Faster Hardware, Better response time?

  • Hello,

    Will having better hardware provide a faster firewall response time? I understand pfsense will perform fine on a small single core server with 512MB of RAM.

    My question is about response time. Will having better hardware result in faster response time with pfSense? I know we are talking microseconds, but aren't we all aim for ultimate performance?

    Thanks in advance for your help.

  • Netgate Administrator

    Yes.  ;)

    But will it improve your user experience? Maybe.
    If you consider delay introduced by the firewall for, for instance, loading a web page it going to be a very small percentage of the total time.


  • If your current hardware has a high CPU load, then upgrade will increase firewall throwput.

  • Many many years ago, I used a Cisco 2621 as a firewall (RISC 50Mhz CPU) and "upgraded" to a lowly Sonicwall SOHO2 with a 133Mhz CPU.  Granted there are architecture & OS differences, but the Sonicwall was noticeably snappier.  Neither taxed my 4Mb Internet connection from a total throughput standpoint, but the Sonicwall brought up web pages faster.  I couldn't point my finger at any one particular aspect in the chain (DNS lookup, NAT, ACK responses, etc).

    So yes, CPU does matter, although after a certain point, it probably doesn't make a difference.  When comparing a 33Mhz device to a 200Mhz though, it'll be noticeable.

    How fast you get the packets "on the wire" also makes a difference, which is why we all harp on getting Intel NIC's in this forum.  They simply do it faster and more reliably than others.

  • As long as you have adequately sized hardware for your connection speed, the difference in end to end latency between say a 500 MHz ALIX and a quad core Xeon server is trivial. The majority of the Internet will be 30-80 ms from you or more depending on your physical location, microsecond differences don't have any noticeable impact.

Log in to reply