Hardware Sizing & Throughput Considerations
-
All,
I need some clarity on Hardware Sizing & Throughput Considerations mentioned in this link ..http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49
When it's said "10-20 Mbps - No less than 266 MHz CPU"
- does the 10-20Mbps mean 10-20Mbps Mbps of throughput from WAN to LAN and LAN to WAN only? OR
- does it also mean internal LAN throughput between LAN machines and network devices?
I see a lot of Atom processor based pfsense hardware. How does that affect data transfer speeds within the LAN?
The reason I ask this is coz I have an Intel i3/4GB based mini-itx system and 30/4 cable internet. Extremely heavy internal network activity with 4 VLANs and internet traffic is maxed pretty much the entire time with online movies, online backups, etc. with about 30 users at any given time. The only time I see the processor going up to 10% is when there is internet data coming in through WAN or data going out to the internet. Internal gigabit network is practically maxed all the time but the internal activity doesn't show up on the traffic graph dash. Also the processor isin't hard at work ever.
Also, I am running resource intensive Snort, HAVP, Squid, SquidGuard & LightSquid across all VLANs. Memory consumption goes higher every day due to a lot of internet activity and Snort/Squid being at work that.
Is my i3 based hardware a bit too powerful? My earlier thoughts about throughput were that I needed better processor to sustain internal gigabit network rather than the 30/4 WAN bandwidth.
-
Throughput means (as the name say) traffic going through the device.
–> Your option 1)
Traffic on your LAN between your LAN devices never goes over the router since the clients can reach each other directly.
Yes your i3 might be a bit overpowered.
However since you're running a lot of packages it might be better in the long run.
With all these packages active just make sure you have enough RAM.
I'd say 4GB is the lower limit. -
Darn !! waste of $$$ there. $400 to the precise. To top it all, I sold off the i3 to friend (well made money there) and got more powerful i5-2500 Sandy Bridge.
Now, I am thinking is it worth to keep an i5 as a pfsense router? Any suggestions?
My current config…
Intel
Core
i5-2500K Processor (6M Cache, 3.30 GHz)
4GB RAM
Gigabyte GA-H67N-USB3-B3 (mini-ITX)
Intel gigabit (dual port)
Thermaltake Power Supply Mini Case Mini ITX 200 VL52021N2U -
Well i wouldn't call it a waste, but more an investment ;)
If you ever want a VPN you'll like the i3/5 since this is pretty CPU intensive load.
-
With that hardware you could have somewhere near 30/4 all vpn trafic with snort+squid on top of it
-
With that hardware you're probably set for the next 10 years! ::)
When your cable company offers you a 10G connection you may have to upgrade. :DI would expect VLAN traffic to show up the appropriate traffic graph. It seems odd that it wouldn't.
If you have WAN and then several VLANs to separate your internal network you should be able to see traffic from one VLAN to another one going through your pfSense box. This is often a problem if you need maximum throughput since all the VLANs are connected through one NIC with a limited bandwidth.
The fact that your not seeing any traffic might imply that the VLANs aren't setup correctly and can communicate directly.Steve
-
Maybe i can make it a good hacintosh.
Steve,
The only traffic I see on the dash is WAN to VLAN and VLAN to WAN. Is there any documentation on VLAN? -
Vlan in general is well documented just use search engines
Vlan in pfsense? what you want to know it?
pfsense wiki -
I started a new thread for VLAN here..
http://forum.pfsense.org/index.php/topic,39833.0.html
-
The only traffic I see on the dash is WAN to VLAN and VLAN to WAN. Is there any documentation on VLAN?
Are you expecting to see VLAN to VLAN traffic show up on pfSense? In many cases VLAN to VLAN traffic is handled entirely within the switch and doesn't get to the router.
-
Yes, that is what I am suspecting.
-
Can anyone recommend a good Atom based passively cooled motherboard with the fastest Atom dual core processor. Dual gigabit with 8GB RAM support preferred but not a critical requirement.
-
Are you expecting to see VLAN to VLAN traffic show up on pfSense? In many cases VLAN to VLAN traffic is handled entirely within the switch and doesn't get to the router.
I'm not actually running any VLANs at the moment so I can't check but if the VLANs are assigned as different interfaces in pfSense then I would expect any traffic between them to have to go through pfSense?
If traffic is bypassing pfSense and being routed by the switch then that's a big security hole! No?Steve
-
That's what i thought first as well.
However i think he means with VLAN to VLAN traffic actually traffic within a single VLAN.
At least it's formulated like this in the other thread.
http://forum.pfsense.org/index.php/topic,39833.0.html -
Ah! I see.
Steve
-
Yes, I took the question as VLAN traffic to same VLAN.
-
Can anyone recommend a good Atom based passively cooled motherboard with the fastest Atom dual core processor. Dual gigabit with 8GB RAM support preferred but not a critical requirement.
Not sure if such a thing even exists.
The closest thing i currently see is this: http://www.fit-pc.com/web/fit-pc2/fit-pc2i-specifications/
(only 1 core and quite expensive at that….)
I have one to play around and get about 600Mbit throughput.
Or in the future: http://www.fit-pc.com/fit-pc3/ (not yet out). -
Yep, I don't think you'll find an Atom chipset that supports 8GB.
Steve
-
The i3's support 8GB and you can get them down to near Atom power levels. The hard part is finding the power supply in my experience.
http://www.tomshardware.com/reviews/d510mo-intel-atom,2616-11.html
My i3 with an ATX board and 3 PCI NICs idles at 40W, but that's with a 430W PSU.
-
The graphs at that link are quite revealing. Those desktop Atoms have no powersaving features. Look at the D510, 28W at 0 load, 33W at 100% load. :o The Netbook atoms are much better <10W at idle.
Steve
