Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hardware recommandation for 1GbE over PPPoE

    Scheduled Pinned Locked Moved Hardware
    3 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abpostelnicu
      last edited by

      Hello guys,

      I'm new to pfSense so bare with me. I want to give up my router that's been provided to my by my ISP and use it only in bridge mode as a media convertor and the connection will be done via PPPoE. Since i wanna to install pfSense i wanna ask your advise on what hardware should i buy for this project.

      1. I would prefer a low power server but i'm not discouraged by acoustic since it will stay in a rack
      2. It will have around 20 clients, like, a web and mail server, nas, and a time machine, all of the installed on dedicated servers
      3. I will also install on the pfsense a vpn server OpenVPN or IPSec, i haven't decided just yet, but i think i'll go with IPSec since it has support for AES-NI that basically offloads the cpu.
      4. Would also like to have a FreeRadius server that would provide authentication for my APs, maximum 2.

      My first option was this combo:

      • MB - A1SRi-2758F

      • Case - SC504-203B

      • 8GB of ram memory, but it would be probably overkill

      • 2 SSDs in RAID 1 for redundancy

      My main concern comes at point 1, the motherboard that has an Atom 2758F cpu with 8 cores, but as far as i understand pfSense does the PPPoE encapsulation on a singe thread and i'm not sure i will be able to achieve the current speeds UP/DW 950Mbps.

      What's your advise?

      Thank you

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        1. I would prefer a low power server but i'm not discouraged by acoustic since it will stay in a rack

        Low power or nearly real 1 GBit/s over PPPoE!?

        2. It will have around 20 clients, like, a web and mail server, nas, and a time machine, all of the installed on dedicated servers

        There fore it might be a really powerful hardware, you can drive with ease Snort, Squid & SquidGuard, pfBlockerNG and
        tinyDNS and/or apinger with that hwardware without any kind of problems.

        3. I will also install on the pfsense a vpn server OpenVPN or IPSec, i haven't decided just yet, but i think i'll go with IPSec since
        it has support for AES-NI that basically offloads the cpu.

        IPsec would be also my favourite and if at someday the OpenVPN 2,4 is out and/or PPPoE is not any more single threaded
        I would try out OpenVPN.

        4. Would also like to have a FreeRadius server that would provide authentication for my APs, maximum 2.

        OpenLDAP for wired clients
        Free Radius Server for wireless (internal or private) clients
        Captive Portal with vouchers for wireless clients guest network
        It is all able to realize with pfSense likes you want it!

        My first option was this combo:
        1.MB - A1SRi-2758F
        2.Case - SC504-203B
        3.8GB of ram memory, but it would be probably overkill
        4.2 SSDs in RAID 1 for redundancy

        Will be for sure a nice set up, but not really hitting the whished 1 GBit/s at the WAN port! Perhaps you will be getting
        something out between 750 - 850 MBit/s. Please read that thread here about the Supermicro C2758 board

        My main concern comes at point 1,

        This can also be done with a smaller Xeon D-15x8 board for only some coins more then the C2758 but then with the
        guarantee to get nearly 1 GBit/s at the WAN port, AES-NI too and perhaps DPDK (enabled software) later if it will be
        finding its way inside of the pfSense code!!! It can be nearly increasing the 3x speed of TCP/IP packet forwarding then
        without and might be a really changer or deal breaker, but it comes without Intel QuickAssist.

        the motherboard that has an Atom 2758F cpu with 8 cores, but as far as i understand pfSense does the PPPoE encapsulation on a singe thread and i'm not sure i will be able to achieve the current speeds UP/DW 950Mbps.
        But the Xeon D-15x8 will do it! And it can be also silent build too!

        1 Reply Last reply Reply Quote 0
        • V
          VAMike
          last edited by

          @abpostelnicu:

          My main concern comes at point 1, the motherboard that has an Atom 2758F cpu with 8 cores, but as far as i understand pfSense does the PPPoE encapsulation on a singe thread and i'm not sure i will be able to achieve the current speeds UP/DW 950Mbps.

          2758 is the wrong platform, it has many slow cores and you need single thread performance. I'd personally look at something along the lines of an i3-6100; that is, >3.5GHz, core count doesn't really matter much. That platform should manage >500Mbps OpenVPN, but I haven't tested one to see what the exact limit is (maybe 700-800?). If money is no object you can jump into the i7 or e3 ranges, just remember that clock rate is more important for this application than core count is. If you do go to a 4 core i7/e3 you may improve ipsec performance but it won't make much difference for openvpn unless you run multiple openvpn server instances. You could look at the d series, but you'll be paying for a 10Gbps interface you're not using, they're not clocked particularly high, you won't get the crypto improvements from the skylake architecture, and will probably spend more in the end than an i or e series for no benefit in your use case.

          1 Reply Last reply Reply Quote 0
          • R riahc8 referenced this topic on
          • keyserK keyser referenced this topic on
          • R riahc8 referenced this topic on
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.