Hardware for 10Gb/s



  • Hi,

    I wolud like to know if the following server is good for a 10 Gb/s connection:

    Server: AS -1114S-WTRT
    CPU: AMD Rome 7272 DP/UP 12C/24T 2.9G 64M
    RAM: 64 GB DDR4-3200 2Rx8 ECC REG DIMM
    SSD: Seagate Haden 240GB SATA 6Gb/s, 2.5", 7mm 3DWPD SSD in RAID 1 (zfs)
    NIC 1: Chelsio T540-LP-CR 4 x 10Gb SFP+
    NIC 2: Chelsio T540-LP-CR 4 x 10Gb SFP+

    consider that I have to use PfblokerNG dev and nat

    thank you



  • @prx said in Hardware for 10Gb/s:

    hi,

    You put together a pretty hard "iron" for this task. 😉

    What can I say(?):
    -we also use AMD Epyc series CPUs in pfSense devices, without any problems
    -I recommend using good quality RAM modules like Hynix, Micron, etc.
    -ZFS RAID1 is a good choice for high availability
    (I know this SSD too, more than perfect for the task)
    -the soul of the firewall is the NIC(s), your choice is supported:
    https://www.freebsd.org/releases/11.3R/hardware.html#ethernet

    I would like to ask if it is intended for a home or production environment?

    6d8bcd0c-b19d-4d61-986b-0615ec207907-image.png



  • Hi,

    it is for a production site, in a HA configuration. It will be our main firewall and, as I said in my previous post, I need to use pfBlockerNG_dev and nat some networks. We will use it also as router.

    The hardware is ok for 10Gb/s connectivity?



  • @prx

    Hi,
    In my view, yes!

    but we seek the advice of the Netgate hardware expert who is @stephenw10
    (he will see this question and he will answer)

    it can help you in every way to keep your investment safe

    since the system is 10Gig and serves high security purposes, this is the safest next step

    ++++edit:
    these things ("pfBlockerNG_dev and nat some networks"), if these things are configured well, easily performs with this hardware configuration


  • Netgate Administrator

    Unfortunately I have zero experience with any recent AMD CPUs of reasonable speed.

    I can tell you you need something fast to get 10Gbps and I would still choose fewer cores at a higher speed given the choice.

    I would also choose Intel ixl NICs at this point over Chelsio. Certainly if you're able to run 2.5 snapshots to get more recent drivers.

    It may be better to wait for feedback from someone who actually has proven hardware for this.

    Steve



  • @stephenw10 said in Hardware for 10Gb/s:

    Unfortunately I have zero experience with any recent AMD CPUs of reasonable speed.

    I can tell you you need something fast to get 10Gbps and I would still choose fewer cores at a higher speed given the choice.

    I would also choose Intel ixl NICs at this point over Chelsio. Certainly if you're able to run 2.5 snapshots to get more recent drivers.

    It may be better to wait for feedback from someone who actually has proven hardware for this.

    Steve

    Hi @stephenw10 - any particular reason you are recommending the Intel ixl over Chelsio? I have been using a pair of T540's for some time now (one of them in pfSense actually) and they have been real work horses - never gave me any trouble. Thanks in advance.


  • Netgate Administrator

    If you have the Chelsios then use them. The newer Intel chips run a lot less power for the same job (in pfSense), cooling is less of a concern.

    At one point the Chelsio cards were the only thing we found that ran stable with good throughput in FreeBSD/pfSense. But that was a long while ago now.

    Steve



  • We have a review of similar AS -1014S-WTRT in the FreeBSD hardware database.


Log in to reply