Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Are Xeon chips (example 5160 3GHz) good for IDS/IPS vs I3 or i5

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 2 Posters 504 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcmpayne
      last edited by

      I am looking forward to upgrading my router with a used 1u from ebay and wanted to know if some of the older chips like Xeon 5160 3GHz are good for IDS/IPS vs i3 or i5? The cost difference between a 1U in China is 500-700 for I3/i5 vs an older 1u on eBay with Xeon for 100.

      I have a fiber line to my house with 1GB up, and 1GB down but want to do Suricata, pfblockNG and OpenVPN and maintain as much as the throughput as possible.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        Pretty much any Intel CPU will be more than enough. If you want to future-proof the box for hardware encryption/decryption that is eventually coming to pfSense, be sure the CPU you choose supports AES-NI. The more important thing is to be sure the box has genuine Intel NICs (no Realtek network cards!). You also want at least 4 GB of RAM for an IDS/IPS, and more is even better. My box has 16 GB of RAM. Finally, you want plenty of disk space for logging.

        1 Reply Last reply Reply Quote 1
        • R
          rcmpayne
          last edited by

          Thanks,

          The Xeon 5160 does not support AES_NI but the e56xx chips do. Does # of Cores and or # of Threads vs clock speed matter here?

          https://ark.intel.com/content/www/us/en/ark/products/47924/intel-xeon-processor-e5630-12m-cache-2-53-ghz-5-86-gt-s-intel-qpi.html

          0_1551192857901_ca6f3fdd-3930-4ace-91d6-69c7df5034be-image.png

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            CPU clock speed is going to be most important. Snort 2.9.x is single-threaded, thus it can't do much with multiple cores. Suricata is multi-threaded and supports multiple cores, but a number of independent tests of its multi-core multi-thread performance don't indicate huge gains across the board (at least not what most folks would expect).

            One thing to consider with high core count processors (if you use Suricata) is the need for larger amounts of RAM. Suricata bases its initial TCP Stream memory buffer setups on the number of CPU cores. So, for example, with an 8-core CPU, Suricata will usually fail to start and throw a Stream Memcap memory error with the default package configuration. You have to greatly increase the Stream Memcap settings with high core count CPUs. There are some threads about that here in the IDS/IPS sub-forum.

            For home use, any dual-core or quad-core CPU is plenty of horsepower. I would suggest 2.5 GHz or higher for the clock speed. Higher is better of course better.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.