Hardware selection question e3-1220v3, i5-4570
I am looking at setting up a new pfsense box and want some feedback on hardware selection.
I previously used a dell optiplex 160 for my pfsense build. It was great, and very efficient, drawing only 12 - 15 watts at most times. It has an intel atom 330. This worked great for a few years but now I have upgraded to gigabit internet and it does not keep up.
I have a few machines laying around that I was planning to use but I could use them for my pfsense build. I do plan to use vpn at some point.
One is a dell t1700, e3-1220, ecc ram
The other is a custom sff i5-4570, with a 300w 80+ gold psu.
Are these good machines to use for pfsense or is it overkill?
My goal is to build something that will last several years. I paid about 100 for the i5-4570 machine and 140 for the t1700. So a lot more expensive then my previous build and I still have to add a lan card. Which ever unit I don't use I will sell off.
t1700 can fit full size lan cards, the i5-4570 cannot. I think the t1700 would also have tcp offloading in the ethernet port it provides.
How much ram should I use? And any advantage to using ecc for pfsense?
SammyWoo last edited by
This is what I would do:
Optiplex 160 PASSMARK = X. max cpu load = Y%. XY This is your current required horsepower. Upgrade to something to at least 150-200% of XY. An i3-class will do gigabit comfortably.
More powerful CPU will suck more power even when idle, if ur concerned about that.
Pfsense seems to prefer Intel NICs.
ECC is up to you. People who require ECC tend to run mission critical firewalls with double fail-safe PSU and such.
Both are fine, TCP offloading does less than you'd think, ECC has a slight advantage from a software perspective but protocols like TCP and others have checks built in so that bit flips are detected and packets get retransmitted.
If you don't run a ton of services, use the i5 SFF PC and get a low profile card. I think the Intel i2xx/i3xx T2 series come with low profile brackets by default. Cost about 50 on eBay and Amazon, but chose working pulls over 'new' ones that are too good to be true. Regarding RAM, 2GB is fine for simple NAT + Routing + DHCP, more RAM gives you room to grow.
The T1700 is a good choice if you intend to do more heavy lifting, like IDS/IPS, lots of logging, many rules, lots of crypto.
what do you mean by lots of crypto?
I plan on VPN for most of my network. Isn't the xeon 1220 v3 and i5-4570 about the same in terms of performance, other then the extra 2mb cache on the xeon? Even for crypto?
The advantage of the t1700
- ecc ram is cheap, if I ever need to add more (sounds like I would not need to add more ram)
- full size slots for pci/pci-e cards
- bigger case
- might use more power?
- higher cost
I added a 4 port intel pro 1000 server card in the i5-4570 machine, running great. Noticing a bit of latency issue that needs to be resolved.
The intel ethernet card has 4 ports. Any way to use all 4 for DHCP server with 192.168.0.1?
what is HA and LAGG?
I basically just want to connect to local devices using those ports.