HP DL740 pfsense suitable?



  • Hello guys, for the past year and a half I've been using two ex-watchguard x000s as my pfsense platform.

    Now I am looking for a bit of advice about hardware.

    My ftth fiber connection is due to be upgraded to 200/200 in august and the fireboxes won't be able to keep up.
    I have been looking for a suitable replacement for a while now and came across an oldish DL740 with 8x 3.0 ghz Xeons (4mb l3) and two pci-x gigabit cards.

    This seems oversized, but it would allow me to run pfsense along with for instance askozia and/or other vms in vsphere, as well as being able to firewall at line speeds until the connection speed reaches gigabit speeds (which wont happen for a while, in all likelihood) .

    On the other hand, perhaps I am getting carried away with all of this.

    What would you recommend and is the scenario I am envisioning rational?

    Thanks for any and all takes on this!


  • Netgate Administrator

    8x 3GHz Xeons!  :o
    Perhaps slightly over powered.  :P
    However if you're going to be using the processing power for something else then it could make sense.
    How much will that cost to run? How much heat will it throw out?

    You could try one of the faster fireboxes.
    I was getting approximately 400Mbps total input-output at 58% cpu load on an x750e after I replaced the cpu for a pentium-m 1.5GHz (very cheap).

    Steve



  • @stephenw10:

    8x 3GHz Xeons!  :o
    Perhaps slightly over powered.  :P
    However if you're going to be using the processing power for something else then it could make sense.
    How much will that cost to run? How much heat will it throw out?

    You could try one of the faster fireboxes.
    I was getting approximately 400Mbps total input-output at 58% cpu load on an x750e after I replaced the cpu for a pentium-m 1.5GHz (very cheap).

    Steve

    Steve, thanks for your reply.

    You are right, it is overpowered by a large margin.
    I would see myself using it to host sites in development, a pbx, pfsense with snort, 2x openvpn tunnels at 30 mbit each and freenas.
    All of those would be running on top of vsphere in separate vm's.

    Right now, I have four separate machines doing (pretty much) the same things but physical.
    That's two fireboxes (x700/x500), an oldish acer with a 2.0 core duo, and a positively ancient p4 3.0 ghz.
    None of those machines have the ports or expansion ports to move data at more than 100mbit.

    The DL740 has Dual (Redundant) 910 Watt Hot Plug Power Supplies, running at 910W when at maximum load.
    Maximum load is probably not something that the server will see often, if ever.
    I have no idea about the efficiency, but I'm betting that it won't be cheap.
    If you are interested, here is the complete datasheet.

    The machine would cost me around €300 including shipping, which is hard to beat (I think).

    As you suggested, the fireboxes remain a good option.
    Unfortunately, they are somewhat hard to come by in the Netherlands and US or UK to NL shipping prices are not cheap.

    There is an alternative, to only replace the fireboxes with lower powered hardware and keep the rest as-is.
    That would be the 1U DL140G1 with 2x 3.1 ghz xeon and dual Broadcom 5721.
    The price for this machine is the same as for the DL740 (crazy, I know).

    In short, you recommend an x750e.
    What do you think of my alternative and the pricing on each?


  • Netgate Administrator

    I only really mention the x750e because that's what I have experience with. It would never be able to handle everything you have mentioned. It maxed out at about 50Mbps OpenVPN traffic with the upgraded CPU.
    €300 sounds like a good price for such a powerful machine, although I'm no expert. I just wanted to point out that the annual running costs are likely to be significant if it's an 'always on' machine.

    Steve



  • @stephenw10:

    I only really mention the x750e because that's what I have experience with. It would never be able to handle everything you have mentioned. It maxed out at about 50Mbps OpenVPN traffic with the upgraded CPU.
    €300 sounds like a good price for such a powerful machine, although I'm no expert. I just wanted to point out that the annual running costs are likely to be significant if it's an 'always on' machine.

    Steve

    Thanks Steve, you are absolutely right about the annual costs.
    I'll try and figure out what the machine will cost me yearly and if that's worth it for the things I would use it for.

    Perhaps the sellers can give me an efficiency or load/usage overview.


Locked