CPU / RAM Sizing
-
Hi all, I've set a PFSense 2.5.2 64bit on a VMWare environment. During next weeks there'll be at least 1000 connections/sec and I'm asking what could be the best CPU and RAM sizing to avoid slowdowns. I added also Snort IPS, HAProxy as load balancer packages and two OpenVPNs site-to-site (doing low traffic, less then 1 Gbyte per day).
Actually I've 4 CPU single core Intel Xeon Gold 6240 CPU @ 2.60GHz and 10 GByte EDO RAM with two NICs 1Gbit (wan and lan).
Do you think is it enough ?
Thanks ! -
What's the available bandwidth? How much will it be passing?
-
@stephenw10 Greetings, our PFSense firewall is inside a specific VMWare VSphere virtualization environment granted by a big datacenter with guarantee throughput of 1 GBit/sec.
-
Ok, I would expect that to be fine with 1Gbps though there is a lot or variability from Snort depending how it's configured. Have you done any testing?
-
@stephenw10 Yep that's true... actually Snort is configured in "legacy mode" with active blocking ("AC-BNFA" search method in performance settings). And HAProxy is still not configured.
Both site-to-site OpenVPNs are already on but, as I wrote, their network traffic is very low.In this scenario, CPU usage is actually between 1 and 5% maximum and memory is stable to 7% (7% of 10174 MiB).
-
@ddepaolis said in CPU / RAM Sizing:
In this scenario, CPU usage is actually between 1 and 5% maximum and memory is stable to 7%
Whilst passing 1Gbps? Probably fine then.
Steve