CPU requirements for custom build
-
Hi
I'm trying to build myself a router based on pfSense. In order to get whole network going I need first decide on hardware. In case of pfSense the base part is CPU because motherboard and RAM is directly dependent on it.
I'll have 1Gb internet soon and I want to build 2.5Gb LAN with some AC or AX WiFi AP to go with it.
And I wonder - what CPU I'd need for that? I know different NICs can utilize CPU in a different way but I need some place to start looking...From what I understand there's no point considering Atoms, right? I have Intel motherboard with Atom 330 but it doesn't have AES hardware from what I remember...But what about Celeron?
I want some cheap solution (of course ;)) and as low power as possible so I will look mostly for used parts. And there's a lot of them flying around so it's really hard to decide. I don't want to overpay for something I won't utilize... -
Much more than an Atom 330! That will max out in the 300-400Mbps range I would expect. That's without any packages etc.
So you want 2.5Gbops between internal interfaces? Or just 1Gbps between WAN and LAN?
You need to run packages? VPN?
Steve
-
@stephenw10 Haha...I can confirm those speeds because I got similar when I was playing with pfSense on that motherboard. :D
Sorry - I'm noob here so I may choose some words poorly. ;)
WAN will get 1Gbps from my network provider - I'll use whatever NIC will motherboard have for that.
But between local clients I want to get 2.5Gbps - I will get some NIC for that. I have local server that is used a lot for different tasks.There probably will be a VPN there but it won't be used on daily basis but more likely when I need access to the home network outside from home to fix something, which doesn't happen too often.
As for other packages I will probably set up something to filter traffic out. Because this is my first play with custom router I'm not sure what future will bring. So there has to be some overhead in terms of performance if I find something interesting along the route. ;) -
Ok, you would only need it to pass 2.5Gbps then if you have multiple internal 2.5GbE interfaces and need to transfer between them at line rate. Otherwise you would only need to pass 1Gbps which is significantly easier. An old Celeron G530 will do it for example.
Steve
-
@stephenw10 Wait, so you're telling me that CPU this old will be enough for firewall on WAN and to pass local connections? I thought I'd have to go with some i3 or something.
Hm...wouldn't it be better to have AES-NI? From what I see this Celeron doesn't have it.
-
I found something that is quite cheap and looks like have more power with AES-NI supported: Intel Core i3-4130T. Will it be enough? Or maybe overkill? ;)
-
No I was saying it will pass 1Gbps giving the right traffic (many variables!).
If you only plan to have one one internal interface at 2.5Gbps then you would only need to pass 1Gbps between WAN and LAN. At 4130T should do that easily.
Actual 2.5GbE NIC options for FreeBSD/pfSense are very limited currently. It's easier and probably cheaper to get a 10GbE card.
Steve
-
@stephenw10 Oh, sorry then as I have to misunderstood you.
Actually I plan to have at least two 2.5G ports: one to go into switch, second directly to AP. I'd like to have four of them because that would make my network plan so much easier, but I don't know if I've manage to find cheap card for that. There's also possibility for me to get two cards with two ports but that would require something like micro-ATX or mini-DTX to get two PCIe slots instead of mini-ITX and I'd like to make it small.What do you mean that options are limited? How can I check that out? Should I check that against FreeBSD directly? I don't use BSD systems at all so I don't know them.
Yeah, there's a lot more 10G cards out there but the issue are at the next step - switches, which are much more expensive if you bump all ports to 10G. For the current plan I will most likely go for Qnap QSW-1105-5T because it has all I need with reasonable price.
I don't need 10Gbps network at home but I can utilize 2.5Gbps. And as far I checked, most of cheap 10G cards doesn't support 2.5G or at least it's not listed in the specification and I don't want to gamble. ;)Side note: I'm quite limited in terms of how I can build whole network because of the way my cables are spread across my apartment. That's why the best would be to have four 2.5Gbps ports because this way router would be connected directly to the server, which physically will right beside and also to the AP and switch. And then switch will connect all the other devices that needs wired connection, most notably my PC.
The other solution, that came to me right now, would be to have two switches and card with one 2.5G port (or some 10G NBASE-T). This way router would go to the first switch to which server would be connected and then to the second switch, like in the previous example. I'll need to calculate expenses for that...BTW Sorry for the wall of text but I'm thinking as I write here. ;)
-
There are only two options I'm aware of for NICs that will link at 2.5GbE and work in pfSense currently.
You can use an older Broadcom 10GbE NIC and change the firmware (settings?) on it to allow it to link at 2.5GbE. Along with patching the driver.
https://www.dslreports.com/forum/r32230041-Internet-Bypassing-the-HH3K-up-to-2-5Gbps-using-a-BCM57810S-NIC
An Intel X710-T2L reportedly works:
https://forum.netgate.com/post/928212Steve
-
@stephenw10 Now you've manage to discourage me :D I thought it's going to be as easy as plug in card and that's it. Didn't know there can be such a problems with it...I'm probably too much used to mainstream systems.
Those cards are based on SFP from what I see and I need RJ-45 as it's what my network is based on. I'd have to buy switch that would take SFP and have RJ-45 for the rest of the network.
I'll have to think about this more it seems :(Maybe I should look more closely on 10G that have known support for 2.5G as well or just stick to 1G which would bring the overall cost considerably down at expense of me being less happy with the build.
-
I would use 1G NICs for now, as they cost almost nothing, stick with the switches you have, allow for the rest of the hardware to be capable of 2.5G.
When we get support for a mainstream 2.5GbE NIC you can add it. Something like the Intel i225 which is currently in development.Steve
-
@stephenw10 Yeah, I will probably do as you suggest. There's a lot of four ports 1G NICs from Intel Pro series out there that are quite cheap. So I'll get this i3-4130T and some mini-ITX motherboard for it. I hope there won't be any issues with bridging those ports together (this is the proper terminology, I'm assuming ;)).
You mean there's a work on-going to make support for Intel i225 in pfSense/FreeBSD? That's great news as I've seen already NICs with that chip.
-
It depends what you mean by bridging. It is possible to actually bridge the ports (so they are all in the same subnet) but generally that's a bad idea. If you just want to connect more devices use a switch.
https://docs.netgate.com/pfsense/en/latest/book/bridging/index.htmlSteve
-
@stephenw10 Yes, I wanted to make all the ports use the same subnet. That would be useful especially for connecting AP because this way I could isolate some wireless devices from the network - at least that is something I've got reading your documentation. And I thought having four of them would render having additional switch as pointless.
But if you're saying that overall it would be better to have one port for WAN and one for LAN that would be connected to switch then I believe you. :) There's a mention of performance hit when bridging and I think that is the only thing that concerns me although I don't know how much hit it is. I'm not sure I will use any of other features mentioned as a problematic when bridging. Unless there's something more that not yet know about. :PBTW I really want to thank you for all the help you're giving me here! Thanks! :)
-
If you want to filter between wireless and wired clients on the same subnet that is a legitimate use of a bridge. That can work well.