Faster Hardware, Better response time?
-
Hello,
Will having better hardware provide a faster firewall response time? I understand pfsense will perform fine on a small single core server with 512MB of RAM.
My question is about response time. Will having better hardware result in faster response time with pfSense? I know we are talking microseconds, but aren't we all aim for ultimate performance?
Thanks in advance for your help.
-
Yes. ;)
But will it improve your user experience? Maybe.
If you consider delay introduced by the firewall for, for instance, loading a web page it going to be a very small percentage of the total time.Steve
-
If your current hardware has a high CPU load, then upgrade will increase firewall throwput.
-
Many many years ago, I used a Cisco 2621 as a firewall (RISC 50Mhz CPU) and "upgraded" to a lowly Sonicwall SOHO2 with a 133Mhz CPU. Granted there are architecture & OS differences, but the Sonicwall was noticeably snappier. Neither taxed my 4Mb Internet connection from a total throughput standpoint, but the Sonicwall brought up web pages faster. I couldn't point my finger at any one particular aspect in the chain (DNS lookup, NAT, ACK responses, etc).
So yes, CPU does matter, although after a certain point, it probably doesn't make a difference. When comparing a 33Mhz device to a 200Mhz though, it'll be noticeable.
How fast you get the packets "on the wire" also makes a difference, which is why we all harp on getting Intel NIC's in this forum. They simply do it faster and more reliably than others.
-
As long as you have adequately sized hardware for your connection speed, the difference in end to end latency between say a 500 MHz ALIX and a quad core Xeon server is trivial. The majority of the Internet will be 30-80 ms from you or more depending on your physical location, microsecond differences don't have any noticeable impact.
