Hardware for 10-25 Gbit/s WAN/NAT
-
Dear netgate/pfSense forum!
I am in the luxurious situation that I will get a symmetric 25 Gbit/s WAN link right to my home for the same price as the 1 Gbit/s offering was.
Currently, I am using an ubiquiti USG which does the job for 1 Gbit/s. However, I'd like to switch over to pfSense as I really like it in the datacenter.
My needs:
- NAT
- Port forwarding
- DHCP Client/Server
I will not use IDS/IPS for my home use case, so we dont need to take this into account for performance.
Now, I most likely will go for the 10 Gbit/s offer, which will get to me via an SFP+ module. (I could opt for 25 Gbit/s, but I think hardware wise it would make a big jump, right?)
I read so many different opinions about "how much compute power do I need" that I'm confused.
Has someone built/bought their own system which is capable of pushing 10 Gbit/s LAN<->WAN through NAT (no IPS/IDS)? Could you share or recommend specs?
I had a look at these two machines, but atleast the second one is quite above my budget:
Supermicro SYS-5018D-FN8T
Supermicro Mini-ITX SYS-E302-9DIs there a more suitable supermicro barebone/rack device for my usecase?
Thanks a lot in advance,
Jan -
Hi @b0xch - pfSense should be able to handle 10Gbit/s comfortably with the right hardware, but for 25Gbits/s (and higher), I would recommend checking out TNSR instead.
I actually have been using the Supermicro 5018D-F8NT system for about 4.5 years with a symmetric gigabit fiber connection and the machine can handle that easily. In terms of 10Gbit/s performance, check out this thread from a couple years ago (though recently updated) where I did some throughput testing with the box:
https://forum.netgate.com/topic/132394/10gbit-performance-testing/
With larger (1500 byte) packets you might get close to 10Gbit/s of throughput, but with a more generic IMIX workload you'll need something faster. For achieving 10Gbit/s performance I'd probably look for a multi-core CPU in the 3 - 4GHz range, maybe a fast Intel i series or Xeon custom build? I'm also intrigued by this AMD EPYC based offering from Supermicro (same form factor as the 5018D-F8NT) - I'd expect it would get you closer to 10Gbit/s but I unfortunately have not seen any pps (packets per second) numbers yet.
Hope this helps.
-
@b0xch oh my, where do you live?
-
Would a home user ever need/use 25Gbps?
-
I would certainly use 25Gbps every time I talked to my friends.
It should be treated like a hobby, need is not considered. -
@andyrh said in Hardware for 10-25 Gbit/s WAN/NAT:
I would certainly use 25Gbps every time I talked to my friends.
It should be treated like a hobby, need is not considered.So you’d be willing to spend loads of money on hardware you’d never fully utilise for bragging rights;)
-
@nogbadthebad do you always go the cheapest restaurant for dinner? do you always buy the cheapest car? if you've never done extra in your life just to brag you are truly a saint.
-
@netnerdy OK so price up a router that will do 25Gbps and then decide if you want lobster or just have a sandwich as you aren’t very hungry.
A home user will never fully saturate a 25Gbps circuit.
-
@nogbadthebad says the person who is not bragging about their network equipment in their forum signature.
-
@nogbadthebad said in Hardware for 10-25 Gbit/s WAN/NAT:
A home user will never fully saturate a 25Gbps circuit.
Sounds like a home user that needs to try harder.
All you need is 25 computers running speed test at the same time... A YouTube video idea was just born.