General hardware questions
what is the most important hardware-feature to run PFSense at high performance? What do I have to look for?
- Fast CPU?
- Much CPU L1/L2 Cache?
- Much RAM?
- Has anyone good experience with VIA CPUs? Do they work reliable with PFSense?
- Does PFSense support multi CPU / multi core CPU ?
Thanks in advance
All packets have to be processed by the CPU so yes, you need a good cpu for high throughput. If you need VPN-encryption that can take a fair amount of CPU cycles too. RAM depends on how many states you need top handle and whjat additional packages you want to run. VIA CPUs work fine for me, However I only used the 1 GHz C3s yet with 100 mbit/s nics. Multi-CPU support is enabled in pfSense. One thing that you didn't mention is PCI-Bus and Nictypes. You should have a fast PCI Bus like PCI-X or PCIe with some good NICs like Intel if you really want to push load. These nics also don't stress the CPU too much when passing packets.
i hv an acer tm528te laptop lying around doing nothing.
but the thing is, it has only 1 internal LAN port. i booted up the livecd n the LAN can be detected as fxp0
however, can i just go out n get some USB>LAN connecters so that I can simulate multiplan LAN on my laptop?
Also depends on what kind of work your pfSense is going to do… plain packet filtering , then you dont need much CPU (Via is good) , or much RAM (128 MB will be fine).
If you running Snort then you need at least 1GB Ram and then the best cpu you can afford.
How much traffic you got, and what kind (lots of P2P, ie lots of connections? or simple browsing ). Big difference between 256K and 20MB links ;)
i m planning to do plain routing, packet filtering, traffic shapping, dual wan on the box. currently only hv p3 800 and 256mb of ram on board. not going to do fancy things for the mean time as it;s just experimental. would like to confirm if it would run off those USB>LAN connectors as if it wouldn't, i will hv to get a proper pc instead of testing it with laptop.
USB nics don't perform very well on freebsd. If you plan to put some load on the box don't use USB nics.
ic, i need those usb nic for testing only.
need to prove to department head that this setup really works b4 requesting for a new desktop set.
hi, i manage to get my hands on some usb nic.
n freebsd bootup does detect the nic.
however, the assign interfaces process doesnt seem to pick up "Link-up"
now, how should i go about assigning the usb nic to b either wan/lan?
the link-up detection has no problem, but the usb interface keep on showing
interface sis0 does not exist.
The usb-nics won't show up as type sis. Are you sure they are detected? Can you post your interface list that the assign menu offers?
ur rite, it wont appear.
it only appear as ugen0, which is not a part of the detected nic.
however, the onboard intel port is detected as fxp0. but i m getting sis0/sis1 doesnt exist problem. is this a known issue?
as a workaround, can pcmcia card b detected within the assign menu?
i need a working demo unit badly as superior wouldnt allocate fund as they had bad experience with windows based routing/proxy which happened before i joined the company. in case the demo unit is working as it should only they will proceed with the move
pfSense needs at least 2 nics to run. in case you can't assign 2 it will stay at the preconfigured sis0/1 (which is preconfigured for soekris/wrap devices to work out of the box with no need to assign interfaces). This is not a bug. It's just because you can't assign 2 interfaces at your setup atm.
yes yes, understand…
thanks for ur personal reply regarding this matter.
just to confirm again, is pcmcia supported?
wouldnt want to bug my boss to get it in case it's not possible with this setup. would b great if my team can just get the laptop up for demo/trail. currently there isn't any desktop lying in the office. if we were to go on with the kit, it would mean getting a new pc, which would badly affect my stand in the team if it doesnt work.
i m not a pro in networking, just a beginner. anyway, we r supporting software for clients. but not hardware n due to expansion, the wan access of our lan has gone haywire, with all sorts of funny usage which eat up bandwidth. it would b great if we could just setup pfsense n pin point which user is responsible.
i hv finally get a trail unit up n running with 1.0.1, with an onboard 10/100 n a xircom pcmcia lan card.
the configuration is a travelmate 528te laptop with p3 800, 256mb ram n 20gb hdd.
i m trying to get the latest snapshot into it as i read that the rrd graph is better.
however, i still hv 1 issue is one of the cards doesnt support altq or something, which makes traffic shapping not possible.
onboard intel detected as: fxp0
xircom lan detected as: xe0
both at assign interface level.
must be the xe driver as I know the fxp does support it. AltQ-support has to be build into the driver. not much that we can do about it. Besides trafficshaping everything will work though.
ur rite, everything seems to work.
then i guess i m out of luck with traffic shapping. anyway, if this trail machine does improve throughput while maintaining stable connection n speed, then i would request for a proper desktop system with realtek nics.
currently i will hv firewall on to do simple filtering n traffic monitoring.
Trafficshaping will improve things a lot when you hit high load conditions. So if you encounter problems with this and want to have a proof that trafficshaping will help you need another nic.
i thought it's possible to cut down traffic with strict firewall rules, or i should say, i disabled the default pass all rules n just add all the available sample destination port(within the drop down box) to the allow rules. on top of that i hv yahoo messenger n msn messenger port added into the firewall rules.
will hv to find a time to make the switch n generate traffic to see how things go.
end of the day i will need traffic shaping n loadbalancing to do round-robin/fail over for 2 dsl lines that we hv currently. i read trafficshaping can only work for 1 interface, so i might tie the shaping to the main line.
That is right. currently you only can shape betwwen 2 interfaces (like LAN and WAN). Restricting unwanted traffic can help a lot of course too.
just to confirm, is realtek certified for shaping? or i will hv to get intel nics?
Intel is the way to go i think
rl == realtek though they might hit your cpu hard. If you really go for new equipement I recommend intel nics as well.
hi thanks for the help.
as of now, still trying to get everything basic up and will b going for a test run soon.
the biggest problem with the users now is torrents n worms/trojans lurking around the network.