Parts for building router for Gbit speeds
-
No, i dont use PPPoE.
If so your WAN connection will be cpu single threaded and mostly slower, but if not you may be happy
with that Jetway NF9HG-2930 Board. It pulls for a forum user here, from HongKong nearly 1 GBit/s
at the WAN interface. -
I have seen talk on the DSLReports forum that to get gigabit speed one needs a four-core CPU having 3.5GHz. Of course its under debate there, and I have not had time to verify whether its true or not. One has added that for the motherboard, additional requirement is either onboard Intel dual-port, or dual-port Intel NIC on a x4 PCIe slot. Again I have not verified this, but you may want to look into it.
That's simply ridiculous.
-
If your're in the US newegg has a sale going right now on a HP server for $179 that would fit your needs perfectly. It's not a low power solution like some of the embedded options but it's complete and all you'd have to do is install pfsense and configure it. Better hurry though it's only on sale for 2 days.
-
But back to the subject. Is 16GB realy required for those speeds? Or are the number of PCs that increases the amount of memory?
No, 16GB is not required. 4GB will be way more than enough, even if you have a lot of client PCs (and by a lot, I mean hundreds). 2 Intel server class NICs are all you need for a simple single LAN single WAN firewall. That's one physical card with 2 ports or 2 ports on the motherboard, whatever. CPU should be multiple cores, as fast as you can get them, but no need to go overboard. I'd wager even the most meager Skylake Pentium will do for just NAT and firewall rules. More CPU horsepower comes into play with things like packet inspection and VPN.
4GB is nice. 16GB feels overkill.
That will be expensive cards if i would use dual port NICs that can handle those speeds. Most of the cards that i can buy are only in PCI-E 1x version 1, and that will bottleneck. Those card with 4x are way of my budget. So i would go for two single port cards, if the build wont have 2 NICs from Intel.@BlueKobold:
No, i dont use PPPoE.
If so your WAN connection will be cpu single threaded and mostly slower, but if not you may be happy
with that Jetway NF9HG-2930 Board. It pulls for a forum user here, from HongKong nearly 1 GBit/s
at the WAN interface.Nearly 1Gbit isnt quite good enough. Well, it depends on what nearly is in real world. My goal is rock solid 1Gbit up and down. I understand that some overhead can make this impossible. But i belive that if i use the right parts i would hit the sweatspot of a total 2Gbit throughput on wan - lan. I mean, it is possible to do 10Gbit on copper and i seen networks that works in 40Gbit…
I have seen talk on the DSLReports forum that to get gigabit speed one needs a four-core CPU having 3.5GHz. Of course its under debate there, and I have not had time to verify whether its true or not. One has added that for the motherboard, additional requirement is either onboard Intel dual-port, or dual-port Intel NIC on a x4 PCIe slot. Again I have not verified this, but you may want to look into it.
That's simply ridiculous.
Elaborate please.
If your're in the US newegg has a sale going right now on a HP server for $179 that would fit your needs perfectly. It's not a low power solution like some of the embedded options but it's complete and all you'd have to do is install pfsense and configure it. Better hurry though it's only on sale for 2 days.
Thats cheap. But no. I live in Sweden so newegg is a no go.
-
I have seen talk on the DSLReports forum that to get gigabit speed one needs a four-core CPU having 3.5GHz. Of course its under debate there, and I have not had time to verify whether its true or not. One has added that for the motherboard, additional requirement is either onboard Intel dual-port, or dual-port Intel NIC on a x4 PCIe slot. Again I have not verified this, but you may want to look into it.
That's simply ridiculous.
Elaborate please.
I don't care if someone said it on DSLReports, that's wildly excessive for routing a single gigabit–which isn't very much bandwidth these days. You also don't need a particularly fancy NIC, again, this isn't a hard requirement to meet in 2016.
The bigger issue is that if you actually are trying to sustain 1Gbps transfer rate that's almost impossible on a 1Gbps ethernet because you'll have a certain level of inefficiency when the medium saturates. If 900Mbps plus or minus isn't good enough then you need either a channel bonding solution or 10Gbps. You can also get a couple more percent utilization with jumbo frames, but that's not particularly useful for internet traffic.
-
I live in Sweden so newegg is a no go.
Then Tradera or ebay is your best bet. A dual port server NIC can usually be found for 200-300SEK.
-
Dual port Intel chipset NICs can be had for $20 or $30 USD used. I use an HP NC360T (dual 1Gbps Intel, PCIe x4) and it works perfectly.
-
The bigger issue is that if you actually are trying to sustain 1Gbps transfer rate that's almost impossible on a 1Gbps ethernet because you'll have a certain level of inefficiency when the medium saturates. If 900Mbps plus or minus isn't good enough then you need either a channel bonding solution or 10Gbps. You can also get a couple more percent utilization with jumbo frames, but that's not particularly useful for internet traffic.
I agree, but if the ISP is handing off the connection with a single 1Gbps ethernet port it doesn't matter what OP uses above and beyond that; the ISP port would be the bottleneck if link aggregation or a 10Gbps NIC is used.
I'd just try and match whatever the ISP is handing off to you with a quality NIC of the same speed.
-
Nearly 1Gbit isnt quite good enough. Well, it depends on what nearly is in real world.
936 MBit/s + TCP/IP overhead + time to proceed pf (firewall rules) is nearly 1 GBit/s
-
If you're just looking for a router then this may be a fun read:
http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/
If not, still a fun read.
-
Sorry for late answer.
I have seen talk on the DSLReports forum that to get gigabit speed one needs a four-core CPU having 3.5GHz. Of course its under debate there, and I have not had time to verify whether its true or not. One has added that for the motherboard, additional requirement is either onboard Intel dual-port, or dual-port Intel NIC on a x4 PCIe slot. Again I have not verified this, but you may want to look into it.
That's simply ridiculous.
Elaborate please.
I don't care if someone said it on DSLReports, that's wildly excessive for routing a single gigabit–which isn't very much bandwidth these days. You also don't need a particularly fancy NIC, again, this isn't a hard requirement to meet in 2016.
The bigger issue is that if you actually are trying to sustain 1Gbps transfer rate that's almost impossible on a 1Gbps ethernet because you'll have a certain level of inefficiency when the medium saturates. If 900Mbps plus or minus isn't good enough then you need either a channel bonding solution or 10Gbps. You can also get a couple more percent utilization with jumbo frames, but that's not particularly useful for internet traffic.
Many routers i could by will stop beetwen 750 and 900Mbps and that is not good in my Eyes. If it needs 10Gbit card to avoid as much overhead and other things as possible thats hit the performance, i could think of buying those. But it also depends on how much CPU perfomance i need. And still, this is not settled.
I live in Sweden so newegg is a no go.
Then Tradera or ebay is your best bet. A dual port server NIC can usually be found for 200-300SEK.
Checking in there time to time and hasnt find a great deal yet. But it could happen.
Dual port Intel chipset NICs can be had for $20 or $30 USD used. I use an HP NC360T (dual 1Gbps Intel, PCIe x4) and it works perfectly.
If i find one that are cheap i would do it. But i need te settle my hardware first so i dont buy something thats bottlenecks.
The bigger issue is that if you actually are trying to sustain 1Gbps transfer rate that's almost impossible on a 1Gbps ethernet because you'll have a certain level of inefficiency when the medium saturates. If 900Mbps plus or minus isn't good enough then you need either a channel bonding solution or 10Gbps. You can also get a couple more percent utilization with jumbo frames, but that's not particularly useful for internet traffic.
I agree, but if the ISP is handing off the connection with a single 1Gbps ethernet port it doesn't matter what OP uses above and beyond that; the ISP port would be the bottleneck if link aggregation or a 10Gbps NIC is used.
I'd just try and match whatever the ISP is handing off to you with a quality NIC of the same speed.
You mean that the ISP could bottleneck? Is it so that the mediaconverter it self could lower the speeds?
@BlueKobold:
Nearly 1Gbit isnt quite good enough. Well, it depends on what nearly is in real world.
936 MBit/s + TCP/IP overhead + time to proceed pf (firewall rules) is nearly 1 GBit/s
I could live with 950Mbps both ways, but i whas hoping to achive and get as close to 1Gbit as possible.
If you're just looking for a router then this may be a fun read:
http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/
If not, still a fun read.
I read this. But i still want to build my router :)
-
Many routers i could by will stop beetwen 750 and 900Mbps and that is not good in my Eyes.
Then you should be buying a router that is really capable to handle nearly 1 GBit/s.
- Intel Xeon E3 v3 (dual or quad core pending on the installed packets and running services)
- Intel Core i3, i5 or i7 (dual or quad core pending on the installed packets and running services)
- Intel Celeron G3260 (if it can handle all the installed packets it might be also running well for you)
If it needs 10Gbit card to avoid as much overhead and other things as possible thats hit the performance, i could think of buying those. But it also depends on how much CPU performance i need. And still, this is not settled.
XG-1541 or Supermicro Intel Xeon D-15x1 series will be coming with 1 GBit/s and 10 GbE Port
by default.I could live with 950Mbps both ways, but i was hoping to archive and get as close to 1Gbit as possible.
Don´t get me wrong please, but you will archive at a 1 GBit/s LAN port really 1 GBit/s + TCP/IP
overhead and time for working out the pf (packet filter)? How should this work? Then perhaps
you will buy a 10 GBit/s card for getting your straight 1 GBit/s? Perhaps you spend the money
for a nice appliance and all is right for you! -
You mean that the ISP could bottleneck? Is it so that the mediaconverter it self could lower the speeds?
It just depends on the media they hand off to you. All I'm saying is that if they give you a 1Gbps copper port, a 10Gbps port on your router won't make your connection any faster since it will only negotiate at 1Gbps.
-
So, i finaly started purchase parts.
Core i3 6320
ASRock C236WS I
8GB Corsair Vengance LPX 2133MHz CL13
120GB Samsung 750 EVOI will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
I will return and share the results i will have form this router.
-
Sooo, how did the i3 work out?
-
I will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
You only need ~2,000 passmark for gigabit speeds, the Core i3 is about 2x - 3x faster than necessary.
-
Sooo, how did the i3 work out?
Sorry for late answer. The build started with a bad motherboard that burned the memory and CPU. But the warranty checked so i got new parts quite fast. The i3 is holding up quite well. I dont have pick to share, But i get around 980Mpbs down and around 975Mbps up. Total WAN to LAN throughput landing on around 1890Mbps, and that speed om not happy with. But I think it only needs some more tuning. But one thing dont work well. I have turned of HT on it. When several units whas online the CPU used HT threads and not the physical cores and that draged the throughput down alot.
I will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
You only need ~2,000 passmark for gigabit speeds, the Core i3 is about 2x - 3x faster than necessary.
But still i cant use the whole CPU. With HT on i get really bad performance.
-
Sooo, how did the i3 work out?
Sorry for late answer. The build started with a bad motherboard that burned the memory and CPU. But the warranty checked so i got new parts quite fast. The i3 is holding up quite well. I dont have pick to share, But i get around 980Mpbs down and around 975Mbps up. Total WAN to LAN throughput landing on around 1890Mbps, and that speed om not happy with. But I think it only needs some more tuning. But one thing dont work well. I have turned of HT on it. When several units whas online the CPU used HT threads and not the physical cores and that draged the throughput down alot.
I will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
You only need ~2,000 passmark for gigabit speeds, the Core i3 is about 2x - 3x faster than necessary.
But still i cant use the whole CPU. With HT on i get really bad performance.
Im using also an i3(7320) with HT on, and i dont notice any perfomance issue, as far as i know.
2 cores along with 2 threads doing ok.What services have you running in your pfsense box?
-
Sooo, how did the i3 work out?
Sorry for late answer. The build started with a bad motherboard that burned the memory and CPU. But the warranty checked so i got new parts quite fast. The i3 is holding up quite well. I dont have pick to share, But i get around 980Mpbs down and around 975Mbps up. Total WAN to LAN throughput landing on around 1890Mbps, and that speed om not happy with. But I think it only needs some more tuning. But one thing dont work well. I have turned of HT on it. When several units whas online the CPU used HT threads and not the physical cores and that draged the throughput down alot.
I will start with this Core i3 and see if it can handle the spreds. If not i go for a i5 or a Xeon.
You only need ~2,000 passmark for gigabit speeds, the Core i3 is about 2x - 3x faster than necessary.
But still i cant use the whole CPU. With HT on i get really bad performance.
Im using also an i3(7320) with HT on, and i dont notice any perfomance issue, as far as i know.
2 cores along with 2 threads doing ok.What services have you running in your pfsense box?
Now this i should have answered earlier on. But work had the best of me.
The problems with the HT on the CPU whas all BIOS. I did revert to an older BIOS, and then uppdate it again.
The short answer is none. I use stock pfsense thats configured as a router. Only NAT and SPI are a bit changed in rules.
But i will do some tests on my machine quite soon. My dads business is in dire need for a better network security solution. And we are about to test both Firewall and VPN performance with my machine. If it is up to the task, i am going to build one for his company. With that in mind, i will be much much more in this forum very very soon! -
i5 @3.2ghz+ (the skylake non-k) cpus can be overclocked
16gb ddr4
120gb ssd
It is common on here that when someone asks for hardware recommendations for gigabit WAN to recommend they buy a router that is much faster than the average desktop computer.
The hardware recommendations are generally about the same whether the user wants to use a lot of packages & VPN or just the very basic features of pfSense (like you).
It might be true, but I doubt it because it just doesn't make sense.
I suspect that the reason for this is because like you stated most people don't report back with their actual performance once they buy hardware. Until that starts happening people will keep recommending heavy duty CPUs to NAT gigabit WAN, even for home use, even for no packages.
There is sense in why this happens though, if someone gets recommended underpowered hardware and it doesn't work out they are liable to lose their minds because they wasted money and it didn't do what they wanted.
If someone gets recommended to buy a little supercomputer to NAT gigabit WAN, buys it and surprise surprise it works. They still wasted their money, but at least it worked.I suspect that this can be done with a modern passively cooled celeron, but I'm also not in the IT or networking profession so you can take my opinions with a grain of salt.
Thank you for reporting back with your findings! It is very helpful for future users to know that:
-
Celeron XYZ works for full gigabit w/ NAT only & light firewalling @ x% CPU
-
Celeron XYZ maxes out at XXXMbps w/ NAT only & light firewalling
-
Xeon XYZ works for full gigabit w/ NAT only and light firewalling @ x% CPU
-
Xeon XYZ works for full gigabit w/ NAT only and light firewalling @ x% CPU
-
i5-XXXX works for full gigabit w/ X packages and Y firewalling @ x% CPU
-
etc.
Basically all the feedback you can give on the forums will be invaluable, not many people have gigabit WAN to test hardware out on!
The i3[-6320 @ 2x3.90GHz w/ HT disabled] is holding up quite well… ...i get around 980Mpbs down and around 975Mbps up. Total WAN to LAN throughput landing on around 1890Mbps... ...But one thing doesn't work well. I have turned of HT on it. When several units were online the CPU used HT threads and not the physical cores and that dragged the throughput down a lot.
But still i cant use the whole CPU. With HT on i get really bad performance
This is great feedback, thank you! Can you share what kind of system usage you're getting when the system is under load on WAN, LAN, WAN & LAN?
How many clients is this supporting?
It's valuable to know that you were getting gigabit with only 2 cores.The more detailed info you can share the better! ;D
-
