New Build Hardware Advice
-
I want to thank you both pfBasic and and whosmatt for all the help and advice.
i think i really only have one more question for right now. i know you were asking about my wan speed, but i didnt want a misunderstanding. with the setup (ASRock J3355M), am i also going to be able to pull off at least somewhat close to gigabit just on the lan too (basically for nas and possible future plex server)?
-
Yes, you can do gigabit on your LAN so long as you have a good (read: intel) gigabit NIC, on both ends. There are exceptions to this, if for example you are doing IDS/IPS packet inspections on your internal interfaces then that could slow things down, but in general you should not have any issues hitting gigabit on LAN with just about any CPU so long as your NICs are good.
EDIT: This could also be slowed down if you are passing your traffic through a crappy switch (i.e., your NAS has solid gigabit NIC, pfSense ahs solid gigabit NIC, but you connecting via a crappy switch that slows things down, or you are running a really long line of CAT5, running it over/near powerful electrical lines, etc.).
In short, there are a multitude of ways that your connection could be degraded, but the J3355 won't slow you down on LAN.Note that full gigabit does not = 1000Mbps, but very close
@jwt:
942 gbps IS full gigabit. Ethernet overhead is 7 bytes preamble + 1 byte Start of frame delimiter + 6 bytes MAC destination + 6 bytes MAC source + 2 bytes ethertype + 4 bytes frame check sequence (CRC) + 12 bytes Inter packet gap (time with nothing on the wire).
7 + 1 + 6 + 6 + 2 + 4 + 12 = 38 bytes
With a 1500 byte payload this is 1538 bytes sent for 1500 bytes of payload.
IPv4 headers are 20 bytes (no IP options).
TCP headers are 20 bytes (no TCP options).So you really send 1460 bytes of payload for 1538 bytes on the wire.
1460/1538 = 0.9493
So perfection is 949.3Mbps.
A single 802.1q vlan header is another 4 bytes of overhead.
Now you're sending 1542 bytes for 1460 bytes of payload.
1460/1542 = 0.9468, or 946.8 Mbps.
-
Awesome.
And yet another question, … lol.
are there any other quad nic's you would suggest. the I340-T4's are still looking pretty pricey right now on ebay. im keeping my eye out, but is there any others i can be looking at too?
-
You can get quad port PRO/1000's, but they are power hogs. That NIC can consume more power than a J3455 by itself.
So it depends on how much more expensive i340's are than PRO/1000's right now, how much electricity costs in your area, and how long you expect to have this in service.
If electricity is negligible and i340's are way more expensive right now then go for the PRO/1000 (so long as you don't need any virtualization features).I would personally buy a chinese knockoff i340 off of eBay before I got a quad PRO/1000, plenty of people use them without any noticeable difference to the official product (which is also made in china). You might get some nutcase in a tin foil hat claiming that knockoffs have government backdoors in them ::). You can ignore any of that crap, no one important puts knockoff NIC's in their system and China doesn't care about all of our cat pictures.
Incidentally, if you are in the US I see this for sale right now $35 shipped. You won't find them much cheaper than that.
http://www.ebay.com/itm/IBM-49Y4242-E81600-006-I340-T4-4-Port-Gigabit-PCI-E-Server-Network-Adapter-Card-/361940630659?hash=item544557bc83:g:VSQAAOSwc-tY3XdWNOTE: that NIC has a standard bracket, if you need low profile either order one seperately or just remove the one it ships with, cut and bend it to fit and reinstall.
-
So after some consideration, i finally was about to order parts.
however, the Asrock J3355M Micro ATX cpu/motherboard i was going to get looks to now be out of stock basically everywhere, and i kind of dont want to wait 1-2 months, according to amazon. I know i can always get the J3355B, but i sort of like the possibility of the extra pcie slots in the micro atx board, for possibly another nic or if i down the line upgrade use the parts for something else. so i started looking and see there is the Asrock D1800M
https://www.newegg.com/Product/Product.aspx?Item=N82E16813157514
everything looks about the same, just the processor has a higher base frequency but it seems to be an older chip compared to the J3355.
everything is basically the same price, so should i go with the D1800M, or go with the J3355B?
Thanks.
-
J1800 has no AES-NI, normally not a big deal for you since you aren't asking much in the way of VPN performance, but it could be an issue since you also want to use an IDS/IPS, and it's an older (slower) architecture. All of those things combined may frustrate you.
I'd go up instead of down. You can get a J3455M shipped now (or soon with the ASRock) for just a little more. The ASUS one is even more but it's same day shipping if you're a prime member.
https://www.amazon.com/ASRock-Motherboard-CPU-Combo-J3455M/dp/B01MPXJLDU
https://www.amazon.com/Celeron-Quad-Core-fanless-MicroATX-Motherboard/dp/B01LYCDG4H
-
I almost forgot about the quad core J3455M. i know you said early on that my stuff would be better with a dual core, higher core speed. but would going with the quad core really be a noticeable decrease in performance? if so, i can probably live with the J3355B, if not i probably will go for the quad core.
-
The higher clock speed will give you a noticeable improvement in an single OpenVPN instance. That said it sounds like you aren't looking to use the VPN heavily. You can also create multiple VPN clients (up to one per core is useful) and combine them in a gateway group. Not all kinds of traffic will be able to take advantage of this configuration, but you will see real world performance improvements.
The J3455 will also perform better for you on an IDS if you switch from snort to suricata which supports multithreading. IDS/IPS is going to be your major CPU hog in this application especially if you load it up with rules.
If your only concern is PCIe expansion, the J3355B might still be an option. You can use a passive riser card that goes from an x16 slot to two x4+ slots and add up to 8 gigabit ethernet ports (2xquad port NICs) on the J3355B's one slot if you really wanted to. This will create some weird issues with fitting it into a case neatly but technically speaking it will work just fine.
-
So i decided to go with the J3355B. obviously i switched up the ram to fit the board. but i just ordered all of my parts!
Thank you pfBasic for all the advice and answering all the numerous questions, it was very helpful!
I can now officially start my my Pfsense journey on real hardware!
Thanks again.
-
Congratulations! Please let us know how it all works out for you and feel free to ask any questions you may have setting it all up.