Parts for building router for Gbit speeds
-
I live in Sweden so newegg is a no go.
Then Tradera or ebay is your best bet. A dual port server NIC can usually be found for 200-300SEK.
-
Dual port Intel chipset NICs can be had for $20 or $30 USD used. I use an HP NC360T (dual 1Gbps Intel, PCIe x4) and it works perfectly.
-
The bigger issue is that if you actually are trying to sustain 1Gbps transfer rate that's almost impossible on a 1Gbps ethernet because you'll have a certain level of inefficiency when the medium saturates. If 900Mbps plus or minus isn't good enough then you need either a channel bonding solution or 10Gbps. You can also get a couple more percent utilization with jumbo frames, but that's not particularly useful for internet traffic.
I agree, but if the ISP is handing off the connection with a single 1Gbps ethernet port it doesn't matter what OP uses above and beyond that; the ISP port would be the bottleneck if link aggregation or a 10Gbps NIC is used.
I'd just try and match whatever the ISP is handing off to you with a quality NIC of the same speed.
-
Nearly 1Gbit isnt quite good enough. Well, it depends on what nearly is in real world.
936 MBit/s + TCP/IP overhead + time to proceed pf (firewall rules) is nearly 1 GBit/s
-
If you're just looking for a router then this may be a fun read:
http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/
If not, still a fun read.
-
Sorry for late answer.
I have seen talk on the DSLReports forum that to get gigabit speed one needs a four-core CPU having 3.5GHz. Of course its under debate there, and I have not had time to verify whether its true or not. One has added that for the motherboard, additional requirement is either onboard Intel dual-port, or dual-port Intel NIC on a x4 PCIe slot. Again I have not verified this, but you may want to look into it.
That's simply ridiculous.
Elaborate please.
I don't care if someone said it on DSLReports, that's wildly excessive for routing a single gigabit–which isn't very much bandwidth these days. You also don't need a particularly fancy NIC, again, this isn't a hard requirement to meet in 2016.
The bigger issue is that if you actually are trying to sustain 1Gbps transfer rate that's almost impossible on a 1Gbps ethernet because you'll have a certain level of inefficiency when the medium saturates. If 900Mbps plus or minus isn't good enough then you need either a channel bonding solution or 10Gbps. You can also get a couple more percent utilization with jumbo frames, but that's not particularly useful for internet traffic.
Many routers i could by will stop beetwen 750 and 900Mbps and that is not good in my Eyes. If it needs 10Gbit card to avoid as much overhead and other things as possible thats hit the performance, i could think of buying those. But it also depends on how much CPU perfomance i need. And still, this is not settled.
I live in Sweden so newegg is a no go.
Then Tradera or ebay is your best bet. A dual port server NIC can usually be found for 200-300SEK.
Checking in there time to time and hasnt find a great deal yet. But it could happen.
Dual port Intel chipset NICs can be had for $20 or $30 USD used. I use an HP NC360T (dual 1Gbps Intel, PCIe x4) and it works perfectly.
If i find one that are cheap i would do it. But i need te settle my hardware first so i dont buy something thats bottlenecks.
The bigger issue is that if you actually are trying to sustain 1Gbps transfer rate that's almost impossible on a 1Gbps ethernet because you'll have a certain level of inefficiency when the medium saturates. If 900Mbps plus or minus isn't good enough then you need either a channel bonding solution or 10Gbps. You can also get a couple more percent utilization with jumbo frames, but that's not particularly useful for internet traffic.
I agree, but if the ISP is handing off the connection with a single 1Gbps ethernet port it doesn't matter what OP uses above and beyond that; the ISP port would be the bottleneck if link aggregation or a 10Gbps NIC is used.
I'd just try and match whatever the ISP is handing off to you with a quality NIC of the same speed.
You mean that the ISP could bottleneck? Is it so that the mediaconverter it self could lower the speeds?
@BlueKobold:
Nearly 1Gbit isnt quite good enough. Well, it depends on what nearly is in real world.
936 MBit/s + TCP/IP overhead + time to proceed pf (firewall rules) is nearly 1 GBit/s
I could live with 950Mbps both ways, but i whas hoping to achive and get as close to 1Gbit as possible.
If you're just looking for a router then this may be a fun read:
http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/
If not, still a fun read.
I read this. But i still want to build my router :)
-
Many routers i could by will stop beetwen 750 and 900Mbps and that is not good in my Eyes.
Then you should be buying a router that is really capable to handle nearly 1 GBit/s.
- Intel Xeon E3 v3 (dual or quad core pending on the installed packets and running services)
- Intel Core i3, i5 or i7 (dual or quad core pending on the installed packets and running services)
- Intel Celeron G3260 (if it can handle all the installed packets it might be also running well for you)
If it needs 10Gbit card to avoid as much overhead and other things as possible thats hit the performance, i could think of buying those. But it also depends on how much CPU performance i need. And still, this is not settled.
XG-1541 or Supermicro Intel Xeon D-15x1 series will be coming with 1 GBit/s and 10 GbE Port
by default.I could live with 950Mbps both ways, but i was hoping to archive and get as close to 1Gbit as possible.
Don´t get me wrong please, but you will archive at a 1 GBit/s LAN port really 1 GBit/s + TCP/IP
overhead and time for working out the pf (packet filter)? How should this work? Then perhaps
you will buy a 10 GBit/s card for getting your straight 1 GBit/s? Perhaps you spend the money
for a nice appliance and all is right for you! -
You mean that the ISP could bottleneck? Is it so that the mediaconverter it self could lower the speeds?
It just depends on the media they hand off to you. All I'm saying is that if they give you a 1Gbps copper port, a 10Gbps port on your router won't make your connection any faster since it will only negotiate at 1Gbps.
-
So, i finaly started purchase parts.
Core i3 6320
ASRock C236WS I
8GB Corsair Vengance LPX 2133MHz CL13
120GB Samsung 750 EVOI will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
I will return and share the results i will have form this router.
-
Sooo, how did the i3 work out?
-
I will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
You only need ~2,000 passmark for gigabit speeds, the Core i3 is about 2x - 3x faster than necessary.
-
Sooo, how did the i3 work out?
Sorry for late answer. The build started with a bad motherboard that burned the memory and CPU. But the warranty checked so i got new parts quite fast. The i3 is holding up quite well. I dont have pick to share, But i get around 980Mpbs down and around 975Mbps up. Total WAN to LAN throughput landing on around 1890Mbps, and that speed om not happy with. But I think it only needs some more tuning. But one thing dont work well. I have turned of HT on it. When several units whas online the CPU used HT threads and not the physical cores and that draged the throughput down alot.
I will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
You only need ~2,000 passmark for gigabit speeds, the Core i3 is about 2x - 3x faster than necessary.
But still i cant use the whole CPU. With HT on i get really bad performance.
-
Sooo, how did the i3 work out?
Sorry for late answer. The build started with a bad motherboard that burned the memory and CPU. But the warranty checked so i got new parts quite fast. The i3 is holding up quite well. I dont have pick to share, But i get around 980Mpbs down and around 975Mbps up. Total WAN to LAN throughput landing on around 1890Mbps, and that speed om not happy with. But I think it only needs some more tuning. But one thing dont work well. I have turned of HT on it. When several units whas online the CPU used HT threads and not the physical cores and that draged the throughput down alot.
I will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
You only need ~2,000 passmark for gigabit speeds, the Core i3 is about 2x - 3x faster than necessary.
But still i cant use the whole CPU. With HT on i get really bad performance.
Im using also an i3(7320) with HT on, and i dont notice any perfomance issue, as far as i know.
2 cores along with 2 threads doing ok.What services have you running in your pfsense box?
-
Sooo, how did the i3 work out?
Sorry for late answer. The build started with a bad motherboard that burned the memory and CPU. But the warranty checked so i got new parts quite fast. The i3 is holding up quite well. I dont have pick to share, But i get around 980Mpbs down and around 975Mbps up. Total WAN to LAN throughput landing on around 1890Mbps, and that speed om not happy with. But I think it only needs some more tuning. But one thing dont work well. I have turned of HT on it. When several units whas online the CPU used HT threads and not the physical cores and that draged the throughput down alot.
I will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
You only need ~2,000 passmark for gigabit speeds, the Core i3 is about 2x - 3x faster than necessary.
But still i cant use the whole CPU. With HT on i get really bad performance.
Im using also an i3(7320) with HT on, and i dont notice any perfomance issue, as far as i know.
2 cores along with 2 threads doing ok.What services have you running in your pfsense box?
Now this i should have answered earlier on. But work had the best of me.
The problems with the HT on the CPU whas all BIOS. I did revert to an older BIOS, and then uppdate it again.
The short answer is none. I use stock pfsense thats configured as a router. Only NAT and SPI are a bit changed in rules.
But i will do some tests on my machine quite soon. My dads business is in dire need for a better network security solution. And we are about to test both Firewall and VPN performance with my machine. If it is up to the task, i am going to build one for his company. With that in mind, i will be much much more in this forum very very soon! -
i5 @3.2ghz+ (the skylake non-k) cpus can be overclocked
16gb ddr4
120gb ssd
It is common on here that when someone asks for hardware recommendations for gigabit WAN to recommend they buy a router that is much faster than the average desktop computer.
The hardware recommendations are generally about the same whether the user wants to use a lot of packages & VPN or just the very basic features of pfSense (like you).
It might be true, but I doubt it because it just doesn't make sense.
I suspect that the reason for this is because like you stated most people don't report back with their actual performance once they buy hardware. Until that starts happening people will keep recommending heavy duty CPUs to NAT gigabit WAN, even for home use, even for no packages.
There is sense in why this happens though, if someone gets recommended underpowered hardware and it doesn't work out they are liable to lose their minds because they wasted money and it didn't do what they wanted.
If someone gets recommended to buy a little supercomputer to NAT gigabit WAN, buys it and surprise surprise it works. They still wasted their money, but at least it worked.I suspect that this can be done with a modern passively cooled celeron, but I'm also not in the IT or networking profession so you can take my opinions with a grain of salt.
Thank you for reporting back with your findings! It is very helpful for future users to know that:
-
Celeron XYZ works for full gigabit w/ NAT only & light firewalling @ x% CPU
-
Celeron XYZ maxes out at XXXMbps w/ NAT only & light firewalling
-
Xeon XYZ works for full gigabit w/ NAT only and light firewalling @ x% CPU
-
Xeon XYZ works for full gigabit w/ NAT only and light firewalling @ x% CPU
-
i5-XXXX works for full gigabit w/ X packages and Y firewalling @ x% CPU
-
etc.
Basically all the feedback you can give on the forums will be invaluable, not many people have gigabit WAN to test hardware out on!
The i3[-6320 @ 2x3.90GHz w/ HT disabled] is holding up quite well… ...i get around 980Mpbs down and around 975Mbps up. Total WAN to LAN throughput landing on around 1890Mbps... ...But one thing doesn't work well. I have turned of HT on it. When several units were online the CPU used HT threads and not the physical cores and that dragged the throughput down a lot.
But still i cant use the whole CPU. With HT on i get really bad performance
This is great feedback, thank you! Can you share what kind of system usage you're getting when the system is under load on WAN, LAN, WAN & LAN?
How many clients is this supporting?
It's valuable to know that you were getting gigabit with only 2 cores.The more detailed info you can share the better! ;D
-
-
not many people have gigabit WAN to test hardware out on!
new users can test their new rig before using by connecting WAN inside existing (or easy to create) 1GbE LAN. imho this should be done always, if not speed testing, it's kind of part for burning in router, including letting network interface to run fullduplex 24/3 (via iperf or some P2P disk speed).
this is what i did and still do with H270M-ITXac + 7100T (#10, #12, #16 on that thread) i just cannot afford to put this router in prod while untested and unconfigured 100%. haven't gotten to snort yet (and surely will report back on that thread) but, hey, i3-7100T as for now gives 1GbE for "normal" traffic without a drop, which shows that cheaper Pentiums do also (does not have AVX2 though)./ranting
one could argue, that testing means much hardware, time and effort - sure, but what environments pfsense is for then? plug and play at home? if one does not have hardware or time to test such router, does he/she actually need x64 based monster or should stick with OpenWRT on high-end-consumer TPLINK? i have deployed real time network intensive installations (basically never ending TCP & UDP stream) 24/7/200 interactive w/ all traffic through OpenVPN on the latter. subjectively, OpenWRT performs on not-the-cheapest TPLINKs (~60 EUR) really good. -
not many people have gigabit WAN to test hardware out on!
…does he/she actually need x64 based monster or should stick with OpenWRT on high-end-consumer TPLINK? i have deployed real time network intensive installations (basically never ending TCP & UDP stream) 24/7/200 interactive w/ all traffic through OpenVPN on the latter. subjectively, OpenWRT performs on not-the-cheapest TPLINKs (~60 EUR) really good.
That's good to know about the testing on LAN!
For myself, I started looking for an alternative to SOHO routers because my wife kept calling me telling me that the internet was down on our Archer C2 with a 15Mbps connection on a very small home network doing not much of anything. She had to unplug it and reboot several times a month.
I looked into DD-WRT, but it carries the risk of bricking your router. I don't know how high it is but it was a small deterrent. I also was occasionally using VPN's while travelling but was annoyed with having to connect and disconnect it on each client I wanted to use it on. So I liked the idea of VPN on my router providing the service to a whole network all the time, and even high end SOHO routers are not great at this, and they cost nearly $300.
That's how I came around to pfSense, it was much cheaper than a high end SOHO router, is dramatically more capable and carries no risk of bricking my device. My Archer C2 has performed without a hitch as an AP.All that to say that there are reasons to choose pfSense over DD-WRT, Open-WRT, Tomato, etc. Cost and risk of bricking being the two that standout for a home user. All of that goes out the window when people start recommending ix-core CPU's, Xeons, etc. for home users. (Gigabit is a little different but it's looking more and more like modern passively cooled celerons can NAT @ gigabit speeds).
-
this is really going offtopic. i quickly went through my memories and have to say have flashed, reflashed routers with Open/DD-WRT more than few hundred times. flashin since late 2000's. just last year i have reflashed about 30 routers for different project needs. it is the very first thing i do to any router that has been bought for project needs (this is a way we can strip down networking costs - take consumer grade router that is supported or known to work, flash it) or any personal needs (friend asks for advice, i recommend something that can be flashed and immidiately do it). i have never ever bricked one of them through last 10 years. but i always choose only linksys (ah, the infamous wrt56gl @ mid last decade) or for past ~5 years always TPLINK (TL WDR3600 w/ Atheros @0.5Ghz being bang for the buck)
-
Many of new users are seeing mostly and only that there are some packets available to install on their pfSense box, but in
real life if they are installing IDS, (Snort or Suricata), a proxy (Squid), Antispam (DansGuardian) and AVScan (ClamAV)
we are talking then about a fully featured UTM device that should be delivering at least nearly 1 GBit/s at the WAN port!What do you think you must pay at SonicWall or Sophos for their SG or WXA seris to get 1 GBit/s out after the AVScan?
Then we are in the 1000 - 2000 Euro region or area and the license fee must be counted on top of this, so in my eyes to
get one real GBit/s at the WAN for a pfSense firewall only must not be paid so hard for sure, but installing all packets
together with 1 GBit/s at the WAN will be also not on the same stage as a lazy ~$60 router that is only doing SPI/NAT!Where is their the captive portal and all the other packets available to install? So it might be pointed to many things
and not only to one or two points in that game here, as I see it right, or am I wrong now?For a guy in Honkong with 1 GBit/s FTTH fiber connection without PPPoE this set up is working great for ~360 Euros
and delivering ~936 MBit/s as throughput in total to the LAN and this absolutely silent!- Jetway NF9HG-2930 ~$200
- M350 mini-ITX case ~$50
- 30 GB mSATA SSD ~$50
- 8 GB DDR3 RAM ~$40
- PSU ~$15
So for sure if this might be all (firewall & VPN) this unit will do the job a bit longer as I see it right and together with a
Radius Server, Captive Portal and OpenLDAP server it might be offering a really good matching security to smaller networks. -
@BlueKobold:
Many of new users are seeing mostly and only that there are some packets available to install on their pfSense box, but in
real life if they are installing IDS, (Snort or Suricata), a proxy (Squid), Antispam (DansGuardian) and AVScan (ClamAV)
we are talking then about a fully featured UTM device that should be delivering at least nearly 1 GBit/s at the WAN port!What do you think you must pay at SonicWall or Sophos for their SG or WXA seris to get 1 GBit/s out after the AVScan?
Then we are in the 1000 - 2000 Euro region or area and the license fee must be counted on top of this, so in my eyes to
get one real GBit/s at the WAN for a pfSense firewall only must not be paid so hard for sure, but installing all packets
together with 1 GBit/s at the WAN will be also not on the same stage as a lazy ~$60 router that is only doing SPI/NAT!Where is their the captive portal and all the other packets available to install? So it might be pointed to many things
and not only to one or two points in that game here, as I see it right, or am I wrong now?For a guy in Honkong with 1 GBit/s FTTH fiber connection without PPPoE this set up is working great for ~360 Euros
and delivering ~936 MBit/s as throughput in total to the LAN and this absolutely silent!- Jetway NF9HG-2930 ~$200
- M350 mini-ITX case ~$50
- 30 GB mSATA SSD ~$50
- 8 GB DDR3 RAM ~$40
- PSU ~$15
So for sure if this might be all (firewall & VPN) this unit will do the job a bit longer as I see it right and together with a
Radius Server, Captive Portal and OpenLDAP server it might be offering a really good matching security to smaller networks.deliver solid 1Gbit both ways with NAT and some basic Firewall options that are found on standard routers
The OP stated that he doesn't want any of those things.
Also, that's a €355/$380… for a celeron.... that's three years old. Horrible recommendation IMO unless the user absolutely must have SFF and is willing to pay a lot for it.