What are my setup limitations?

  • I have a Dell P490 workstation that is rackmounted in a climate control environment. It has two Xeon X5060 CPUs and 4.0GB DDR2 (ECC) RAM. I have a hardware mirror setup with some crappy old 40GB HDD.

    At what point will I start to grow out of my hardware? I have plenty of extra interfaces so I'm not worried about VLANs, VPN or NICs. I'm running pretty ghetto networks on 5 identical boxes - VZN FiOS 150/65 with TWC 50/5 backup/dual-wan).

    At what point will I start to max out these machines? Can I go up to a 500meg pipe with 100meg LB/Failover on all decent gig hw and have no problems? Is this a #cores issue or a #threads (my CPUs have 2 cores, 4 threads each… 4 cores 8 threads per box @ 3.2ghz) issue or is it a brute force clock speed issue?

    I have 5 identical systems in place and i have a few contracts in the pipeline. I have 3 more exact same machines & NICs waiting... at what point will these start to get old and I should look for newer hardware? I have a very close relationship with a company that supplies me with these machines so if I can stick with same HW its easy and cheap.

    Thx a bunch for feedback. (I'm not worried about space or power, someday I'd like to squeeze down to a 1U half-depth and keep 6-10 interfaces but that may be a few years out.

  • To add to this, I see that Hyper Threadding is enabled (or a dual-core with HT shows Core 0-3 on the boot console and an 8-core shows cpu 0-15 on the boot console).

    Do I want HT turned off? (if so how?)

    And then, given this, if I get the NICs can I push 10G or will I be limited to 1G/Sub Gig speeds? In a DC environment can I load balance 5-9 100meg lines on different interfaces or am I always relagated to the weakest link?

  • According to the sizing guide you should be able to run a gig connection no problems on a box like that. http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49

    That said you should try to stress test the box with your current connection and simply see how it performs right now since you already have 200mbits of bandwidth at your disposal. Get a baseline for the amount of ram, CPU and number of states required to fill the connection.

    I think it's going to largely depend upon how many concurrent connections you have. CPU should generally scale well because of the parallelism of many connections. If you only have 10 - 20 users you'll have a hard time saturating a 200mbit pipe simply because there won't be enough data that needs to pass through the connection or the other end won't allow you to download that fast.

    Your packages will also make a big difference in what kind of bandwidth you'll get. If you're using VPN links or anything like that then CPU could become a factor. If you're using Snort you'll likely need more ram.

    You'll want hyperthreading on because it allows the processors to work more efficiently. As for 10G I'm not sure what NICs pfsense even supports.

    Hopefully someone else with a setup like that might chime in with some of the issues they've had, but I'm guessing a lot of people aren't using 100mbps + connections. If you get a good baseline for the amount of CPU, memory and number of states your current setup uses with the connection, that will give you a better idea of how the box will scale than anyone else could tell you.

  • Sortof bumping this from a while ago.

    wanted to revisit hyperthreadding - yes or no?

    I'm looking at a variety of options and I have found a decent lot of 15 motherboards that will accept single Xeon 5000 series processors. The Xeon 5060 is about $25 shipped on ebay and dual core with HT @ 3.2ghz. Its cheap & easy but should I look to pick up a bunch of E8400 CPUs instead if HT is better disabled?

    Thx for any feedback.

Log in to reply