Dimensiong a fanless PC for 300Mb/s fiber connection
-
Hello All,
I just upgraded my home connection to a fiber one with 300 Mb/s download stream and 20 Mb/s upload stream and i would like to dimension a fanless PC to install pfsense.
The fiber reaches my flat in the living room, so for me it is mandatory to use a fanless PC with dual Intel NIC.
I would like to run snort and squid with ClamAV and I will use many of pfsense functionalities and/or additional packages.
At home I have several laptops, one NAS and mobile devices, plus some streaming device. I plan to disable checks on streaming devices, however I am worried about the routing workload by the streaming devices, so I would like to properly dimension the appliance.
In the internal network, all devices are connected by a Netgear access point and two Cisco entry level Gb switches.
Which kind of processor should I use, Celeron quad core, Pentium or Core i3,i5,i7?
How much memory? (8GB, 16GB)?
When I count the cores, may I relay on Hyperthreading, is pfsense able to manage it? So can I buy a Core i3/i5 with 2 cores and 4 threads?
I apologize if some question may appear silly to the community, but I am new to pfsense (before I was using a different appliance).
Thanks in advance to anyone willing to help me. -
There's a few options in the pfsense store that fit the bill of what you are looking for.
-
You can use a passively cooled celeron.
For a reference point, I use pfBlockerNG, Suricata (with rules that average ~25k blocks/month), OpenVPN clients & servers (one LAN routes all traffic through the VPN clients on a gateway group) I have probably 10-15 clients on the network including several streaming clients. I have an old eBay special with i5-2400 & 8GB RAM, my system averages <3% usage and maxes out around <15%. You can see my system only spikes above ~5% about 10 times in a week. My line is only 50/5 though.
Depending on your packages you can use a lot of RAM with suricata and pfBlockerNG (especially if you want TLD).
-
I just so happened to upgrade to a 150/10 service today.
I ran a bunch of 4k youtube videos to get it close to load and see what the system was doing.
~28% CPU @ ~130Mbps
Keep in mind this is all traffic being encrypted at AES-256-CBC, so the load is significantly higher than you would see without VPN, or with a more reasonable encryption level (AES-256 is unnecessary in almost all home use cases to include mine).
-
Hello,
many thanks for your reply.
So we can say that a 4 core celeron with 8 GB should be enough.
I just a final question: which size for the HD? (30 GB, 60GB, 120 GB)?
Thanks in advance.
Bye,
GL -
@GL:
I just a final question: which size for the HD? (30 GB, 60GB, 120 GB)?
If you're just doing firewalling (no high-volume logging) then the cheapest one.
-
So we can say that a 4 core celeron with 8 GB should be enough.
Yes for 300/20 it is well suited.
I just a final question: which size for the HD? (30 GB, 60GB, 120 GB)?
30 GB - single firewall perhaps snort
60 GB - firewall, squid, snort, logging
120 GB - firewall, squid as caching proxy, snort logging
Please verify that the mSATA is supporting TRIM before buying.I would try to tune it right with the following options;
- enable TRIM support
- set the mbuf size to 1000000
- enable PowerD (high adaptive)
- set the mbuf queue to max.4 (sometimes it helps sometimes it is failing pending on your Internet connection you must find that out)
-
In line with the fanless / no moving parts theme I would get a cheap SSD.
If you want you can even do a flash drive install on 2.4 BETA but I wouldn't unless you have enough RAM for a RAM disk.
If you want totally fanless check out picoPSU's. You can get an 80W non-WI and 60W AC/DC adapter shipped for ~$40. Great if you are looking for a totally silent box.