Recommendation for Bell XGS-PON 3/3G Firewall with PPPoE bypass
-
I have been using pfSense official hardware for a while. I am looking at moving from Cable over to Bell Fibre using PPPoE passthrough on a GigaHub 5689E. I haven't touched PPP in a very long time - its nuts that there is an ATM DSL still hiding in a PON. But given its there I need a CPU beefy enough to run the firewall & PPPoE.
Its been suggested that freeBSD has single threading issues with PPPoE, but others point me to the PPPoE with Multi-Queue NICs section of the documentation, which is rather hand-wavy.
Thus, I am looking for a recommendation on NetGate hardware that can provide
- 10GBaseT uplink
- deliver 3/3G using PPPoE bypass
- specific tuning settings needed to deliver the speed
-
Hmm, not sure I've ever tested a 3Gbps PPPoE. You're going to need pretty significant single thread performance though. As a reference I tested the C3558 that was used in the 5100/7100 and it's capable of 1Gbps PPPoE.
The 4200 actually has better single thread performance than the 8200 but doesn't have 10G NICs which will need for a 3G connection.
Let me see if I can get any numbers....
-
@stephenw10 From what I am piecing together on the forums, something like an i5-8600T is needed to provide enough single threaded processing power to run PPPoE under *BSD. The issue seems to be specific to *BSD implementations? I do see others reporting using Linux successfully at 3Gb/s but its all fairly hand-wavy at the moment.
I would prefer COTS, but I may have to roll my own server with 2x 10G.
Thanks for any suggestions.
-
Pulling together some numbers now. Yes it's a BSD specific limitation withe hashing the incoming connections to use multiple queues (RSS).
Yes something like that i5 should do it. I don't have one to test though. Unfortunately.
-
@Eric-Carroll I am using the router linked below with my Bell 3/3 fiber connection using PPPoE passthrough and I get the full 3gbps speed for download and upload.
https://teklager.se/en/products/routers/1u-rack-10gbit-router
-
Yeah the Xeon W-1290 is very fast compared to the C3558. But even so the single thread rating is only ~3.5X faster so it probably wouldn't do more than, say 5Gbps with the current PPPoE.
-
BTW, regarding the PPPoE single thread thing, I read somewhere on Reddit that it's related to the netgraph framework being slow and the developers are working on something to address this. Should I stop to read Reddit or it will come in a further release?
-
@mr_nets that was me.
Netgraph is over-locked and inherently single-threaded. No amount of multi-queue config can overcome same, and it shouldn’t take a Xeon to terminate a client-side PPPoE connection.
We’ve been on a mission to eliminate netgraph from pfsense. PPPoE is the last bit. So we’ve written a new pppoe module that doesn’t use netgraph.
It’s in the next release.
-
@jwt Awesome, thanks for the update !!