Performance on HP DL360 with Mellanox

blackmetal

Hello,
We have following device :
HP DL360 G8p
2x E5-2660v1
RAM: 4x 8GB 12800
HDD: 2x 250GB SSD
1x Mellanox Fiber MNPA19-XTR Card
1x HPE Ethernet 10Gb 2-port 530FLR-SFP+ Adapter

I have a mikrotik ccr 1072 as my main router and i want to move some vlans from my customers to pfsense, so on pfsensei want to use this features :

Create VLAN
Firewall Rules
BGP (1 Session with only Default Route)
IPS

How can i know how much throught can i have on above device?
THank you.

stephenw10

@blackmetal said in Performance on HP DL360 with Mellanox:

2x E5-2660v1

2-3GHz Sandybridge, I would expect somewhere in the 3Gbps range. It's hard to say though, there are many variables.

Adding IPS makes it imposible to say as that depends on what signatures you have loaded and how it's configured. You have a lot of CPU cores though so it may not be that impactful.

Test it and see if you have the hardware.

Steve

blackmetal

I am cuorius because netgate appliance with a Intel D1541 showed that can handle 6gb firewall throughput in IMIX mode.

stephenw10

The D-1541 is a lot newer. Also that system has Intel NICs.

Mellanox NICs can behave oddly in pfSense in my experience. I have one similar to that but moved it to a Linux box after seeing said odd behaviour.
But as I said it's hard to say for sure. If you have the hardware already just test it.

Steve

blackmetal

in your experience do you think with that config i will be be handle to 1.5-2M pps (IMIX Traffic) with 3-6gbps bps ?
because i have some ddos attacks and i want handle small attacks.
of course i have a contract with a ddos protection company and have ddos protected ip transit but i have small attacks like that in my network.

stephenw10

I really couldn't say with that hardware and running IPS.
DDOS attacks are unlikely to be IMIX type traffic though I guess you must have seen whatever it is they are throwing at you.

Steve

blackmetal

May you help me with which software we are able to do this?

stephenw10

Able to do what exactly?

blackmetal

sorry for does not explained exactly.
protect me from 3-4gbps attack with 1m pps.
i know with a simpel device we can not do this and we have a contract with a ddos protected company but due to some latency issue we are announcing prefixes to a ip transits provider that they do not have ddos protection and we want to use this firewall there.
the max we receive dis 3-4gbps with max. 900k - 1m pps

stephenw10

Like what software can do it on that hardware other than pfSense?
I have no answer for that.

pfSense may be able to do that but it's a scenario I have ever tested. Nor a hardware I have ever tested.

If you have the hardware I can only advise you test it yourself and find out. It should not be that difficult to do.

Steve