PfSense + FreeNAS > Sizing of the new hardware



  • Hi all,

    I am going to setup a server at home, which need to act as a router (German VDSL 50) and NAS server.

    The question here is, what hardware need to be used to avoid a bottle neck? I am looking for something like this:

    • form factor: Mini-ITX
    • energy saving
    • 4x SATA II
    • WLAN (WLAN n standard)
    • 2x gigabit LAN port (4 or 5 would be much better)

    Maybe you could help me to pick the correct board and processor for this job.

    Thanks a lot,
    Uwe



  • I'm not sure how you plan to run pfSense and FreeNAS together, as they are both tailored versions of FreeBSD, specifically to do one task each.

    Also, if you are planning on using pfSense as your barrier firewall, then it's a spectacularly bad decision to run a NAS server on the same box.

    Cheers.



  • @EddieA:

    Also, if you are planning on using pfSense as your barrier firewall, then it's a spectacularly bad decision to run a NAS server on the same box.

    This is true, unfortunately we have the likes of Linksys putting this into people's minds like it's a good idea.



  • Mhh … My intention was to use virtual machines on a Debian installation. But you are right with your concerns in respect of security. So you would definitely prefer two machines instead of the mentioned solution? Could you give me just a hint what kind of board and processor I might need to avoid building a bad performing router? The router need to be able to handle VDSL (don't know if that is well known outside of Germany)?

    Here are some specs about VDSL:

    http://en.wikipedia.org/wiki/Very_High_Speed_Digital_Subscriber_Line
    ~50 MBit/s data transfer rate

    Thanks a lot  :)
    Uwe



  • Without a budget, I'd say buy a mini-ITX board that can handle an Intel Core2Duo.  Or are you looking for the cheapest solution that will handle 50Mb just barely?  The requirements of your NAS might be higher than pfSense, so it's hard to say.



  • Hi valnar,

    I am looking for a simple and energy saving router which can handle the 50 mbit internet access. Some of the Alix boards do also look OK for me. What do you think?
    The only concern I have in mind is that they don't offer a gigabit LAN interface, so that my NAS and other network devices at home can communicate as fast as possible to each other. Is it correct to say that this isn't a problem when I just connect them to a simple gigabit switch (which is connected to the 10/100mbit port of the alix board)?

    I really would like to follow your advice to set up a separate machine for NAS later.

    Thanks,
    Uwe



  • Without a budget, it's still hard to give advice.  I'd say an ALIX board would push the limits of 50Mb if you intend to run anything else on it, like VPN.  An Atom based board would be safer.  There are a lot of Atoms out there.  Some are small, fanless and compact.   Some are in bigger cases to handle an extra PCI NIC.  Some can be in rackmount cases.  Do you want to build your own, or have it prebuilt?  Do you need a DMZ port?

    Yes, if you have a separate NAS and separate gigabit switch, then it won't matter if your firewall only has a 100Mb interface.  Mostly likely you don't want to direct internal traffic through a firewall anyway.  You would take a speed hit going through a software L3 interface vs a hardware L2 port.

    Edit:  Heh heh, I stand corrected.  Go for a little ALIX box.
    http://forum.pfsense.org/index.php/topic,24126.0.html



  • My budget for the new router? I would like to spend as much as necessary to get good performance. The only commercial router which is able to handle VDSL 50mbit in Germany costs above 250 EUR (330 USD!!!). I would be happy to pay not more than 150 Euro for a router build by my own.

    I don't want to buy something which is operating all the time at highest capacity. So some performance buffer is much appreciated. ;)

    As far as I understood from your link the little Alix (e.g. 2d3 = 3 LAN / 1 miniPCI / LX800 / 256 MB / 2 USB) should easily handle 50mbps. :) That's good news!

    All what I need additional is WLAN (miniPCI), one WAN port and finaly one LAN port for the gigabit switch. I don't need a DMZ port.



  • I'd suggest an external access point (and it's really your only good option if you want 802.11n), rather than a built-in card, especially if you go with an ALIX system.

    The thread linked to was actually mine.  I've got a 2D2 sitting here now (didn't need the 3rd NIC, I don't need to segregate my wireless systems to a separate network and I don't need a DMZ interface), waiting to go in once I get home from work.

    I picked it over an Atom box because I've used some Atom systems for firewalls at work and have since retired all of them from pfSense duty (some hardware failures on the Jetway boards, some removed from service because they weren't fast enough).  They're kind of slow for the clock speed and while the power consumption is certainly lower than a "normal" CPU it's still 4-5x what the ALIX will consume (20-30W, depending on board options rather than 4-5W).  If you're looking at something that will draw ~25W then you should be looking at a mobile Celeron rather than an Atom.



  • @jasonlitka:

    If you're looking at something that will draw ~25W then you should be looking at a mobile Celeron rather than an Atom.

    Such as?

    It's my understanding Atom's have a great speed-to-power-to-price ratio.  I have a mobile CPU in my firewall, but the board + CPU was expensive.



  • The new Atom chipsets used with the D410, N450 and D510 CPUs significantly reduce power consumption compared with the older chipsets. See http://www.anandtech.com/show/2889 and particularly the section on power: new generation Atom system uses about 25W when video decoding.



  • @valnar:

    @jasonlitka:

    If you're looking at something that will draw ~25W then you should be looking at a mobile Celeron rather than an Atom.

    Such as?

    It's my understanding Atom's have a great speed-to-power-to-price ratio.  I have a mobile CPU in my firewall, but the board + CPU was expensive.

    Yeah, the Atom itself isn't too bad, though they don't deal with multi-tasking all that well thanks to a relatively long 16-stage pipeline & in-order execution.  The problem is the chipsets used draw two to three times the power of the CPU.  The newer Pinetrail systems are a bit better but they are still not in the same league as an Alix when it comes to power consumption and are nowhere near as fast as a system powered by a modern Celeron-M or a specialty low-power desktop chip like the Athlon 64 2000+ that might draw 3-4W more overall but are twice as fast.  Where they shine is the price.


Log in to reply