
too at eBay and a Intel Quad NIC is able to get for something around likes ~50 Euros at eBay too.For the actual use case expressed, an i3 will probably outperform the E3-1231v3. There's nothing magical about the fact that intel slapped a xeon label on the box.
-
I want to be using snort and suricata is definitely something that i want.
Do you believe the i3 6300 can run those + purchase other packages that i dont know yet while keeping up with 1Gb/s?My Pentium G3220 was able to handle my Gbit line with Snort activated just fine. Note that I didn't go crazy with loading the rules - just the basics like blocking known bad IPs, malware, trojan, botnet categories and similar.
Not sure about Squid since I don't have a need for reverse proxy, or web filtering. Trying to cache with a 1GbE line for a small household just doesn't make sense to me.The i3-6100 is definitely faster than what I have, with the advantage of AES-NI if you ever want to setup IPSEC tunnels with GCM.
-
Don't hijack someone else's thread. Open a new thread and folks on this forum will help you troubleshoot.
