Doubts Hardware for Gigabit Throughput
-
Cool, I’ve never seen Proxmox. I'm going to do a test here. But can pfsense as a VM affect cluster things? Or is it better to make a dedicated firewall server?
And with that hardware above I manage 1gbps? -
@maico-vanzo first make a cup of tea or coffee and please watch this video on Youtube, Before I do anything on Proxmox, I do this first...:
https://www.youtube.com/watch?v=GoZaMgEgrHw -
You wont hit 1gbit with that hardware in a VM nor directly on hardware.
What packages are you planning to run?
-
My old desktop (Gen 1 i3) with a 4 port Intel NIC easily routes faster than 1Gb. (takes all four NICs) I am not running any packages that might affect speed I have a few dozen rules.
So the HW will route at 1 Gb, but it may not be able to depending on what other work it has to do.
-
@andyrh A router is a different thing. A FW needs a lot more power to inspect packets at wirespeed
-
I will try to explain my idea.
I have a 600 mbps internet and a 35mbps backup. My idea is to put the 600mbps pppoe on PFsense routing the WAN, and a card giving dhcp on the LAN to the other equipment on the network (approximately 40 computers).
Because today I have a loadbalace that manages only 300mbps, but when I perform the speed tests it is only giving 150mbps. Because I believe that comsiga manages only 150mbps per WAN port.
So my idea was to put PFsense to manage all network traffic at 600mbps. Or put another equipment type microtik or uquikiti gateway. Because I thought that changing the network card by placing an intel pro / 1000 could manage 1gbps in pfsense and I like pfsense, I would not like to put another device on the network.
I don't know that I was able to explain, but that's the idea. -
Most of my traffic is encrypted so there is not much to inspect.
-
My pfSense (2.4.5_P1) is running on 2 vCPUs under ESXi 6.7U3. (Yeah, a bit behind the times.) No packages that require any heavy packet inspection.
Hardware is an E3-1265Lv2 (4 cores @ 2.5GHz) using an Intel i340-T4.
I have no problem pulling 1Gb/s through that. Your 3.3GHz CPU should do it easily.
-
@cool_corona said in Doubts Hardware for Gigabit Throughput:
@andyrh A router is a different thing. A FW needs a lot more power to inspect packets at wirespeed
These days, routers generally include firewalls. For example, I have a Cisco router here that does. That said, I suspect my Qotom mini PC could handle it. It has an i5 CPU, 4 GB memory and 4 Ethernet ports. However proper routers often have custom hardware to improve performance.
I agree running in a VM will kill performance.
-
@biggsy So if I put at least one new network card, one similar to yours has the possibility of reaching 1gb/s.
-
My understanding is Intel is the best choice. My Qotom computer has 4 Intel Ethernet ports and here are my speedtest results. CPU usage didn't exceed 5%.
-
Yes, as JKnott says, Intel is the best choice.
Just be aware that there are fake Intel cards being sold. Here is a link to a long thread about those and how to identify them:
https://forums.servethehome.com/index.php?threads/comparison-intel-i350-t4-genuine-vs-fake.6917/
-
My Qotom computer has the Ethernet ports built into the mom board, so no chance of a fake card.
