Is there a list of differences between amd-64 and i386 to be found somewhere?

  • Here's the deal: I'm going to deploy soon a pfSense box at a colocation site on the other side of the country. Needless to say, personal visits for system maintenance are pretty much out of the question, and anything else would require a rather expensive overnight priority round trip shipping, meaning likely about a week-ish-long outage.

    So, in that sense, I want the box that goes there to be as future proof as possible. Remote upgrading within one strain of pfSense hopefully will work going forward from the current 2.0 beta throughout the 2.x cycle, and maybe even beyond. Cross-grading from i386 to amd64 is likely not going to work.

    Since amd64 tends to have a performance edge in many cases, provided sufficient RAM is present, and since the future is going 64-bit anyway, it would seem to be the wise choice to deploy a 64-bit version of the system in a distant location.

    However, last time I played with this (about a year ago), 64-bit pfSense had a variety of flaws, many packages wouldn't work, etc.

    So, in order to make this and similar decisions: is there somewhere an overview as to what does/doesn't work when comparing i386 with amd64 versions of pfSense? Also, what are the recommended minimal/optimal hardware configurations for the various versions?

    I'm planning to install this on a Lanner FW-7535 which has a dual-core amd64 capable Atom 510 CPU. The unit will either be equipped with 2 or 4GB RAM and an 8GB UDMA CF card as boot device.


  • I'm running 64-bit on a D510 and 4GB. No issues that I didn't see in the embedded version I was running before on different hardware.

  • Good to know. So you're running the embedded version of the amd64 build?

    Of course, that relates to the package status question I asked a few days ago: there is no differentiation between i386 and amd64 packages, and so part of the "issues" I'm interested in is if there are any important packages that won't install on the amd64 version.
    Most of the things I'll run on the local end of the link I'm setting up, and there I can change at will between the 32-bit and 64-bit versions. But in particular anything relating to tunneling and remote monitoring of a pfSense box is somewhat critical for my application, so these are the things and packages that need to work for me.


  • I'm running the full amd64 install. I ran the embedded (i386) version up until a couple weeks ago, and both run well. There is no apparent difference in functionality, aside from the 3GB RAM limit in the latter.

    I can't speak to package availability. The list of available packages for amd64 is long, but I don't know which might be missing, or which don't run well. I use squid and RRD Summary. I have problems with both, but those problems existed before I switched platforms, so again I can't say I have experienced any lack specific to the amd64 build.

  • i have one nanobsd 64bit running fine, squid, squidguard, lightsquid, OVPN-Export and cron-package are running fine.
    Only glitch with squidguard at the moment is that shallalist (or other list) has to be installed after package-update manually. But this has to be done in the 386 too. This is known and the maintainer is working here, so maybe this will be repaired soon. Thios doesn?t affect the functionality, remote access and surfing is not affected so far (except the filtering).
    Other packages havn't been tested by me.

  • would like to know if there's any benefit running 64bit if im going to make pfsense a very simple multi wan router.

    no squid, no nothing. just nat, multiwan, and thats it.

  • I run a 64bit pfSense on a Dell R410 with 16GB of ram mainly to do high performance packet inspection and handle a lot of states.
    The main pro is that it handles more then 3GB correctly. The only problem i had was that the link to the mysql package for snort was incorrect. But a workaround is available.
    For multiwan i don't think it will do anything special, except if you have more then 3GB of ram.


  • Rebel Alliance Developer Netgate

    The only difference as far as pfSense is concerned is that the amd64 version doesn't have grub. All of the same pfSense features, packages, code, etc, should work the same. The amd64 version can also use the Varnish package which is not found on i386.

    The underlying OS architecture is different in the way any i386/amd64 OS is different. Larger memory space available, etc, etc, as others have mentioned. Generally it's better to run 64-bit if your hardware is capable of it.

    There were some problems with packages on amd64 quite some time ago, though the situation is much different lately. It should be as stable as the i386 version these days.

  • I don't want to clutter this topic up, but I do have a question:  Would there be any performance or other gains (power consumption better/worse) using the 64-bit platform over the 32-bit, even when the system doesn't have over 3GB of RAM?  My set-up probably will never really max out the CPU or RAM on the machine I have (t5500 CPU and 2GB RAM on an MS-6417), as I'm running pfSense at home, but I had to ask.  If 64-bit instructions on this CPU might complete faster and therefore use a little less power, then I think I'll switch to 64-bit.

  • Rebel Alliance Developer Netgate

    That is something that is hard to predict; You'd just have to hook up something like a Kill-a-Watt and try it for yourself on your specific hardware.

  • @jimp:

    That is something that is hard to predict; You'd just have to hook up something like a Kill-a-Watt and try it for yourself on your specific hardware.

    Well, that would definitely answer that question about power usage, was curious about the other things too though.  Like if there are any performance increases even when not using large amounts of RAM.  For instance, would bootup time be faster/slower?  Would squid work faster?  Stuff like that :D

  • amd64 has more registers than i386, so if the compiler is efficient, that alone brings a performance gain.
    There is of course usually also a small performance penalty, because more data is transferred to and from the CPU (64-bit ints and addresses rather than 32-bit ints and addresses), so very simple algorithms that need a lot of data may be slower due to that.
    On the other hand, there are e.g. 64-bit optimized crypto algorithms that are leaps and bounds faster, because they can work on bigger chunks of data.

    These are all generalized statements, I have no idea as to how pfSense in particular is affected by this.
    However, I want to keep things as future-proof as possible, such that if in a few years I should have to upgrade to faster hardware, it might be as simple as sticking the disk into a new computer and turning on the power switch. Eventually, 32-bit machines and 32-bit operating systems will go the way of the Dodo.

Log in to reply