Would you all critique my choice
-
Back Story, I am already running PFsense on an old gateway computer
Specs;
RAM: 2 GB Rambus
HDD: 80 GB IDE 7200rpm
CPU: Intel P4 3.02ghz
PSU: 400w enermax psu
Nic's: 2x Realtek (I know they are junk NOW ) 10/100/1000
Huge Server case (UGLY)According to research this system uses between 150 and 250w depending on load
Objective
Im looking to create a SFF Energy efficient PFsense firewall.
Proposed Specs;
Motherboard CPU Combo: http://www.newegg.com/Product/Product.aspx?Item=N82E16813186194
Ram: 1 Gb DDR2 800MHZ
HDD: http://www.newegg.com/Product/Product.aspx?Item=N82E16822148489 Overkill I know, but I cant find anything cheaper for this build
Case: http://www.newegg.com/Product/Product.aspx?Item=N82E16811108196 200w PSU
Nic's: Onboard for WAN (only a 15mb connection) , PCI = http://www.newegg.com/Product/Product.aspx?Item=N82E16833106122
Intel Nic for LAN .Supported Network;
1 8 port Giga Switch - 3 1gb desktops hooked up
1 DIR-655 wireless router.. 2 wired devices. PS3, Xbox 360, Wireless Devices… Printer , 3 laptops surfing web, nintendo wii , 3 wireless phone
What kind of in network throughput would I be looking at?
Also does this look like a good build for $200 ? -
You're looking at 250 to 480Mbps of NAT throughput on the D510 Atom depending on the number of firewall rules/ traffic shaper and how crappy the NICs get. Also, the packages you install and use. Stuff like SNORT, HAVP and Squidguard will evidently penalise the throughput but not so much as to affect your internet connection (15mbps).
Other services like IPSEC (VPN/ PPTP) will also reduce the throughput (more tremendously) due to the encryption. Again, you still get more than the 15mbps.In fact, if you're just looking at less than 60mbps of throughput between WAN and LAN, you can go for the Alix 2D2/ 2D3 which have an even smaller physical & carbon footprint. Even with VPN running, you should still get about 16 - 20mbps of throughput thanks to the cryptographic accelerator.
-
The NIC on that motherboard is almost certainly realtek, which means CPU usage goes up, max throughput goes down. You won't get 250mbps through that NIC, but it should keep up with your 15mbps internet.
The hdd is good enough. If you're not planning to run squid/snort/freeswitch/something else that wants to write to storage all the time, you may want to consider using compact flash with a SATA adpapter. Price will be similar but with less noise, heat and power consumption. Better life expectancy too if you run embedded.
The foxconn PSU is the weakest link here. Poor power kills components, and that thing won't be as efficient as the better alternatives.
So those are the weak points. On the bright side, your proposed build is a much better selection that what you're running now. If you don't think about it too hard you will be happy with it.
On the other hand, for $200 I would advocate for an Alix. If you just know you won't be happy with the slower CPU then stick with the Atom but throw an Intel PCI GBE NIC into it and throw the onboard on the WAN (or just vlan the Intel). If you're still looking to spend money then I would next recommend a DC-DC PSU from mini-box.com. Still feeling rich? SSD and more RAM. Now you have a neat little silent box that will push 200mbps forever (and you spent double what you first expected!)
-
@clarknova: I've a friend who maxed out his Atom 330 (slower than the 510) with a Realtek NIC at 300mbps (1 way, acks only in the other direction) in NAT mode. The 510 is faster and should be fine for more throughput.
That's besides the point here and I guess the Alix is right up his alley. -
@clarknova: I've a friend who maxed out his Atom 330 (slower than the 510) with a Realtek NIC at 300mbps
Colour me impressed. I've seen much worse figures with realtek NICs, but obviously some are better than others. I think 10/100 vs gigabit hardware makes a big difference (in CPU usage) with that brand too, from what I've read.
-
@clarknova: I've a friend who maxed out his Atom 330 (slower than the 510) with a Realtek NIC at 300mbps
Colour me impressed. I've seen much worse figures with realtek NICs, but obviously some are better than others. I think 10/100 vs gigabit hardware makes a big difference (in CPU usage) with that brand too, from what I've read.
hmm, now you mention it, I haven't had a single problem with my Atom boards and their gigabit Realteks in mini-server scenarios. That's a dramatic difference to Realtek 10/100's, as you say. Of course it's not just all about CPU%, errors are a problem too. Maybe it's time I risked one in something more critical…
-
Colour me impressed. I've seen much worse figures with realtek NICs, but obviously some are better than others. I think 10/100 vs gigabit hardware makes a big difference (in CPU usage) with that brand too, from what I've read.
Yep. Realtek PCIe GBe NIC (RTL8111). I'm not sure why anyone would choose the likes of the 8139 when Pro/100VE cards are available for the same price (sometimes even less if you find a bargain bin clearance unit) but there you have it.
TBH, I was suitably impressed too. I was expecting the throughput to hover at about 200Mbps or slightly less with that kind of setup.Edit: The last letter for the 8111, I've found, makes for quite a bit of difference. The 'B' and 'C' revisions are surprisingly quite decent as long as they don't crap out (I've had the unit on my D945GCLF2 die on me). The 'D' revision is just plain horrible.
Even in Windows 7, the first few revisions of drivers supporting the 8111D usually gives a BSOD in odd scenarios.
It doesn't crap out when I'm pushing large files at 100MByte/s over the network.
It doesn't crap out during normal surfing.
However, the moment I stop streaming a video file over the network from a file share, I'm greeted by a BSOD.