Bandwidth limits of a 5501 and pfSense?
-
Hi,
I'm planning for an upgrade of the Internet connection and need to be able to push up to 100 Mbps plain traffic (non-VPN). No need paying for 100 Mbps if I don't get that through the FW, right. One of the obvious choices it seems is a Soekris board (perhaps with some kind of disk for package support).
Looking at harware sizing notes at
http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49"51-200 Mbps - No less than 1.0 GHz CPU"
It seems that boards like Soekris 5501 (433 - 500 MHz according to Soekris www) could have problems delivering that speed? Or is there so much margin in the guidelines on the HW sizing page that it could do it depending on other load such as VPN or no VPN etc?
Can someone give real traffic data on the 5501 perhaps, as a pointer?
TIA,
-
It's capabilities should be very close to ALIX hardware.
See this thread for more info.
-
I think you will need to step up to an Atom platform to manage 100mbit with pfSense.
-
Thanks,
Or maybe if I haven't made a purchase at the end of the year the 6501 will have arrived and I could take a look at that.
"net6501, a faster and more advanced mainboard, up to 1.66 Ghz CPU, 2 Gbyte DRAM, 4 Gigabit Ethernet ports and PCI Express expansion, production availability in Q4 '09"
Cheers,
-
The processor you need depends a lot on the network cards you've got. With the known cheap Realtek chipset my 1.2 GHz box looks like it should top out around 50 Mb/s (because of the level of interrupts). With decent (Intel) chips I'm sure I could push a lot higher.
-
@Cry:
The processor you need depends a lot on the network cards you've got. With the known cheap Realtek chipset my 1.2 GHz box looks like it should top out around 50 Mb/s (because of the level of interrupts). With decent (Intel) chips I'm sure I could push a lot higher.
Yeah I'll keep that in mind, I know it's mentioned a lot on this forum. In some other similar forums I've seen people often recommending some of 3com's NICs. Any thoughts on them?
Also, I think I have asked this elsewhere, it would be really interesting to hear comments on the NICs on the Soekris boards. I think "National semiconductor" is mentioned on their pages but I don't know much about them myself.
TIA,
-
The older Soekris boards use National DP83815/DP83816. It's a reliable, proven design, but doesn't offer great performance. The net5501 uses the Via Rhine III (same used in ALIX). It's a more modern design with TCP checksum offload that should perform better. Both are pretty good, but not as good as the modern Intel designs which are something of the 'gold standard'. Not sure on the 3coms, I know they were well-regarded years ago when 100mbit was relatively new, but I'm not sure now - do they even have any modern designs out? They don't seem to be making NICs anymore.
-
The DP83815 and DP83816 are identical (816 only adds WoL,) and are more than capable of wirespeed under FreeBSD, when using POLLING and doing raw, rather than pf. DP8381(5,6)'s backed with sufficient CPU certainly can do what you're looking for, but a 5501 does not fall into the sufficient CPU category. The DP83816's beautiful for pfSense in that you can do not only in-chip zero-CPU MAC filtering, but deep frame pattern matching. Sadly, nobody bothered to implement either in sis(4), or the PHY's self/remote/cable test capabilities. Hell, the Sun X4445A Quad Gigabit is actually based around the gigabit version of the DP83816, which did add TCP checksum offload. The problem is that only Sun picked up on the design, and nobody else used them. The MacPHYter family is still far and away, one of the most advanced designs ever created - even Intel does not equal them in many regards.
But I digress; as I said, you need to back an 83816 with significant CPU. Realistically, you'll only find RealTrash, Intel, and Marvell (D-Link DGE-530T) out there. As far as I know, D-Link hasn't changed the hardware on the 530T. So either that or an Intel card will do the job.