Hardware check: PPPoE gigabit
-
Yet another hardware head-check… I do this because all the other posts I've seen have ranged from 'oh yea, that Atom CPU will work' to 'you need a M-F'n Xeon'.
I have CenturyLink gigabit (using VLAN-tagged PPPoE to connect... I know, right?) and because this is only single-threaded, I gather I need a non-SoC system. I plan on using Squid, QoS (mainly for buffer-bloat defeat), VPN, streaming from my LAN to WAN-sided devices, and plenty of firewall rules.
CPU: http://www.newegg.com/Product/Product.aspx?Item=N82E16819117621 (skylake core i3)
Mobo: http://www.newegg.com/Product/Product.aspx?Item=N82E16813132820 (Intel C232 miniITX)
RAM: 2X http://www.newegg.com/Product/Product.aspx?Item=N82E16820242165 (16GB ECC DDR4)
HDD: 240GB SATA SSD (run-o-the-mill)
NIC (additional): https://www.amazon.com/gp/product/B000P0NX3G/ (Intel 82571EB-based quad-port for use of the older em driver)I'm hoping that down the line, when they start becoming less mythical and more affordable I can upgrade the CPU to a V5 Xeon. Surely this setup would be able to handle sym. gigabit? It's a little frustrating because the psSense store has that fanless box that claims 'gigabit' but I know that doesn't cover the PPPoE case.
[Update] - forgot to mention, this will also handle a secondary WAN (DHCP) for either backup or aggregation.
-
Yet another hardware head-check… I do this because all the other posts I've seen have ranged from 'oh yea, that Atom CPU will work' to 'you need a M-F'n Xeon'.
An Intel Xeon E3 is more power saving likes the Intel Core i3 or i5 desktop models and can very often
got cheap hands on for some coin. They also supporting ECC RAM and that indicates a more stable
24/7 run time. For sure your system will have a real chance to do what you need and want but if I
own a mainboard with a PCIe 3.0 slot I would more having an looking eye on a NIC that comes as a
minimum together with PCIe 2.0 x4 or x8 and not a PCIe 1.0a x4 for four lan ports! Please think about. -
The core i3 also supports ECC (note that is in the hardware list), and the xeon processor type that this board supports is still very new and the low power models aren't readily available (unfortunately).
I can't do a modern nic card because anything that would utilize more lanes would be a newer chipset, thus using the igp driver as opposed to the older em driver. The older em driver is preferred in this case because of the PPPoE WAN type that is in use.
-
I like it. Why is em preferred over igb for PPPoE? Just curious.
-
PPPoE WAN with high speeds + pfSense == single driver queue (with igp driver):
https://redmine.pfsense.org/issues/4821Not likely to get 'fixed' anytime soon, so I'm prepping to deal with it for the long haul with older NICs that use the em driver (doesn't seem to be affected by this limitation).
-
Any updates? Did you proceed with this build? Here's my pfSense hardware. I built this before I got CenturyLink's (CL) Gigabit. Now I'm on CL and looking to remove the provided Modem/Router.
CPU/MOBO/NIC: http://www.supermicro.com/products/system/Mini-ITX/SYS-E200-9B.cfm
RAM: 8GB DDR3
HDD: 64GB SSD
HP Managed Switch: HP 1810-24G, PL.2.04
Ran test on W10, NUC 5th Gen, i3, 16GB RAM
Test results: Ping (Lowest): 2.98 ms | Download (Max): 468.13 Mbps | Upload (Max): 407.21 MbpsProvided CL hardware, ZyXEL C1100Z -> connected to PAN-200
HP Managed Switch: HP 1810-24G, PL.2.04
Ran test on W10, NUC 5th Gen, i3, 16GB RAM
Test results: Ping (Lowest): 2.00 ms | Download (Max): 932.87 Mbps | Upload (Max): 670.65 MbpsHP Managed Switch > vlan.201 = CL drop
HP Managed Switch > vlan.201 = PAN-200
PAN cannot authenticate Layer3 PPPoEI'm moving forward with pfSense, due to VLAN-tagged PPPoE capabilities. Just need to find the right hardware.
-
I'll chime in here:
I've got CL fiber here near West Seattle. Have the latest pfsense running on a SG-8860 (RCC-VE 8860). With the pf box behind the CL 2100t modem/router, I can saturate the full gigabit. If I eliminate the 2100t and do PPPoE over vlan201 directly from the pf box, I get at best 600/600. Since FreeBSD does PPPoE single threaded, I think clock speed is the limiting factor.
Right now, I'm running the 2100t with my pf box in the dmz so I can get full speed and still have pf features/control.
-
FWIW I asked this question previously and didnt get any replies. I've tried all manner of consumer routers and a bunch of other distros and nothing besides a router with an ASIC for PPPoe offload has worked. I'm currently using a ubiquiti ER5-POE instead of the C2100t, which is a beast of an all in one.
-
I suspect this person getting a good up/down speed, but getting high latency (see link)…
https://kdemaria.wordpress.com/2015/04/22/how-to-configure-pfsense-2-2-2-for-centurylink-gigabit-seattle-edition/
So I'm unsure about deploying pfSense, even on an em NIC driver, and high CPU and RAM resources. Hoping that someone here, have already done it.I'm not sure about OP. End-game for me, is to remove any CL provided device. Deploy my own stateful (at least next-gen FW), as the only routable device. Since my Palo Alto gear (ASIC) doesn't have the VLAN-tagged PPPoE capabilities. I just bought an HP NC364T from ebay. As soon as this arrives, I'll see about testing this on my spare box.
-
Sorry, I've held off on building this as I've seen some other 'issues' with PPPOE reported by some users that would affect my setup (specifically, having a dual WAN setup, one being DHCP)… it almost seems like waiting for a 3.x pfSense makes more sense for CL gigabit :/
-
many of us are wating for an update on this :(
performance is damn low. i have fiber link gigabit and i barely get 500 on pppoe -
No change on the latest version of pfSense, version 2.3.2. I proceeded with a brand new Juniper SRX300 for $200. Got my vlan tagged PPPoE working, on a same speed as CenturyLink provided modem.
-
Bug has been open 1 year ago. Not much progress on this by now. Hope in the new major version to get some improvements.
