Xeon build for a 1gbps WAN, ovpn, possibly snort.



  • Hello, I'm doing a bit of a research on what I need to replace my current build (Jetway board with atom d2550, 4gb, some hdd) with. I'm only getting about 550mbps throughput WAN>LAN firewalled-only.  That was achieved with no other packages running outside of what comes with default install, running iperf and ISP speedtest on a 1gbps WAN.

    I currently have one of two concurrent openvpn clients connected to WAN and a couple of clients on LAN with doing some heavy torrenting. Other devices are just phones, tablets and workstations used for surfing the web.  Altogether no more then  15 devices.

    The replacement build should support 1gbps or close of firewalled throughput and decent throughput on openvpn clients.  If there is any power left over, I'd like to run snort, but it's not critical to have.

    I was looking at Supermicro SYS-E300-8D (https://www.supermicro.com/products/system/Mini-ITX/SYS-E300-8D.cfm) as a potential replacement and had a few questions:

    1)  Has anyone had any real world experience with these?

    1. Will these be able to sustain above requirements of 1gbps WAN<>LAN?  What kind of openvpn throughput can I anticipate?

    2. Is this a total overkill for my needs, or is there any benefit to running more cores?  (I didn't think more cores would add any value for pfsense, but figured i'd ask).

    3. If that's an overkill, what would you recommend for above requirements?

    Thanks in advance!



  • I have a similar atom system running 2.4.beta now.

    Have you looked at a used/ebay 'Dell R210ii' ?  <– note this exact quiet model number.
    It will cost a LOT less than the system you mentioned. Both will exceed 1Gbps easily.

    https://www.reddit.com/r/homelab/comments/4be553/dell_poweredge_r210_as_a_pfsense_router/



  • Thanks for your reply!  I was initially going for the pizza box options because of the price and variety, but the lack of a rack and noise level was definitely a concern.  Now it looks like the R210 ii is rather on the quiet side… maybe it's time to revisit the idea and look for a half rack on craigslist...

    Any guess on how much openVPN throughput either of these boxes will handle?



  • @JamesVA:

    Thanks for your reply!  I was initially going for the pizza box options because of the price and variety, but the lack of a rack and noise level was definitely a concern.  Now it looks like the R210 ii is rather on the quiet side… maybe it's time to revisit the idea and look for a half rack on craigslist...

    Any guess on how much openVPN throughput either of these boxes will handle?

    R210 depends on the CPU it is configured with; many lacked AESNI, so I would not expect them to be able to handle openvpn @1gbps. A lot of the really good deals on R210s have no CPU in them at all, so do your homework. An R210ii with an E3 (not pentium or celeron) should be ok, but will have way more power consumption than something newer (if you care)

    Your cheapest option to hit that number with new parts is a kaby lake pentium or low to mid range i3, which you can put in a mini-itx case that's pretty quiet for not too much money. If you want to move up to a server type system for reasons other than performance (e.g., ipmi management, rack mount, etc) then a xeon d or e3 will work but will cost more.



  • Thanks!  Just to confirm, you're saying that these newer CPUs + AESNI are able to achieve 1gbps throughput over openVPN?



  • @JamesVA:

    Thanks!  Just to confirm, you're saying that these newer CPUs + AESNI are able to achieve 1gbps throughput over openVPN?

    I've seen an i3-6100 do multiple gbps in a single stream (with performance tuning that would likely be counterproductive on the open internet). The speeds you end up getting will depend on the network and the openvpn configuration, but the CPU won't be the bottleneck.