Looking for advice on building a low power 1u or 2u pfsense box
-
Atom info:
http://forum.pfsense.org/index.php/topic,14050.msg77639.html#msg77639As to the Lanner box I bought, I never tested the power consumption, though I'd expect that it's in the mid-to-high 30s at idle because of the Intel vs Realtek NICs, the IPMI port I'm not using, the (probably) less efficient PSU, and the Celeron 440 & 4GB of RAM I installed. Under load I'd expect it to jump into to the 40s, if not the low 50s if you really throttle it.
EDIT #1: Forgot to mention throughput. The Atom boxes I have will do about 240Mbit/s TCP with iperf (I believe this is NIC restricted, not CPU) but real-world performance is significantly lower as I was unable to get more than 50Mbit/s through them using two boxes with a cross-over cable and FTP. IPSec performance between them is 10-15Mbit/s. I haven't tested the Lanner + Celeron 440 but I'd expect it to do a lot better, probably on the order of 400 Mbit/s through the firewall and 40-50Mbit/s through IPSec, if not more. The system supports a Mobile C2D so with one of those it would absolutely scream.
EDIT #2: Oh, and these are a lot cheaper if you don't need the rackmount kit. Figure on taking around $200 off the price I mentioned earlier.
-
I have a Lanner FW-7520 which is a bit different (not rack-mountable, different processor, different chipset, etc). For my home network, I have an 802.11n AP running 3 VLANs (one for each SSID) and a separate wired gigabit segment. There are some fairly complex firewall rules setup on each of the wireless VLANs and a minimal set on the wired side. With that, I can pull 300Mbps from a machine connected to the wired side to a laptop on one of the SSIDs. I've done that numerous times when copying files via FTP or SFTP. Given that I have nearly zero CPU usage when doing those transfers, I expect IPsec would hold up nicely. Being a home network though, I haven't tested it.
-
Hi, I'm a bit of an eccentric nut. I'm a 'home user' with a full height rack in his basement. All my telco is properly terminated in the rack, along with a half dozen rack mount systems, a 16 port switch (i have cat5e drops in most rooms of the house), all with meticulous wire management.
Wait a second - how do you tease all of us other eccentric nuts with a description of your in-house telco room like that without posting any pics? :P
About your search for decent, inexpensive, low power 1U hardware for pfSense, looks like the other guys have it covered. It's not easy to find 1U systems that fit all those criteria.
-
I can pull 300Mbps from a machine connected to the wired side to a laptop on one of the SSIDs. I've done that numerous times when copying files via FTP or SFTP. Given that I have nearly zero CPU usage when doing those transfers, I expect IPsec would hold up nicely.
How'd you do that? I have FW-7520 also….
-
I can pull 300Mbps from a machine connected to the wired side to a laptop on one of the SSIDs. I've done that numerous times when copying files via FTP or SFTP. Given that I have nearly zero CPU usage when doing those transfers, I expect IPsec would hold up nicely.
How'd you do that? I have FW-7520 also….
It very much depends on the capabilities of the Wireless AP and the Wireless-N adapter on the notebook.
-
I can pull 300Mbps from a machine connected to the wired side to a laptop on one of the SSIDs. I've done that numerous times when copying files via FTP or SFTP. Given that I have nearly zero CPU usage when doing those transfers, I expect IPsec would hold up nicely.
How'd you do that? I have FW-7520 also….
My exact setup is the FW-7520 using only the 4 gigabit ports. One of the ports connects to a Netgear PortSafe 16-port gigabit switch which then connects to a Mac Pro. Another port connects to a D-Link DAP-2590 AP. A MacBook Pro is the sole device on the wireless network.
The AP is serving three SSIDs that map to 3 VLANs. The SSID/VLAN I've used when testing bandwidth is running WPA2 and is bridged to the wired network. I have no traffic shaping turned on and the firewall rules for this particular scenario are fairly lightweight. I don't expect that the lack of rules or shaping is key, just that I haven't measured the bandwidth on the other SSIDs.
-
Someone asked about power consumption. I use the Via Nano which is a bit more power hungry than the Atom. But the Nano has the padlock encryption acceleration engine in hardware.
But 30 to 40 watts depending on load.
Via Nano 1.6ghz
2gb ram
5400 rpm drive
intel pci-e dual gigabit card. -
Someone asked about power consumption. I use the Via Nano which is a bit more power hungry than the Atom. But the Nano has the padlock encryption acceleration engine in hardware.
But 30 to 40 watts depending on load.
Via Nano 1.6ghz
2gb ram
5400 rpm drive
intel pci-e dual gigabit card.Are you using the VB8001? I'm considering switching over to the VB8001 and already have the Intel PT Dual-port adapter.
-
Yes, the VB8001.
-