Core 2 duo PC for pfSense in business deployment



  • Hi Guys,

    I need a bunch of pfSense routers that will just run the basic packages, they will also run IPsec Site to site.
    They will have anywhere from 20 to 100 devices grabbing IP's and have 150Mbs down 15Mbs up for the WAN.

    I can get these PC's and throw in another Intel NIC:
    Lenovo M58p
    Processor: Core 2 Duo @ 3.0 Ghz- E8400
    Memory: 2GB DDR3
    160GB Hard Disk drive
    1 x onboard GB Intel NIC
    1 x PCIE Intel GB Nic

    I just wonder if anyone has used a Core 2 Duo with 2GB ram in a business setting with around 100 users and the load was OK?

    Thanks



  • That's a workable box all around with the exception of IPsec. You might hit a wall without the AES-NI on your Core2. It all depends on what your VPN expectations are.

    The other concern is the power consumption. you will be running at least 100w each. If you can hold off a bit, you could get the new SG-3100. As long as your not running Snort with a ton of rules or ntopng you should be fine. You also get support!



  • Depending on how long you need it to be supported by pfSense you may want to get a box that has AES instruction support.
    On top of that, something in a more rugged form factor (smaller and more sturdy than a PC) might be beneficial.

    The SG-3100 would be a good fit, but if you really need something cheap you might end up with the china boxes like those Qotom-Q310G4 (or one with a lower end CPU). They are about 150e delivered.
    Ideally you'd get one with a C-series Atom, that'd be a good fit.

    If you still want to go the desktop PC route, check the CPU on ark.intel.com for AES.



  • Thank you very much for your input guys, I do want longevity, but I find the small boxes are more annoying to work with, if a PC has a problem you just replace a part.
    But I will check out the CPU and those options you guys mentioned.

    EDIT: WOW thank you for the AES-NI warning, I didn't know about it, and unfortunately I have like 6 boxes ill have to replace because of it.

    Cheers



  • it will be fine as basic dhcp or vpn server until about 100mbs

    after pfsense begins to require aes-ni, switch them to opensense or ipfire



  • @messerchmidt:

    after pfsense begins to require aes-ni, switch them to opensense or ipfire

    You can just keep it running on the version you are currently on. That is until a security problem has been found in one of the components and netgate is not fixing that version anymore. That's a couple years down the road. And at that time you will want to buy more power efficient hardware anyway.



  • @messerchmidt:

    it will be fine as basic dhcp or vpn server until about 100mbs

    after pfsense begins to require aes-ni, switch them to opensense or ipfire

    Or just get a AES-NI capable CPU… by the time pfSense no longer supports CPU's without AES acceleration, those CPU's will be more than 15 years old. I'm not saying old hardware is bad by definition, but other components from that era will be getting hard to get, and what's there will be slowly dying. Then there is the waste of power and lack of performance compared to current hardware...

    If you're still running a service on a Core2Duo-era machine at that point, it's going to be comparable to running it on a Pentium 3 now.


  • Netgate Administrator

    @canadianllama:

    … unfortunately I have like 6 boxes ill have to replace because of it.

    As others have said you will need to plan to replace those in ~2 years. Unfortunately there are no socket 775 CPUs that support AES-NI even if you fit a Xeon 771 CPU with one of those adapters.

    But can you really be relying on hardware that old if this is a business critical deployment?

    Until that time though I imagine that would fit your requirements just fine.

    Steve



  • @curtisgrice:

    That's a workable box all around with the exception of IPsec. You might hit a wall without the AES-NI on your Core2. It all depends on what your VPN expectations are.

    The other concern is the power consumption. you will be running at least 100w each. If you can hold off a bit, you could get the new SG-3100. As long as your not running Snort with a ton of rules or ntopng you should be fine. You also get support!

    Im using a old Core 2 Duo 2.4Ghz HP Elite 8000 which is on 24/7 and the machine only uses 35watts on idle.



  • @VioletDragon:

    @curtisgrice:

    That's a workable box all around with the exception of IPsec. You might hit a wall without the AES-NI on your Core2. It all depends on what your VPN expectations are.

    The other concern is the power consumption. you will be running at least 100w each. If you can hold off a bit, you could get the new SG-3100. As long as your not running Snort with a ton of rules or ntopng you should be fine. You also get support!

    Im using a old Core 2 Duo 2.4Ghz HP Elite 8000 which is on 24/7 and the machine only uses 35watts on idle.

    What will you do when the motherboard fails?



  • @VioletDragon:

    … the machine only uses 35watts on idle.

    That's about 5-times what an APU2 consumes under load.



  • @jahonix:

    @VioletDragon:

    … the machine only uses 35watts on idle.

    That's about 5-times what an APU2 consumes under load.

    So what? It would be at least 5 years to recoup the purchase price in these parts, and from a green perspective it's probably neutral at best to throw out a working system to replace it with another one. Tossing out an idle power consumption without any context is ridiculously common on this board but really pointless.



  • I am using Lenovo M58p E8400 and another one with E8500 in a small LAN without any problem for ~2-3 years.
    It have extra:

    • 2 x LAN Gb cards ( 2 + 1 ports )
    • 1 USB Ethernet 100 Mbps. ( for guest AP when need it )

    It run without any problem: Suricata, pfBlockerNG, OVPN site-2-site and OVPN server for mobile, postfix…
    OVPN speed it is max ~100Mbps without compression.

    This MB have Intel AMT 5.0 so you can control it remote, power ON/OFF....
    Consumption on work ~45-60W.

    I can recommend it for home and small office if you have one.