New setup - will this setup work
-
I know it's hard to say "yes this will definitely work for your situation", but I'm hoping to get some guidance on a setup I'm putting together. I have thrown together several pfSense boxes using spare PCs but this is is a bigger usage project, so I want to make sure I'm making good choices.
Usage:
We have 100Mb fiber (up and down) coming into the building. We have about 50 - 60 users, and 25-30 of them will have multiple VNC connections, and various other traffic (ftp, HTTP, etc…) at any given time (24x7). The remaining users are primarily HTTP traffic. We have 1 VPN connection which will be active about 1 or 2 times a month, just to remote in and fix something with a server. I also have roughly 15 users that remote in over RDP to work, all at the same time, for approximately 10 hours a dayAt the moment, most of our internal switches are 10/100, but we're slowly updating to gigabit switches
Here is the hardware I'm considering:
CPU: Athlon X4 860k
Memory: 4Gb DDR3 1600
Network: Intel dual port EXPI9402PTBLK
HDD: 80Gb SATA drive that I have laying aroundI do not anticipate that we will be using any packages such as squid. There is a very slight possibility that captive portal may be used in the distant future
Hopefully I have provided enough info. Please let me know if I've missed anything or if you would use some different hardware.
Thank you for your time.
-
if this is the hardware you already own then yes it will do the job.
if you are considering purchasing this hardware to do the job your described then don't.
it's way overkill and terribly inefficient, not to mention will cost you too much money.
Build a system based around a J3355B - it's $55 for the SoC (motherboard + CPU), has a slot for your dual NIC card - however, if the switches you have support VLAN's and you're comfortable using them then you can meet your needs with a single NIC. Up to you.
It is also totally fanless - paired with a cheap SSD & picoPSU you will have a system with no moving parts for very cheap = low power usage, no sound & high reliability.https://www.newegg.com/Product/Product.aspx?Item=N82E16813157726
http://www.mini-box.com/picoPSU-80-60W-power-kit
That's a very low power system that is pfSense 2.5 compatible and will easily exceed your needs.
$135 + case if you don't already have one.
Correction, you already have a HDD so $111 + case.
-
Great! Thanks for the info pfBasic.
I had not purchased anything yet, so I'll go with what you listed and save some money. Thanks a lot for your help
-
No worries man, are you a pilot or is it just a username?
-
I got my private certificate back in 2000, and I haven't been back in the left seat since a few months before 9/11 due to lack of funds.
My goal is to get a flight review done and get current/safe, and then take my daughters up at least once, so they can experience it.
-
nice! Be careful with those girls, Fly safe!
-
Hi again pfBasic.
I'm still working to get this proposal worked up between other projects. I came back to look at your notes and noticed that I failed to mention we have all VoIP phone lines. This is for a call center, so very hi voip traffic.
Would this change your suggestion for hardware at all?
-
It should not be a problem at 100Mbps but VoIP traffic tends to be large numbers of small packets which will reduce the total throughput available. The PPS throughput becomes more important that Mbps at that point.
Is this something you are already running? Can you you take any measurements from existing traffic?
Steve
-
Hi Steve,
These devices/applications are already running on our network, using a cisco rv082. We will be replacing that with the pfSense box. I've kind of been thrown into this, so I'm sorry to say that don't know how to take measurements.
If you have a suggestion on how to get the information you asked about, I would happily do it. I will also try my luck on google.
Thanks for your help
-
That Cisco box should have some logging or traffic history you can get from it. Determining the peak throughput in Mbps or PPS would be very helpful here.
However, as I say, at 100Mbps I would not anticipate any issue.
Steve
-
I'll have a look, but this is more of a consumer grade device, but it's marketed to businesses.
At any rate, I'll move forward with the pfSense build as is.
Thanks again to both you and pfBasic for your help.
-
for VoIP, I would strongly recommend you read the linked thread in its entirety, then ask whatever questions you may have either here or in the traffic shaping forum. - playing with fq_codel in 2.4
In short, VoIP traffic suffers badly from high latency as I'm sure you know.
pfSense just implemented (as a result on upstream FreeBSD developments) fq_codel.
Why do you care? Because fq_codel is very easy to implement over your entire network, it does not require much tuning (usually none at all) and it will do an exceptional job of giving traffic such as VoIP very low latency connections even when your WAN is maxed out.
It's currently a CLI-only implementation, but very easy to do (done in <5 minutes).
-
Hi belt9,
I'm sorry for the delayed response. I read through that thread, and played a little with traffic shaping on my pfSense box at home (still running 2.3.4 on that one, so I messed around with the GUI traffic shaping).
It seems to be going pretty well. There weren't really any issues to begin with, so I can't say the connection is better in anything I've observed in my normal daily activities.
I did check out a speed test over at dslreports.com which shows a "bufferbloat" indicator. While I can't personally tell a difference in our every day internet activities, the bufferebloat is way less when the traffic shaping is enabled.
I did some reading and I kind of understand what it is and how it works, what it tells me is happening on the network end. I still have a lot of reading to do though.
This box is built and almost fully configured to replace the existing router. While the higher ups are deciding on a cut over date, I am learning all I can about traffic shaping so we can hit the ground running with the best configuration I can implement.
-
if this is the hardware you already own then yes it will do the job.
if you are considering purchasing this hardware to do the job your described then don't.
it's way overkill and terribly inefficient, not to mention will cost you too much money.
Build a system based around a J3355B - it's $55 for the SoC (motherboard + CPU), has a slot for your dual NIC card - however, if the switches you have support VLAN's and you're comfortable using them then you can meet your needs with a single NIC. Up to you.
It is also totally fanless - paired with a cheap SSD & picoPSU you will have a system with no moving parts for very cheap = low power usage, no sound & high reliability.https://www.newegg.com/Product/Product.aspx?Item=N82E16813157726
http://www.mini-box.com/picoPSU-80-60W-power-kit
That's a very low power system that is pfSense 2.5 compatible and will easily exceed your needs.
$135 + case if you don't already have one.
Correction, you already have a HDD so $111 + case.Great built info; however, what's enclosure recommendation and cost? I might recommend to a friend who would ask such a question…the cheapest I have seen so far is for macro ATX tower for $34/eBay...maybe too big though.
-
Depends on what you're needing as far as size.
https://www.newegg.com/Product/Product.aspx?Item=N82E16811147123
This microATX tower is pretty small. 13.78 inches tall (top to bottom), 6.89 inches wide (left to right), and 13.86 inches deep (front to back). This is as if you were looking at the front of the case.
-
Depends on what you're needing as far as size.
https://www.newegg.com/Product/Product.aspx?Item=N82E16811147123
This microATX tower is pretty small. 13.78 inches tall (top to bottom), 6.89 inches wide (left to right), and 13.86 inches deep (front to back). This is as if you were looking at the front of the case.
Cool…awesome, that's the one I was looking at on eBay for $34...thanks for the link.
-
No problem buddy. As pfBasic mentioned, the parts he listed can be run silent, I took that to mean fanless. This case comes with fans, but you likely won't need them unless it will be sitting in a hot closet or something.
You would also be good to go with the pico power supply he listed as well, the drawback is, there's a gaping hole in the back of the case, which was meant for a bigger power supply unit.
For a little bit more money, you can get one of these: http://www.mini-box.com/M350-universal-mini-itx-enclosure
This will fit the system board listed, and can be bundled with the pico power supply. It has a spot on the back where the external part of the power supply plugs into the unit. Nice and clean looking, and it's even smaller than the one you were looking at.
-
No problem buddy. As pfBasic mentioned, the parts he listed can be run silent, I took that to mean fanless. This case comes with fans, but you likely won't need them unless it will be sitting in a hot closet or something.
You would also be good to go with the pico power supply he listed as well, the drawback is, there's a gaping hole in the back of the case, which was meant for a bigger power supply unit.
For a little bit more money, you can get one of these: http://www.mini-box.com/M350-universal-mini-itx-enclosure
This will fit the system board listed, and can be bundled with the pico power supply. It has a spot on the back where the external part of the power supply plugs into the unit. Nice and clean looking, and it's even smaller than the one you were looking at.
Thanks…I had looked at that one too from pfBasic's link on the power supply.
-
I read through that a couple of times, and my understanding is that, while it does not prioritize VoIP traffic, fq_codel manages the queue more efficiently, so that the small VoIP packets are worked into available spaces, which means they're not waiting in the queue for other 'stuff' to finish.
That's way over simplified, but is it an accurate way to describe it?
for VoIP, I would strongly recommend you read the linked thread in its entirety, then ask whatever questions you may have either here or in the traffic shaping forum. - playing with fq_codel in 2.4
In short, VoIP traffic suffers badly from high latency as I'm sure you know.
pfSense just implemented (as a result on upstream FreeBSD developments) fq_codel.
Why do you care? Because fq_codel is very easy to implement over your entire network, it does not require much tuning (usually none at all) and it will do an exceptional job of giving traffic such as VoIP very low latency connections even when your WAN is maxed out.
It's currently a CLI-only implementation, but very easy to do (done in <5 minutes).
