PfSense performance for hard drive install versus USB flash key



  • Hello,

    For basic packet filtering, is there a performance differences between running pfSense on a hard drive versus on a USB key?

    How about if I want to run other services like DNS, snort for IPS, or squid for URL filtering, will the performance matter whether I install it on a hard drive instead of USB key?

    Thank you in advance for help?



  • Any one could help? I thought this is something should come straight out of pfSense's manual or some sort of documentation. Thanks.


  • Netgate Administrator

    Well the transfer speed from a USB flash drive is likely to be far slower than a hard drive. Of course there are very hard drives and very fast flash drives but unless you went out of your way you're unlikely to have one.
    This means that anything accessing the hard drive will be slower. pfSense, once it has booted, runs mainly from RAM especially if you're running the embedded version so that basic firewalling will be less affected.
    If you are running Squid with web caching it will be much slower using a flash drive. It's also likely to ware out the flash drive in short order due to the limited write cycles of flash media.

    I should point out that almost all my pfSense experience is with embedded installs, I've only ever installed to HD for testing.

    Steve



  • @impire:

    For basic packet filtering, is there a performance differences between running pfSense on a hard drive versus on a USB key?

    Not at all. A hard drive is generally faster, but the only difference that will make is it'll boot faster (by a couple seconds maybe). For this purpose, drive performance has 0 relevance once booted.

    @impire:

    How about if I want to run other services like DNS, snort for IPS, or squid for URL filtering, will the performance matter whether I install it on a hard drive instead of USB key?

    None of those will matter either for runtime purposes. Squid with caching isn't reasonable to run from flash because of its write lifetime limits.



  • Thank you so very much! Sincerely appreciate it.



  • In my home I run pfSense from an SD card, it is slow as dirt, writing seems to be under 1MB/sec and reading around 15MB/sec.

    But everything runs fine including SNORT (note: management i.e. starting, stopping, updating rules seems to take approx 1-2 minutes). If you want to use Squid you should use it with no cache.

    My only complaint is the webui locking up when something takes place. E.g. start snort from webui and I can't view DHCP leases until snort is done starting, but reboot system and I can use the webui when snort is starting up.


Log in to reply