Another Noobie pfSense "What Hardware do I need for 1 GIG FTTH" Thread
-
First off, I appreciate the depth most of the experts on these forums spend answering these types of questions.
I would guess I have over 40 hours reading threads on these forums (and others smallnetbuilder, tomshardware etc) reading about builds, but I guess the diversity of opinions, configurations and connection speeds – I am overwhelmed and questioning every build I investigate.
I have used ASUS routers for years on Comcast internet, but in about a month I am moving to a city that has city-wide 1Gbps FTTH with an OTN that has one GbE port. I feel like we are reasonably intense internet family, as we consistently exceed 700 GB per month on Comcast. I want to maximize performance at the new home for the following reasons:
-
I work from home 24x7 via VPN - my job involves uploading and downloading hundreds of GB in a typical month over software VPN (I think I have to use corporate provided software for this)
-
We will have 3 semi-pro-tryhard eSports gamers living in the house and I want to provide the best gaming connections possible, and enable simultaneous (up to 3) Twitch live streams (I cant do that today on 6MB Comcast uplink)
-
I always want to improve my security profile, so Snort IDS/IPS is intriguing (but I haven't ever used it or pfSense)
-
I want visibility of data usage by each network device
However, I would also like to temper performance with electricity consumption (and therefore heat dissipation) a consideration. I currently pay to air condition the "gaming room" year-round, which the electric company loves and I hate. Adding another 90W TDP router to the household thermal profile would be disappointing. I feel like Firewall/NAT and some IDS/packet-inspection shouldn't take crazy hardware - but I guess I honestly don't know.
I see the following common builds being recommended on the website
-
J1900 and similar micro-computers - cheap, but not sure if 1Gb is out of reach of this hardware costs usually around $180-$200
-
ATOM (Rangely) - like A1SRI-2558F-O : Seems fantastic TDP, has some type of hardware issue, I estimate cost is $540 for 3+ year old technology
-
Older Intel Xeon Builds : which I suppose people are buying cheap/used and just burning more electricity and using older technology boards but with server NICS
-
Various builds which feel like gaming desktop builds to me - i5 and better CPUs with all manner of prosumer drives, boards and RAM, I imagine we are talking $400 and up here
-
pfSense official Hardware (with support), especially for noobs like myself (can this manage full 1Gb LAN-WAN?), something like SG-2220 ($300) or SG-2440 ($550)
Other options, not necessarily recommended on these forums:
-
ATOM (Denverton) - newer low power option, but seems delayed several times and I cannot currently find a motherboard with this processor.
-
Custom Firmwares and high-end Router solutions : got burned recently on a custom-firmware, high-end router (lost $350) but I guess for $200 - $400 just go this route
Can anyone guide me towards the right platform for my specific needs? I am now leaning towards i3-6100T, on possibly on ASRock H270M-ITX/ac or LGA 1151 Server-type motherboard. I also have a full ATOM C2558 build figured out but was a little turned off by the recent ATOM defect issue and lack of reliable info on Denverton which would be more current tech.
I would like to buy something that fits the following important factors:
-
new components with warranty
-
ideal budget would stay below $500, after all it's a router so spending 3x the cost of a prosumer router will be tough
-
lowest TDP possible, low 24x7 power consumption as possible (power cost is 0.093/kWh at new place)
-
must be small enough to fit in and understair internet/mechanicals space (OTN, pfSense Firewall/router and two gigabit switchs have to fit in a relatively small space, maybe 2ft x 2ft x 5ft)
-
optimized for low latency but reasonably intense 20x7 HOME internet usage which is borderline abusive (7AM-7PM for work-related and 3PM-3AM for intense gaming)
-
firewall / LAN-to-WAN at close to wire speeds
And if you made it clear to this point thank you for taking the time to read my entire post. :D
-
-
I feel like Firewall/NAT and some IDS/packet-inspection shouldn't take crazy hardware - but I guess I honestly don't know.
Firewall/NAT is not that intensive for gigabit, although many will lead you to believe that you need a mid-range gaming CPU to do this. But when you start to inspect all of your packets with an IDS/IPS, that is going to take a bit more power.
I can't tell you what you'll need for an IDS/IPS @ gigabit speeds, but if you haven't already check out the thread I just put up here:
https://forum.pfsense.org/index.php?topic=127793.msg705046#msg705046This is only in any way useful as a relative comparison, but you can see that a lowly passively cooled celeron can get pretty respectable performance even over a VPN with just firewall / NAT. But turning on IDS/IPS results in a dramatic drop in performance.
All that to say that if you really want to inspect all of your traffic then it will increase your system cost noticeably.
I see the following common builds being recommended on the website
- J1900 and similar micro-computers - cheap, but not sure if 1Gb is out of reach of this hardware costs usually around $180-$200
These are too old and not that much cheaper than a current Pentium IMO, but many people love them.
- pfSense official Hardware (with support), especially for noobs like myself (can this manage full 1Gb LAN-WAN?), something like SG-2220 ($300) or SG-2440 ($550)
Official hardware has great support, that's its driving feature. If you want support, buy official hardware. I can't tell you which box is the one you need for your purposes though.
I am now leaning towards i3-6100T
That is probably a great choice for what you described.
If you decide against IDS/IPS in the long run, a J3455 will probably meet all of your needs @ ~$75 for a SoC. That being said, it won't cut it for IDS/IPS. Additionally, you would have to either cut out the back wall of the PCIe v 2.0 slot or cut your NIC to fit on this board. This is within the PCIe spec (PCI slots didn't have a back wall & the PCIe pinout is designed for this, i340's even have a line on the PCB to indicate the end of the 1x pins), but many people are not comfortable doing this. The choice is up to you if this is the route you take, sir!
Generally though, a modern Pentium or i3 should do everything you described.
There's no value in chasing on-board NIC's unless oyu must have very SFF, PCIe v2.0 will max a 4 port NIC @ 1x speeds.
You can get great NIC's as used server pulls on eBay, I recommend a server pull i340-t4 (~$25).If you are really looking to keep the power and heat down, then I recommend not messing around with an IDS/IPS, getting a passively cooled SoC CPU and using a picoPSU with a decent AC/DC converter. Also, boot from either an SSD or USB 2.0 thumb drives. No moving parts, no fans, no noise and little heat.
-
Is that i340-T4 a low profile card (it looks like it is based on random pictures), and how do you make sure to get a non-China knockoff of that card off ebay?
On the power supply side of things, I am looking at either:
-
a semi-fanless (intelligent) SILVERSTONE SFX ST30SF 300W SFF which would fit my case perfectly, but be operating in suboptimal load range (likely 20-40% load likely under 80% efficient)
-
or doing the PicoPSU 90W or worst case 120W kits, where the DC-DC converter is super efficient (95%) but the connected wart idk how efficient they are, would look like crap but it's in a closet
Pricewise they are all $45, $52 and $55 so splitting hairs on price there
On the boot disk system, I thought about USB stick but was afraid I'd wear it out and kill the firewall/router if I accidentally turn something on that writes to disk. For this I'm considering:
-
Virtium SATA 16 GB Industrial XE StorFly25 - which is expensive ($98!) but supposed to be ultra-durable
-
Transcend MTS800 M.2 2280 64GB (TS64GMTS800) - while there is a premium for M.2 ($60), it would sure be clean looking install, provided I don't choose a MB without M.2!
-
I'm nervous about USB stick and cheap SSD, after reading in the forums about people killing them _incidentally if I'm just a worrisome nelly, tell me, I can just go with el-cheapo low-profile USB stick ;)
On the "dont chase onboard nics", I'm taking that to mean if I am going to buy a good intel PCIe card anyway, I can really get by with a cheap i3 mini-itx MB?_
-
-
Is that i340-T4 a low profile card (it looks like it is based on random pictures), and how do you make sure to get a non-China knockoff of that card off ebay?
It is low profile card, you can get it with either low profile or standard bracket and that can be swapped out with one screw.
https://ark.intel.com/products/49186/Intel-Ethernet-Server-Adapter-I340-T4
The best way to get a quality card off of eBay is to not purchase a card shipping from China and look for one described as a server pull from a reputable seller. People can always lie but you'll probably be fine. People have reported using the cheap Chinese knockoffs with no ill effects though so I wouldn't worry too much.On the power supply side of things, I am looking at either:
but the connected wart idk how efficient they are, would look like crap but it's in a closetYou can find used name brand stuff like EDAC (which is what the site I'm linking sells) with data sheets for cheap. The 60W one they sell is 88% efficient under load.
http://www.mini-box.com/Power-Supplies-Kits
http://resources.mini-box.com/online/PWR-ACDC-12V-5A-60W/PWR-ACDC-12V-5A-60W-specs.pdfOn the boot disk system, I thought about USB stick but was afraid I'd wear it out and kill the firewall/router if I accidentally turn something on that writes to disk.
I'm nervous about USB stick and cheap SSD, after reading in the forums about people killing them _To save money I would say that if you already have plenty of RAM (my system runs a lot of packages and my RAM disk is generally using about 800MB of RAM, I don't think I've ever seen it above 1.2GB but I have ~2.3GB dedicated to RAM disk just in case) to put into your system, then use they cheapest install media you can and run a RAM disk to save it from writes. I use USB install and I've left iostat -xw 1 running for quite a while in the background and the system very rarely actually writes to the disk. I'll report when the disks die but I expect it will last me years and the drives cost a few bucks each to replace when the time comes.
I wouldn't recommend buying more RAM just to do a RAM disk though because that defeats the purpose of cheap install media.
FWIW, once you get your system configured the way you want it just save the config.xml file to cloud backup or something and it won't matter much if your boot drive fails (no matter what kind of install media you use). If your boot drive fails, just reinstall to a new drive and backup from your config.xml and you're back in business, should only take a few minutes.
This is incidentally another great use case for installing to a thumb drive. If your boot HDD/SSD fails just throw a flash drive from your keychain onto your pfSense box, reinstall and restore and you're up and running again while you wait on a replacement drive.On the "dont chase onboard nics", I'm taking that to mean if I am going to buy a good intel PCIe card anyway, I can really get by with a cheap i3 mini-itx MB?
You can get motherboards that have high quality NIC's built in, but most on board NIC's are crap.
Some people want to chase a motherboard that has good NIC's built in. This is great if you need SFF or get them for a great price, but you'll typically pay a lot more for a motherboard with two onboard intel NIC's.
i340-t4's are excellent NIC's, low power and can be had for $25 on eBay, so I'm just saying don't beat yourself up trying to find a motherboard with the NIC's you want built in because it doesn't matter._ -
Is there a basic set of tests I could run and metrics I can post (once I get the whole kit assembled and get 1 Gig Internet!) that would productive to share with the community, so others can make an informed decisions whether they need J3355 or i3 (basically what tier to buy in to)?
-
The best way to get a quality card off of eBay is to not purchase a card shipping from China and look for one described as a server pull from a reputable seller.
Amazon can also be a good source. Older generation Intel Chipeset (em drivers) from HP, Dell, IBM, Intel are all good and can be had for $25-$45 or so (2 or 4 port) as used server pulls. I think the I340-T4 is a bit newer than what I'm talking about; the primary advantage of that for a pfSense build would be slightly less power draw due to newer lithography. It uses the newer igb driver afaik. Just bringing this up because I don't see any I340-T4 on ebay at the $25 price point :) But the ~$40 or so I do see for it would make it advantageous over the older cards just for the lower power draw.
-M
-
Yeah $25 is about as good of a deal as I've ever seen. I picked mine up for $30 a few weeks ago.
-
We're driving up demand! I just bought one and cheapest was $36 + shipping.
-
We're driving up demand! I just bought one and cheapest was $36 + shipping.
That's still a bargain IMO. Perhaps this means the venerable 82571EB chipset (13 yrs old at this point IIRC) is finally getting replaced by something slightly newer in the sub $50 server pull market :D
-
That's still a bargain IMO. Perhaps this means the venerable 82571EB chipset (13 yrs old at this point IIRC) is finally getting replaced by something slightly newer in the sub $50 server pull market :D
Agreed! IMO the i340 is the best all around NIC for almost everyone.
It's the most power efficient out the 3 main intel NIC's-
PRO/1000 PT t-4: 12W (that's like another quad core Celeron!)
-
i350-t4v2: 5W
-
i340-t4: 4.3W
Both the i340 & i350 are PCIe v2.x, meaning that they can get full quad port gigabit speeds on a PCIe v2.0 slot @ 1x speeds.
The i350 does have SR-IOV which can be very valuable for VM's, and Ethernet Power Management, but if you don't need those then i340 seems to be the winner to me!-
PRO/1000 PT Quad port ~$20
-
i340-t4 ~$35
-
i350-t4v1 ~$60
-
i350-t4v2 ~$a lot https://communities.intel.com/external-link.jspa?url=https%3A%2F%2Fqdms.intel.com%2Fdm%2Fi.aspx%2FB3EAA66A-ED91-4822-AE37-29781EC0930D%2FPCN113232-01.pdf
All can be had for much less if you're OK with a Chinese knockoff
-
-
Is there a basic set of tests I could run and metrics I can post (once I get the whole kit assembled and get 1 Gig Internet!) that would productive to share with the community, so others can make an informed decisions whether they need J3355 or i3 (basically what tier to buy in to)?
Absolutely, and it would be greatly appreciated!
Just post the hardware you end up building out, the connection you are using it on (to include type, i.e. PPPoE), number of clients it serves and packages you use and how you use them. Other details such as IPv4 only, if you have a light or heavy set of firewall rules, etc can be useful.
After that if you can max out your connection and post CPU usage statistics under load. Same thing if you use VPN.
-
Ok bought, assembled and installed. Now I need to figure out what testing would be useful to others browsing the forum.
-
ASRock H110M-ITX LGA 1151 Intel H110 HDMI SATA 6Gb/s USB 3.0 Mini ITX ($60)
-
Intel Core i3-6100T 35W Processor ($130)
-
4GB (1 x 4GB) 288-Pin DDR4 SDRAM DDR4 2133 (PC4 17000) ($27)
-
Silverstone Milo series ML05B Case ($53)
-
SILVERSTONE SFX Series SST-ST30SF-V2 300W SFX 80 PLUS BRONZE Active PFC PSU ($50)
-
Used eBay IBM Intel I340-T4 Quad GB ($37)
-
3 - SanDisk 16GB Ultra Fit CZ43 USB 3.0 Flash Drive ($25.80)
-
Misc Shipping: $22.48
Total Cost: $405.27
Power Consumption (Standby) : 20.0 W CPU: 0.05
Power Consumption (Base Config, routing 1G, no active packages) : 24.9 - 25.8 W
CPU Temperature: 40-42 C CPU: 6% - 8%LAN0 - OPT1 iPerf routing ( Desktop Realtek 1GB PCIe -> pfSense Intel (igb3) -> pfSense Intel (igb2) -> Desktop Realtek 1GB PCIe ) 946 Mbit to 949 Mbit
LAN0 - WAN iPerf routing ( Desktop Realtek 1GB PCIe -> pfSense Intel (igb3) -> pfSense Intel (em0) -> Desktop Realtek 1GB PCIe ) 942 Mbit to 944 MbitEstimating OpenVPN throughput using ( 3200 / execution_time_seconds ) = 371 MBits
openvpn --genkey --secret /tmp/secret time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
Estimating OpenVPN throughput using ( 3200 / execution_time_seconds ) = 374 MBits
openvpn --genkey --secret /tmp/secret time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-cbc
Some bullets about this build.
-
pfBasic recommends the picoPSU, and of course it probably would have worked! This being my first non-PC build I went familiar 300W with autofan, I might still order and try the picoPSU just to see if it saves power
-
This was literally the cheapest micro-ITX board I could find, I took the no-frills approach
-
The Silverstone case was much roomier than the M350 I was considering, the real turnoff for me of a smaller case was I didn't want to have to hack it up first thing to install the i340-T4
-
the i3-6100T comes with stock cooler that is pretty low profile, in this case I would estimate there is 1.25" clearance for another fan mounted on the bracket above the CPU, which could hold a HD if you didn't want to use the 4 SSD drive bays near the PSU
-
I am currently running pfSense off 3-USB3 Sandisk Ultrafit USB drives in a gmirror config, mostly to keep cost down versus SSD
What can I do next? Won't have 1G internet until approx 5/1. Could try routing with Snort or something more intense, route for a few hours to stabilize CPU temp idk.
-
-
A pico-PSU will save you a little bit of pwoer but not enough to justify buying it after you've already got an 80+ PSU. It mainly saves power by not having a fan and operating closer to it's design output on a router. I only saved 7W by switching from an old non-80+ PSU to a picoPSU on my HTPC. The main draw (to me) of the picoPSU is the total lack of noise. It's only valuable to save power as an initial buy, I would probably never recommend purchasing one to save power if you already have a PSU that works.
As far as benchmarks go, they are all greatly appreciated and a big contribution to this subforum!
Real world VPN usage & CPU utilization is great!
Same thing for non-VPN IDS usage/ VPN IDS usage.
Generally just knowing how hard your CPU has to work to achieve things is valuable, especially at gigabit speeds because not many people have access to that and far less report their performance on it!When you get a gigabit connection please let us know how hard your CPU is working to max out VPN, NAT, IDS, etc!
-
That's still a bargain IMO. Perhaps this means the venerable 82571EB chipset (13 yrs old at this point IIRC) is finally getting replaced by something slightly newer in the sub $50 server pull market
If you need, must or will absolutely or only use the (em) Driver in pfSense at the WAN port, it should be a chipset that is using
this driver! And if you fell free to use any Driver from pfSense at the WAN port you may go with any or all other cards.•PRO/1000 PT t-4: 12W (that's like another quad core Celeron!)
(em) driver
•i350-t4v2: 5W
igb(4) driver
•i340-t4: 4.3W
igb(4) driver
Intel Chipeset (em drivers) from HP, Dell, IBM, Intel are all good and can be had for $25-$45 or so (2 or 4 port) as used server pulls.
Some IBM card got their own firmware and are not running well or playing nice together with pfSense until you flashed the original
Intel firmware on that card and this is not even able to realize! -
@BlueKobold:
If you need, must or will absolutely or only use the (em) Driver in pfSense at the WAN port, it should be a chipset that is using
this driver!Huh? Why would anyone only use (em) drivers? (em) and (igb) are both supported and work great. PRO/1000 uses em, i3xx uses igb, they both work… I'm not sure I understand what you are saying here?
@BlueKobold:•PRO/1000 PT t-4: 12W (that's like another quad core Celeron!)
(em) driver
•i350-t4v2: 5W
igb(4) driver
•i340-t4: 4.3W
igb(4) driver
I'm not sure why you're listing the drivers for the cards? Both chipsets and drivers work great in pfSense.
@BlueKobold:Intel Chipeset (em drivers) from HP, Dell, IBM, Intel are all good and can be had for $25-$45 or so (2 or 4 port) as used server pulls.
Some IBM card got their own firmware and are not running well or playing nice together with pfSense until you flashed the original
Intel firmware on that card and this is not even able to realize!I've only ever heard of some IBM cards having some features turned off, never one that outright won't work with pfSense? do you have a reference for this?
-
Ok bought, assembled and installed. Now I need to figure out what testing would be useful to others browsing the forum.
-
ASRock H110M-ITX LGA 1151 Intel H110 HDMI SATA 6Gb/s USB 3.0 Mini ITX ($60)
-
Intel Core i3-6100T 35W Processor ($130)
-
4GB (1 x 4GB) 288-Pin DDR4 SDRAM DDR4 2133 (PC4 17000) ($27)
-
Silverstone Milo series ML05B Case ($53)
-
SILVERSTONE SFX Series SST-ST30SF-V2 300W SFX 80 PLUS BRONZE Active PFC PSU ($50)
-
Used eBay IBM Intel I340-T4 Quad GB ($37)
-
3 - SanDisk 16GB Ultra Fit CZ43 USB 3.0 Flash Drive ($25.80)
-
Misc Shipping: $22.48
Total Cost: $405.27
Power Consumption (Standby) : 20.0 W CPU: 0.05
Power Consumption (Base Config, routing 1G, no active packages) : 24.9 - 25.8 W
CPU Temperature: 40-42 C CPU: 6% - 8%LAN0 - OPT1 iPerf routing ( Desktop Realtek 1GB PCIe -> pfSense Intel (igb3) -> pfSense Intel (igb2) -> Desktop Realtek 1GB PCIe ) 946 Mbit to 949 Mbit
LAN0 - WAN iPerf routing ( Desktop Realtek 1GB PCIe -> pfSense Intel (igb3) -> pfSense Intel (em0) -> Desktop Realtek 1GB PCIe ) 942 Mbit to 944 MbitEstimating OpenVPN throughput using ( 3200 / execution_time_seconds ) = 371 MBits
openvpn --genkey --secret /tmp/secret time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
Estimating OpenVPN throughput using ( 3200 / execution_time_seconds ) = 374 MBits
openvpn --genkey --secret /tmp/secret time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-cbc
Some bullets about this build.
-
pfBasic recommends the picoPSU, and of course it probably would have worked! This being my first non-PC build I went familiar 300W with autofan, I might still order and try the picoPSU just to see if it saves power
-
This was literally the cheapest micro-ITX board I could find, I took the no-frills approach
-
The Silverstone case was much roomier than the M350 I was considering, the real turnoff for me of a smaller case was I didn't want to have to hack it up first thing to install the i340-T4
-
the i3-6100T comes with stock cooler that is pretty low profile, in this case I would estimate there is 1.25" clearance for another fan mounted on the bracket above the CPU, which could hold a HD if you didn't want to use the 4 SSD drive bays near the PSU
-
I am currently running pfSense off 3-USB3 Sandisk Ultrafit USB drives in a gmirror config, mostly to keep cost down versus SSD
What can I do next? Won't have 1G internet until approx 5/1. Could try routing with Snort or something more intense, route for a few hours to stabilize CPU temp idk.
Theorycrafting from this do you think a i3-7320 might be able to do 900-1000 MBits with a similar build? I was having fun trying to spec something similar that could.
https://pcpartpicker.com/list/xpfT3F
-
-
No, at least not on a single client. I don't know of any build that can max a gigabit connection at VPN speeds.
You could probably do it with a modern low end quad core running four instances in a gateway group so long as each core can hit 250Mbps(maybe a dual core if gateway grouping works well with HT). But that configuration has limitations and only certain types of traffic will be able to max out the connection. And I don't even know if that would work.
I think that's its an OpenVPN limit, not a hardware limit that makes gigabit VPN so difficult to attain.
Really it's all just anecdotal evidence at this point though. I don't know of any references of someone with a Gigabit connection trying to max pfSense OpenVPN performance on single and/or multiple instances. So if you end up giving it a shot please report back with your findings!
-
Omigosh long time away, back and forth moving and so forth - but now pfSense has been running on Gigabit for about 30 days and I've been routing everything through it – seems like a ROCK!
Second, wired speed test results (first seemed to be limited by laptop network card at 700/900)
I managed to setup OpenVPN but I don't have a very good 2nd connection to test out the maximum speed. I need time to warm up a neighbor so I can iPerf over OpenVPN from gig-to-gig to determine the max pfSense single-connection speed (minus packet-inspection) and also need to flip on inspection and check load. No hiccups so far with 6 computers, bunch of wi-fi stuff (smartphones, ipads, laptops) and Direct TV stuff all networked together. Found out lots of websites seem to have a download cap though.
One thing that stinks is I have to shutdown pfSense to install the UPS which arrived a couple weeks ago. There goes my 30 days of solid up-time!
-
Recommendations for anyone planning to use this type of configuration for themselves
1. I am probably the sorriest I went with the TDP crippled version of the processor.
-
My pfSense box runs at near-idle almost all the time. My bet is the regular processor would draw about the same in this state but have more headroom
-
I use the pfSense local display so rarely, I wish I had investigated the serial port version and maybe gone the no-graphics-at-all route
2. Considering the system is always near-idle, I probably should have followed some advice and used a more appropriately sized picoPSU.
-
It wouldn't really have saved any money (they are about the same price as the SFF)
-
But I suspect it would have been more efficient at near-idle.
-
And I would have had alot more space in the case for drives or cooling or something.
Other than that I am stupid happy with this as compared to even the best consumer routers I have ever owned.
I have it paired with an AC2200 Nighthawk X4 WiFi Range Extender (Model: EX7300) for whole house coverage.
-
-
I'm running a q1900b-itx which has an embedded j1900 and it handles 1gbit just fine. I've not set up a vpn yet. But heavy torrenting, streaming, gaming etc. does not exceed 20/30% cpu usage. Do note i don't have FTH. We have a dslam (i think some might call them nodes?) in the building and ethernet cables goes straight from the switch to a wan ethernet plug in the wall in every apartment. But it's kinda similar, just that we don't have any modems. We plug directly into the ISP switch that's located in the dslam.