General performance feedback on the sys. reqs



  • I've been playing around with pfsense for a couple months now along with a couple of co-workers as replacement solutions to replace our old linksys wrt's which would choke and die ;D The setups we have been using have been varied quite a bit ranging from a P3 1ghz down to a 166mhz equivalent ranging from 64megs of ram to a gig and 64meg compact flash to 80gig seagate 7200.8's. All the connections have been support cable internet connection which typically get over a gig/day in throughput with at least 50 connections open all the time…..next week we'll be running pfsense to hold up a class-b routable network to the outside while the rest of the lan network is being subnetted....tons of fun.

    To run it at your home....
    CPU: 166mhz does run the system but if you use it daily with a fair amount of traffic it I wouldn't use anything less than 233mhz if you add wireless or any of the extra services 400mhz+ else you will run into stability problems with the box keeling over every-other day.
    Ram: 128meg should be fine for most homes, for heavy users/fps gamers 192megs or more. 256meg or more if you are holding up 5+ machines, 512meg if your holding up 30+ machines...scale as you go beyond that...every setup is different.(extra options enabled takes more ram/cpu)
    Disk: If your running the embedded use compact flash: cheap, easy to backup, good on the electric bill. For the regular install anything made in the last 4yrs would be plenty.
    Nic: pick your speed but make sure it's running at full-duplex

    Extras.....
    Qos: regardless of how much use this gets up the cpu/memory a notch
    Wireless: Personally I had to go from a 233mhz to 350mhz to be able to get this to run stable, upgraded to 450mhz and can do wep/carp/ect and manage without problems.

    Granted the above are just some thoughts of mine.



  • Thanks for the tips Z ;).



  • :o
    These requirements are quite a jump from what I was used with LRP/Bering. Bering router scaled nicely up to 2 people running 3 or 4 different p2p clients on 2 segments. And this was on a P100/24 machine.

    I will try to upgrade to PII266/64 with pfSense, but judging by the above requirements, it will not run. I might swhitch back to LRP/Bering, as the speed/ram boost would probbably solve the NAT overload problem I was getting.

    I still love pfSense's powerful features and will be using it when a better machine hits my junkyard.



  • Sorry, but pfSense was not made for the junkyard  ;D , and as you mentioned it has a lot of features. You can still strip it down to meet rather low requirements like embedded platforms. Some developers run it even on soekris 4501 (133MHz CPU, 64 MB RAM) without issues. It mainly depends on the load you put on the system and which features you use.



  • I expect any machine would kneel down given an overload. I have heard of ciscos knealing down before a humble donkey  ;D
    I hope my expectations (NAT/PAT with many connections from outside) will be served by PII266/64. If not, I might consider some other HW. There is tons of it lying arround for free. I am just too lazy (and busy) to sniff arround other ppls junkyards :)

    But it goes against my philosophy to spend good money on something I can have in exchange for a few brain wave cycles… I think we all are like that... Providing we have a brain  :D ;)



  • @OutThere:

    I will try to upgrade to PII266/64 with pfSense, but judging by the above requirements, it will not run.

    With quality NIC's (read Intel, not anything like Realtek), a PII 266 should be able to push at least 20-25 Mb even with heavy P2P load.  The hardware upgrade the original poster in this thread stated was necessary almost certainly wasn't due to a lack of resources.

    On slower boxes, the webGUI used to be pretty sluggish, but some changes in the upcoming beta 2 have drastically reduced page load times so that's much less of an issue (down from 10-20 seconds on a 133 MHz for many pages, to around 3 seconds now).

    FreeBSD 6.0 performs about equal to Linux 2.4 kernel under most circumstances with most hardware, for firewalling purposes.  It's quite a bit faster than Linux 2.6 kernel.  FreeBSD 4.x, what m0n0wall is still based on, is still roughly twice as fast as FreeBSD 6 though.  This all is only true for single processor systems though, changes in recent FreeBSD and Linux systems make SMP systems perform much better than their older versions.  With multiple core processors and multiple CPU systems becoming the standard, this is the direction these OS's needed to go.



  • I know BSD is superior in networking, but the drastic differences innetworking IO you are qoting must be a bit of an urban myth… If BSD4 is double the speed of BSD6 and BSD6 is faster than Lin 2.6, that must make Linux a dead slug. I still get the speeds of about 8Mb/s using scp on lin/lin transfer and that is using cheapest lowend realtek hardware on 1GHz machinery... No special tuning whatsoever...

    I will surely test all this live and I am looking forward to pfSense. It looks dashing.



  • @OutThere:

    I know BSD is superior in networking, but the drastic differences innetworking IO you are qoting must be a bit of an urban myth… If BSD4 is double the speed of BSD6 and BSD6 is faster than Lin 2.6, that must make Linux a dead slug.

    You really shouldn't question those who have done more firewall performance testing than you've ever even thought about.  :D

    In firewalling, Linux 2.6 is an absolute dead slug in comparison.  Granted the only test numbers I've seen, and only tests I've done, are on embedded platforms (Soekris/WRAP).  There's a big difference between firewalling and general networking.  When packets have to be firewalled and NAT'ed, generally they have to be processed by the kernel several times.  Changes in newer kernels that improve speed for other operations really cause a hit on these things.  It's absolutely not a myth.  The numbers are, roughly, for a Soekris 4801 or WRAP (266 MHz), about 15 Mb through Linux 2.6, 20-25 Mb through FreeBSD 6.0 or Linux 2.4, and 40-45 Mb through FreeBSD 4.x.  FreeBSD 5.3 would do about 20 Mb until you loaded it up with a high pps load, at which point it would crawl down to around 10 Mb or less.

    On my 4501 (133 MHz), I couldn't get more than 3.5-4 Mb through 5.3 under a higher pps load, where 4.x can do 17 Mb, and 6.0 about 10 Mb. 
    some proof in graphs for this particular testing:  http://chrisbuechler.com/4vs5/

    Do the tests yourself and you'll see.

    FreeBSD 4.x has probably the fastest general purpose full featured TCP/IP stack ever written.

    8 Mb through a 1 GHz is absolutely nothing.  Your first bottleneck on a firewall is generally the CPU.  1 GHz is enough CPU that firewall throughput isn't an issue with any OS until you get way over 8 Mb.  You can't see any difference between any of them until you're using slower hardware and higher loads.



  • Shish. I have a dead slug infestation arround here  :o
    Time to BSD I guess. At least servers and relay machines…



  • @cmb:

    8 Mb through a 1 GHz is absolutely nothing.  Your first bottleneck on a firewall is generally the CPU.  1 GHz is enough CPU that firewall throughput isn't an issue with any OS until you get way over 8 Mb.  You can't see any difference between any of them until you're using slower hardware and higher loads.

    Heck even the commercial nokia firewalls are P3 933mhz w/256megs ram(IP380), upgrading it to 1gig of ram and it has no problem holding up a college campus with voip, vpn (clients connecting) site-to-site vpn tunnels, ect.



  • @OutThere:

    Shish. I have a dead slug infestation arround here  :o
    Time to BSD I guess. At least servers and relay machines…

    Servers are a different situation than firewalls.  Certain applications and uses are probably faster on Linux, others faster on BSD.  I doubt if you're running any 200 MHz servers (or anything sub-1 GHz for that matter) that need to pump out 100 Mb on the network, so the difference in networking performance between OS's is of little concern.

    For most situations, with servers, what it comes down to is use what you're comfortable with.  A good Linux admin will run the most reliable and secure servers when using Linux.  A good BSD admin with BSD.  A good Windows admin with Windows.  An incompetent sysadmin will run insecure and unreliable servers no matter what's running on them.

    The whole "X is more secure and reliable than Y" argument is quite a bit of BS when it comes down to it.  The security and reliability of any server is 99% in correlation with the competency of its administrator.



  • @cmb:

    An incompetent sysadmin will run insecure and unreliable servers no matter what's running on them.

    The whole "X is more secure and reliable than Y" argument is quite a bit of BS when it comes down to it.  The security and reliability of any server is 99% in correlation with the competency of its administrator.

    ROTFL.

    It is very true though.

    I would say as long as the system is stable when you are running it, good performance for you, and lastly supports the functionality you require then it is ok. If multiple OS's offer this then whatever your personal preference is.



  • Very true.
    I have obviously mistakenly assumed networking == routing.
    :)


Locked