Updating the "Hardware Sizing Guidance"



  • Hi,

    Like many of the others, as a new user to pfsense when I first visited pfsense site for the router OS,
    I quickly moved to the page of "Hardware Sizing Guidance" in order to gather the information needed for how I should construct the router, i.e. with what hardware.

    However, the list is a bit out-of-date that it is not quite applicable to nowadays hardware.
    For example, the throughput part,
    the performance is linked to the CPU frequency, while this is obviously not the case with different micro-architectures and number of Cores being put together(SNB Celeron vs Cedar Trail Atom).
    Also thanks for Intel's new chips and the presence of PCI-E, a desktop level Gbps NIC allow data flies, i.e. Intel Pro1000CT is already a not bad choice for general purpose router with Gbps throughput.
    The old information may be struggling new users and turns out that they keep opening new threads consulting the necessary hardware for their performance desire.
    Somehow I thought pfsense would not be compatible with new hardware and I have to get a previous generation computer to run it, which was proved to be a total misunderstanding later on :P

    Maybe it is now suitable to extent the performance guide to Gbps,
    some solid example will be nice reference for new users' built,
    like D525 –> 550Mbps, D2700 --> 710Mbps, G530 --> 1000+Gbps and so on, maybe also the expected drop in performance for VPN tunneling.

    Thanks for your kind attention :D


  • Netgate Administrator

    I agree with this, the hardware sizing list is now out of date.

    More importantly it doesn't make it clear that it's out of date which could easily lead people to believe they need far more powerful hardware than is actually required.
    @nexusN:

    For example, the throughput part,
    the performance is linked to the CPU frequency, while this is obviously not the case with different micro-architectures and number of Cores being put together(SNB Celeron vs Cedar Trail Atom).

    This is interesting. Whilst it is true that advancing micro-architectures have rendered that list obsolete, modern cpus can do a lot more per cycle, the throughput is still linked to frequency. This is because of the poor parallel processing ability of the routing/firewall code as I understand it. It is therefore better to have two very fast cores than 6 slower cores to get the highest throughput. Though I think some code in FreeBSD 9 may improve this situation?

    Steve



  • @stephenw10:

    I agree with this, the hardware sizing list is now out of date.

    More importantly it doesn't make it clear that it's out of date which could easily lead people to believe they need far more powerful hardware than is actually required.
    @nexusN:

    For example, the throughput part,
    the performance is linked to the CPU frequency, while this is obviously not the case with different micro-architectures and number of Cores being put together(SNB Celeron vs Cedar Trail Atom).

    This is interesting. Whilst it is true that advancing micro-architectures have rendered that list obsolete, modern cpus can do a lot more per cycle, the throughput is still linked to frequency. This is because of the poor parallel processing ability of the routing/firewall code as I understand it. It is therefore better to have two very fast cores than 6 slower cores to get the highest throughput. Though I think some code in FreeBSD 9 may improve this situation?

    Steve

    Sure they are still proportional, higher throughput will surely need higher frequency, but on that page it didn't tell if that is an Atom case or SNB case.
    D2700 and G530 are both dual core CPU, with G530 has a bit higher max Freq it can almost bring 4 times the throughput of the former.
    If users are not familiar with the effect of different micro-architecture, such a difference may struggle them a lot.
    That's why I suggest highlighting the other differences instead of giving only freq information.


  • Netgate Administrator

    I agree. It's especially true at higher throughputs.

    501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.

    Just not true any more.  :)

    Steve


  • Rebel Alliance Developer Netgate

    Open to suggestions there. It's a fairly complicated topic though, hard to boil it down to a simple table these days.

    You also have to consider pps, packet size, the NICs being used, etc.

    The table is just a general guide but it could use a couple of intermediate steps (Such as ~400 Mbps can be done on an Atom)

    If anyone has some solid data – from actual pfSense installs -- of throughput achieved and the circumstances (cpu type, nic, packet size, pps/bps) it would help.

    Seeing a FreeBSD or Linux benchmark on the hardware isn't very useful of course, it would need to be data from traffic passing through pfSense.

    Bonus points for VPN speed with several different ciphers. (As in http://forum.pfsense.org/index.php/topic,27780.0.html )


Log in to reply