Need help fast - CPU for 1Gb/s
-
I can get the i3-6300 for the same price as the 6100, would it be a upgrade or a downgrade?
For the same price, no reason not to get the 6300.
-
Get the Xeon E3. The C2758 is OK for closer to 1gig throughput but E3 will give better performance with resource intensive packages like snort/suricata, while keeping up with 1gig throughput.
-
I can get the i3-6300 for the same price as the 6100, would it be a upgrade or a downgrade?
For the same price, no reason not to get the 6300.
sweet :)
Looking back on previus entry by P3R, how does this 6300 compare against the e3-1220L? it was running 1Gb/s using 50%, can i aspect the same or even better?Get the Xeon E3. The C2758 is OK for closer to 1gig throughput but E3 will give better performance with resource intensive packages like snort/suricata, while keeping up with 1gig throughput.
I want to be using snort and suricata is definitely something that i want.
Do you believe the i3 6300 can run those + purchase other packages that i dont know yet while keeping up with 1Gb/s? -
I would expect to see 1Gbps firewall and NAT throughput using any of those CPUs. Though it does depend on your traffic type. If you are passing all VoIP with tiny packets you might struggle.
Just to add a random number I can pass 1Gps firewall and NAT using iperf (not a real world test but….) in a box I have here running a Core2 E4500 from 2008. Intel NICs on that helps. The G4400 annihilates that in every test.
http://www.cpubenchmark.net/compare.php?cmp%5B%5D=2564&cmp%5B%5D=936&cmp%5B%5D=2634If you plan to add Snort or Squid or other packages then multicore becomes more important. The igb driver can use multiple CPU cores quite well. There become too many variables though when adding packages to give any sort of throughput estimate. If you need 1Gbps with Snort and a load of signatures then get the most powerful CPU you can.
Steve
-
If you plan to add Snort or Squid or other packages then multicore becomes more important. The igb driver can use multiple CPU cores quite well. There become too many variables though when adding packages to give any sort of throughput estimate. If you need 1Gbps with Snort and a load of signatures then get the most powerful CPU you can.
Thats what i though at first too, but i also liek to keep the cost down and not have to pay or overkill stuff which i wont take full advantage of.
on the topic of multicore, how come c2758 is the top of the line in pfsense store when xeon appear to be so much better?
does those 8cores really do that much difference compared to 4? -
Top of the line in the pfSense store is the Xeon D-1541 based XG-1541:
https://store.pfsense.org/XG-1541-1U-pfSense-Security-Gateway-Appliance-P88.aspx
Which is much more powerful. :)
Steve
-
Top of the line in the pfSense store is the Xeon D-1541 based XG-1541:
https://store.pfsense.org/XG-1541-1U-pfSense-Security-Gateway-Appliance-P88.aspx
Which is much more powerful. :)
Steve
Okey, next best then :P
But still, how any cores do you really need? -
Looking back on previus entry by P3R, how does this 6300 compare against the e3-1220L? it was running 1Gb/s using 50%, can i aspect the same or even better?
The 6300 is several times faster.
-
I can get the i3-6300 for the same price as the 6100, would it be a upgrade or a downgrade?
For the same price, no reason not to get the 6300.
sweet :)
Looking back on previus entry by P3R, how does this 6300 compare against the e3-1220L? it was running 1Gb/s using 50%, can i aspect the same or even better?Get the Xeon E3. The C2758 is OK for closer to 1gig throughput but E3 will give better performance with resource intensive packages like snort/suricata, while keeping up with 1gig throughput.
I want to be using snort and suricata is definitely something that i want.
Do you believe the i3 6300 can run those + purchase other packages that i dont know yet while keeping up with 1Gb/s?i3 6300 can run resource intensive packages. But IDS/IPS, Squid, Clamav scans may slow response times (like site retrieval response) when network activity is high. Go with the Xeon :-)
-
i3 6300 can run resource intensive packages. But IDS/IPS, Squid, Clamav scans may slow response times (like site retrieval response) when network activity is high. Go with the Xeon :-)
What, exactly, do you think that chip will bring to this particular set of requirements, especially to justify the significantly higher price? I mean heck, why not just spec a 22 core E5 because something else just might be slower?
-
As I am remembering there was anywhere told about a budget from 600 - 700 dollars or euros here in that thread or?
And top fit all needs that are posted here it might be, that more then one unit could be really rocking fine and suite all
the wishes for sure, but it is also a thing of how long that will be used, how much power that unit will take and what
is the real head space for future packets, services or options, mostly this will grow up and not scale down!!!A D is overkill and overpriced.
Why? Because you say it? Let us see how much this might be over the 600 - 700 $/ Euro in the real world!
Supermicro Barebone SuperServer SYS-E300-8D for ~760 Euros
2 x 4 GB DDR4-2133 RAM for ~60 Euros
1 x 120 GB mSATA for ~30 EurosThen you will get a;
- Xeon D-1518 4C/8T @2,4GHz
- 6 Intel based RJ45 GB LAN Ports
- 2 Intel based SFP+ Ports (10 GBit/s)
- 1 free PCIe expansion slot
- fast 8 GB DDR4 RAM
- fast 120 GB mSATA
- AES-NI capable
- DPDK capable
All-in-all for 850 Euros that is only 150 bucks over the budget, without any kind of fiddling and ready to go for
many years and installed packets and also for the 1 GBit/s.The E3 is also overkill. For this person's requirements (doesn't care about fanless/embedded) the G4500 is fine, or a couple of bucks more for a i3-6100 will get a little more clock speed & hyperthreading.
In usual there are three different layers you will be in!
1 underperformed - nothing goes right and all went wrong
2 right performed - all runs well, but for how long time?
3 over performed - is not really right because it is likes point two, but for sure for a longer time running!!!The Intel Xeon E3-1231 v3 is able to get as a refurbished CPU for ~140 Euros and a ASUS Q87T is able to get for ~99 Euros
too at eBay and a Intel Quad NIC is able to get for something around likes ~50 Euros at eBay too.What, exactly, do you think that chip will bring to this particular set of requirements, especially to justify the significantly higher price?
If really such power is needed, I would go with server grade parts or with parts for 24/7/365 and not with other hardware.
Xeon E3 is;- AES-NI
- server grade
- power saving
- CPU with 4C/8T
- hyper threading
- 3.40 GHz / 3,8 GHz
Both set ups should be sufficient enough to handle all kind of things here.
-
i3 6300 can run resource intensive packages. But IDS/IPS, Squid, Clamav scans may slow response times (like site retrieval response) when network activity is high. Go with the Xeon :-)
What, exactly, do you think that chip will bring to this particular set of requirements, especially to justify the significantly higher price? I mean heck, why not just spec a 22 core E5 because something else just might be slower?
Xeon E3-1245 v2 3.4GHz 8Gb 1.0TB
Workstation with this config is going for around $250 on eBay. That is one significantly high priced system. ;D -
@BlueKobold:
but it is also a thing of how long that will be used, how much power that unit will take and what
is the real head space for future packets, services or options, mostly this will grow up and not scale down!!!Buying extra compute because you might need it in the future is a sucker's game. The D in particular is overpriced unless you plan on (immediately) running 10Gbps or need a single socket system with 128G (which is its design target).
A D is overkill and overpriced.
Why? Because you say it?
No, because the spec sheets say it.
- Xeon D-1518 4C/8T @2,4GHz
- 6 Intel based RJ45 GB LAN Ports
- 2 Intel based SFP+ Ports (10 GBit/s)
- DPDK capable
All of that is only important if you need it. Otherwise you're paying for things you don't need.
- 1 free PCIe expansion slot
- fast 8 GB DDR4 RAM
- AES-NI capable
The i3 gives you all of that, at a lower price point which makes sense for the requirements given.
The Intel Xeon E3-1231 v3 is able to get as a refurbished CPU for ~140 Euros and a ASUS Q87T is able to get for ~99 Euros
too at eBay and a Intel Quad NIC is able to get for something around likes ~50 Euros at eBay too.For the actual use case expressed, an i3 will probably outperform the E3-1231v3. There's nothing magical about the fact that intel slapped a xeon label on the box.
-
I want to be using snort and suricata is definitely something that i want.
Do you believe the i3 6300 can run those + purchase other packages that i dont know yet while keeping up with 1Gb/s?My Pentium G3220 was able to handle my Gbit line with Snort activated just fine. Note that I didn't go crazy with loading the rules - just the basics like blocking known bad IPs, malware, trojan, botnet categories and similar.
Not sure about Squid since I don't have a need for reverse proxy, or web filtering. Trying to cache with a 1GbE line for a small household just doesn't make sense to me.The i3-6100 is definitely faster than what I have, with the advantage of AES-NI if you ever want to setup IPSEC tunnels with GCM.
-
Don't hijack someone else's thread. Open a new thread and folks on this forum will help you troubleshoot.
-
I am able to get 660mbs natted/firewalled through pfsense 2.3 on ESX 5.5u2 using core i3 processors, so the processors don't need to be terribly powerful as others have said.
thx
-
I am able to get 660mbs natted/firewalled through pfsense 2.3 on ESX 5.5u2 using core i3 processors, so the processors don't need to be terribly powerful as others have said.
It is not the same what we where talking about my eyes.
1. If you are installing many packets such Squid, snort and pfBlockerNG they will all slow down the whole throughput
a bit, step-by-step but it would be then more then difficult to reach or hold the "real" 1 GBit/s throughput that is wished
here in that case.2. If you are using ESXi and you are using not PPPoE you will be also not being single cpu core threaded, but on an
native installation and if other must using PPPoE it will be single cpu core threaded and that is an greater difference
then the most of us would expect.3. If there is often talked about that the Ethernet drivers will play also a role here in that game, somewhere I was reading
about using the older Intel PRO/1000 PT dual or quad port cards based on the usage of the em driver from pfSense, that this
might be better then using the igb(4) drivers where the newer NICs will be based on such the Intel i340 or i350 or i210 NICs
you will be also off of that problem too! Because your driver that is counting is then the ESXi driver that is using the NICs inside! -
I would expect to see 1Gbps firewall and NAT throughput using any of those CPUs. Though it does depend on your traffic type. If you are passing all VoIP with tiny packets you might struggle.
It may struggle with small packets? My only experience is with my home PFSense with Haswell i5 3.2ghz + Intel i-350. A few weeks back I finally got iperf working correctly on my Windows desktop and was able to almost send 1.4Mpps of UDP. Almost 70% kernel time, it was struggling to reach line-rate, but got very close.
I found a public iperf UDP server, set PFSense to shape to 1Gb/s instead of my normal 150Mb/s, pointed at it and let it rip. PFSense was claiming about 1.4Mpps hitting the LAN interface and about 1.4Mpps leaving the WAN. This was through NAT and with HFSC still enabled, just set to 1Gb/s. To top it off, the system load graph was claiming about 15% system time and just under 20% total CPU. The graph is averaged to 1min, so I had the iperf test run for 2min to make sure I got a full minute sample.
Of course the iperf results were as expected with around 85% packetloss. That happens when you attempt to shove 1Gb of traffic down a 150Mb link.
