New Installation, few questions
-
Hello all,
We are seriously considering using PFSense for our next firewall to replace our current one. We are 6 months to a year out of outgrowning our current one. We have a few dell servers laying around collecting dust. One, which is beefy, is a PowerEdge R900 with 32GB of memory, 4 Xeon Processors (3.0GHz I beleive), PCIx Gbps Nics in it, 6 total ports.
We have roughly 1500 customers on our network with a 1Gbps fiber connection from our upstream. Right now we are hitting roughly 650Mbps during peak usage. Would this power edge be over kill or fit our current needs and our needs for the future?
I have been seeing guys running i3's or i5's to acheive 1Gbps +. Or even better would the current release of 2.01 PFSense with the latest linux kernal even take advantage of the server we have?
Thoughts?
-
Would this power edge be over kill or fit our current needs and our needs for the future?
I have seen reports the firewall part of pfSense is single threaded so if all you want is a basic firewall the 4 CPUs and 32GB are almost certainly way more than you need. On the other hand, if you want to run snort and squid and … the additional CPUs and memory will probably be quite useful.
Or even better would the current release of 2.01 PFSense with the latest linux kernal even take advantage of the server we have?
pfSense runs on FreeBSD, not Linux.
-
We will probably be adding some new features that PFsense comes with, yes.
-
If it's just sitting around collecting dust then use it.
The only reason not to use it would be a large power usage of older hardware. To improve that situation you could always remove a couple of those Xeons, you can always put them back later if you need the cpu power.If the NICs in that box are Broadcom NetXtreme (often fitted in Dell servers) then you should be aware of this:
http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Broadcom_bce.284.29_CardsSteve
-
If it's just sitting around collecting dust then use it.
The only reason not to use it would be a large power usage of older hardware. To improve that situation you could always remove a couple of those Xeons, you can always put them back later if you need the cpu power.If the NICs in that box are Broadcom NetXtreme (often fitted in Dell servers) then you should be aware of this:
http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Broadcom_bce.284.29_CardsSteve
No the cards are PCIe Intel cards. It does have onboard nics which are probably Broadcom, but we won't be using them.
What type of throughput/routing should a box like this be able to handle? Close to a full Gig shouldn't it?
-
What type of throughput/routing should a box like this be able to handle? Close to a full Gig shouldn't it?
Depends on the actual CPUs installed and what packages, traffic shaping, etc. you use.
The reason people with i3 and i5 CPUs can get close to wire-speed on Gbe is their extremely high clock speed. For simple routing+firewall performance, a brand new box with an i3-2130 would crush the R900 box you probably spent $20K on, an i5 has even more capacity because of Turbo Boost and the fact that the workload is largely single-threaded.
EDIT: What is your current hardware? What, exactly, do you plan to use this pfSense box for other than firewall duties?
