Doubts Hardware for Gigabit Throughput
-
Hello,
I know that this topic already exists here on the forum, but I have some doubts regarding my hardware.
They are doing the survey of a server where it is necessary to manage 1gbs nat. My server is not new, so I have a doubt if he will be able to manage. Follow the server settings:Intel (R) Xeon (R) CPU E3-1230 V2 @ 3.30GHz
8gb ram
Motherboard S1200BT
Intel Corporation 82579LM Gigabit (Offboard)
2 Intel Corporation 82574L Gigabit (Obboard)I am still thinking about using VMWare or XenServer to do virtualization, I am still seeing which one I will use. Another doubt, can virtualization interfere with anything in 1gbs traffic?
Thanks -
@maico-vanzo How about a free opensource Proxmox?
-
Cool, I’ve never seen Proxmox. I'm going to do a test here. But can pfsense as a VM affect cluster things? Or is it better to make a dedicated firewall server?
And with that hardware above I manage 1gbps? -
@maico-vanzo first make a cup of tea or coffee and please watch this video on Youtube, Before I do anything on Proxmox, I do this first...:
https://www.youtube.com/watch?v=GoZaMgEgrHw -
You wont hit 1gbit with that hardware in a VM nor directly on hardware.
What packages are you planning to run?
-
My old desktop (Gen 1 i3) with a 4 port Intel NIC easily routes faster than 1Gb. (takes all four NICs) I am not running any packages that might affect speed I have a few dozen rules.
So the HW will route at 1 Gb, but it may not be able to depending on what other work it has to do.
-
@andyrh A router is a different thing. A FW needs a lot more power to inspect packets at wirespeed
-
I will try to explain my idea.
I have a 600 mbps internet and a 35mbps backup. My idea is to put the 600mbps pppoe on PFsense routing the WAN, and a card giving dhcp on the LAN to the other equipment on the network (approximately 40 computers).
Because today I have a loadbalace that manages only 300mbps, but when I perform the speed tests it is only giving 150mbps. Because I believe that comsiga manages only 150mbps per WAN port.
So my idea was to put PFsense to manage all network traffic at 600mbps. Or put another equipment type microtik or uquikiti gateway. Because I thought that changing the network card by placing an intel pro / 1000 could manage 1gbps in pfsense and I like pfsense, I would not like to put another device on the network.
I don't know that I was able to explain, but that's the idea. -
Most of my traffic is encrypted so there is not much to inspect.
-
My pfSense (2.4.5_P1) is running on 2 vCPUs under ESXi 6.7U3. (Yeah, a bit behind the times.) No packages that require any heavy packet inspection.
Hardware is an E3-1265Lv2 (4 cores @ 2.5GHz) using an Intel i340-T4.
I have no problem pulling 1Gb/s through that. Your 3.3GHz CPU should do it easily.
-
@cool_corona said in Doubts Hardware for Gigabit Throughput:
@andyrh A router is a different thing. A FW needs a lot more power to inspect packets at wirespeed
These days, routers generally include firewalls. For example, I have a Cisco router here that does. That said, I suspect my Qotom mini PC could handle it. It has an i5 CPU, 4 GB memory and 4 Ethernet ports. However proper routers often have custom hardware to improve performance.
I agree running in a VM will kill performance.
-
@biggsy So if I put at least one new network card, one similar to yours has the possibility of reaching 1gb/s.
-
My understanding is Intel is the best choice. My Qotom computer has 4 Intel Ethernet ports and here are my speedtest results. CPU usage didn't exceed 5%.
-
Yes, as JKnott says, Intel is the best choice.
Just be aware that there are fake Intel cards being sold. Here is a link to a long thread about those and how to identify them:
https://forums.servethehome.com/index.php?threads/comparison-intel-i350-t4-genuine-vs-fake.6917/
-
My Qotom computer has the Ethernet ports built into the mom board, so no chance of a fake card.
