Upgrading CPU, what to expect.
-
After weighing all the options (some of these low power builds utilizing the J1800/1900 look great), I've decided I will want to start utilizing OpenVPN and having an AES-NI instruction set CPU was important to me.
My build is (for those curious and/or if it is useful):
Rosewill 2U case
ASRock H61M-DGS (not R2.0)
Ripjaws Dual Channel 8GB 1333
Samsung 830 SSD 256GB
Intel i350-T4 (WAN, LAN, LAN2, LAN3)
Celeron G530Currently still on 2.3.2-RELEASE-p1
Before moving to this Celeron G530 back in, I believe early 2012, I ran an old Sempron (I -think-) with a single NIC and far less clients/devices, etc. In short, I simply opted for a new install altogether.
I'm curious what I should expect when upgrading the Celeron G530 to an i5-2470T. Because of the new instructions the "new" CPU will offer, will I need to do a reinstall? Will pfSense and packages (only running Snort at this time, though that will change) pick-up on the change of CPU just fine? Or should I proceed to do a backup of configuration/packages (I usually just do a full backup, as it creates only a 5MB file), install fresh then apply the backed up configuration?
I read a few posts/stories with either process causing some issues. I'm hoping to avoid many if not all of whatever issues I can. So, the path of least resistance is preferred.
TIA for your help/opinion/knowledge, whatever you have to offer is appreciated.
-
As long as you keep your nic, you can change the hardware and just boot. No need to reinstall.
-
As long as you keep your nic, you can change the hardware and just boot. No need to reinstall.
Excellent. Thank you for your reply.
-
I can confirm this, I loaded up an old HDD that had pfSense installed with an i5-2400 onto a system with completely different hardware (different NIC, motherboard, RAM & CPU). pfSense booted up just fine and recognized everything.
The only thing I had to do was reassign interfaces because the NIC was different, this took a few seconds and everything was up and running. -
Hi,
I have pfSense 2.4.2 running under Proxmox as a Virtual Machine, but it was installed with the CPU emulation set to "KVM" mode. I want to change this to "host" mode, so that the AES instruction set capability is passed on to the VM and so that pfSense can see it and also see my real processor. I assume from the the helpful post above that (keeping the NICs untouched) it will just detect the "new CPU" on startup and nothing should be broken - no need to reinstall?
While on the topic (maybe I should start a new thread?), are there any practical security implications of running the pfSense VM in "host" mode? I heard that it has "full access" to the host CPU. Well, why not? It would if it was on a dedicated machine anyway.
Cheers,
Dave -
Yes you should be able to do that without re-installing. Though if you did you could just import your config again and be up and running in no time.
The NIC restriction is to keep the same type of NICs. So that if you have em0 assigned as WAN there will still be an em0 interface in the new hardware. If you changed the NICs to hardware that uses a different driver, igb0 for example, you would need to re-assign them at the command line at first boot.
Steve
-
Thanks Steve.
I shut down the VM, changed the Proxmox CPU emulation from "KVM" to "host", and started it up again. pfSense continued working like nothing had happened. It's working beautifully - and shows the correct CPU details now - an i3 with the AES extension. The rest of the 'hardware' was the same, so there was no need to reassign the interfaces.
I hope this helps someone.
