10Gbe routing with PFsense
-
I´m looking to upgrade some of my network infrastructure to 10Gbps, and have ordered a Dell X4012 layer 2+ switch. This switch will do wire speed routing between my internal VLANs, but my DMZ VLANs are routed through a PFsense box. The PFsense machine will have a Intel X520-DA1 nic, and the rest of the 10Gpbs connected hardware will use Mellanox ConnectX-2. Right now, the PFsense server is using a budget AMD 5350 2GHz quad-core CPU and 4GB of ram.
The question is, what kind of performance can I expect going from my internal nets through PFsense to my DMZ nets ? Of course this is dependent on packet size, but I´m most interested in the performance with large file transfers which should mean jumbo frames will be used efficiently. The firewall ruleset is very simple, full access from internal -> DMZ , no access DMZ -> internal.
I´m open to upgrading the PFsense hardware to something more powerful if that would significantly increase performace. -
I´m open to upgrading the PFsense hardware to something more powerful if that would significantly increase performace.
- Intel Xeon D-1518, D-1528 or D-1548 with 4/8, 6/12, 8/16, 12/24 or 16/32 Cores/Threads.
- Intel Xeon E3-12xxv3 (4C/4T) starting @3,0GHz upstairs
- Intel Xeon E5-2600v3 (4C/8T - 6C/12T) starting @3,0GHz upstairs
….and 4GB of ram.
8 GB - 16 GB ECC so fast as you could get your hands on (DDR3-1600,1860 or DDR4-2133)
and it will be supported by the Board and CPU! Mostly the CPU is powerful enough, but their
memory system got rendered!- high up the mbuf size to 1 million, because each CPU core is opening for each LAN Port one queue!
- if Squid is in use, please high also up the default memory RAM size (256 MB) and usage of Squid.