CPU enough cores / speed for pfSense?
-
@srytryagn said in CPU enough cores / speed for pfSense?:
Coincidentally a lot of the higher core offerings also have higher clocks, indepent of generation that is.
Mmm, that's the opposite of what you'd usually find due to the total thermal/power requirements of the package.
-
@stephenw10 On a closer look, you are quite right about that. Any suggestions for what CPU will live up to the task ? Have you run over a 1gb+ with IDS/IPS enabled ?
-
I've never run any of those CPUs so I can only make an educated guess but I imagine that any of them would probably pass that no problem.
-
@stephenw10 What CPUs are you running, in terms of cores and clocks ? Are they able to get over 1gb with something like suricata running ?
-
The C3558 we use in the 6100/7100 will do that.
The actual throughput limit will depend on how Snort/Suricata is configured though.
-
It is not even so easy to say something about IDS/IPS
and pfBlocker-ng for the others, they will be only able to give you a number here and there pending on others and there own made experiences. If you will be fully load or much (many) lists inside of pfBlocker-ng it can be a really
hard with to slow CPU, to less RAM and/or to less SSD space. if then on top ids comes by side with really many
rules sets enabled you will be on the need of more ram, cpu horse power and HDD/SSD space. Inline mode for snort as an example will be only running with some NIC
types at this moment as I am informed, and so on and so on and so on. It is not that question to get a powerfully machine, but more how good it is supported.You would pay ~500 € for an AMD CPU, for sure it will be a bomb, but also on your electric power bill.
Xeon E3 v5/v6 used or new is capable of 3,5GHz to 4,5 GHz and owns 4C/8T so it is much enough for your needs, it can be sorted with up to 64 GB ECC RAM and will be able to stick on a Supermicro mini ITX board. But, you will
be of the lag of Intel QAT and you have to add more things inside. So you will be ending up with something around;- Xeon E3 v5 CPU ~350 €
- ECC RAM ~75 € (2x8GB / 16 GB)
- Board ~350 €
- case 150 €
- M.2 ~100 € (1TB)
If you compare it to an Supermicro C3758, C3858 or C3958
for around 900 € - 1500 € plus RAM 75 € and M.2 for ~100
it will be perhaps more modern but with less CPU horse power.For both systems you need a supported 2,5 GB NIC, either with1 Port or 2 Ports or 4 Ports on top of all, so it might be nice to get now the price from an Netgate 7100 you will be
getting for xyz € or xyz $ in your country. Is it to far away
from that price range? -
@stephenw10 the C3558 in the 7100 is a 4 core 4 thread 2.2Ghz processor; spec is quite low I am curious if that is all that is required to get the level of performance I am after with all the packages running.
does this suggest that even the bottom tier of processors I am looking at, 1600af if a 6 core 12 thread 3.2 Ghz or 1700x 3.4 Ghz would be up to the task ?
-
@srytryagn said in CPU enough cores / speed for pfSense?:
@stephenw10 the C3558 in the 7100 is a 4 core 4 thread 2.2Ghz processor; spec is quite low I am curious if that is all that is required to get the level of performance I am after with all the packages running.
does this suggest that even the bottom tier of processors I am looking at, 1600af if a 6 core 12 thread 3.2 Ghz or 1700x 3.4 Ghz would be up to the task ?
The rest of the entire hardware like the mainboard must
or should be also supported by freebsd and so it might be better to go than with a Supermicro miniITX and an Intel
Xeon E3 4C/8T ~3,2GHz upwards. -
Yeah, like I said I would expect any of them to pass that no problems.
However you still could hit a limit if you use Snort (which is single threaded) and just enable every rule there is.
-
@stephenw10 That is right, Suricata FTW ?
Glad to know I can same some money and go with a lower tier processor like the 1600af and still meet my end goal! A 5900/5950 would have been expensive. Thanks for confirming.