CPU grunt required to route WAN<->LAN… AND.... LAN<->LAN

rikar

Hey there, lurker for years, used Smoothwall early last decade on some old gear. Now that I actually pay for my power bill, I want a new low power solution to assist moving away from DD-WRT which I love to death, so stable over 4 yrs.

Environment:

• 120Mbit/2.4Mbit connection
• ESXi x 2
• NAS's  X 2
• Microsoft file server X 2
• 3-5 wired clients (desktops, HTPC etc)
•  Apps server (AirVideo, SAB, SQL etc)
• Wifi devices, have a WRT400N with DD-WRT for N traffic that I can stick in AP mode on an adaptor I assume (3 tablets, 3  phones, 2 laptops)
• HP Procurve GB 8 port and a 24 port switch.

http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49

The page says "No less then 1.0Ghz CPU" to route 51-200 worth of traffic, which I thought I would be within, but does that include LAN to LAN traffic? I'm a little network green. If I'm moving traffic from a subnet (say my DMZ) through to my inside LAN, this routes through pFsense correct? What if I setup pFsense control VLAN's?

From this thinking plus threads on the forum, I don’t need just  ~1Ghz, but enough grunt to move 1Gbps.
I want to be able to run Snort, maybe cache and a few VPN connections.

It "seems" that my Q is A here >>
http://forum.pfsense.org/index.php/topic,45922.0.html

"If you need Gbps transfer between internal subnets/interfaces then the G530 is the right choice.

Steve"

Actual Question: Would a intel BLKDH61WWB3 + G620 suffice? Ill being running either a dual port intel NIC or the single onboard one with VLAN.

PS: Some sort of matrix that could answer my question would be well cool.
A package in pFsense that pushed "benchmark type" results to a cloud, the data could be well useful to peeps I would have thought.

Thanks sooo much!!!

Michael

stephenw10

Welcome, nice router! (Hitachi?)

@rikar:

The page says "No less then 1.0Ghz CPU" to route 51-200 worth of traffic, which I thought I would be within, but does that include LAN to LAN traffic? I'm a little network green. If I'm moving traffic from a subnet (say my DMZ) through to my inside LAN, this routes through pFsense correct? What if I setup pFsense control VLAN's?

pfSense filters traffic between any of its interfaces. Therefore if you are moving files from a 'dmz' to a LAN you need pfSense hardware that can filter that traffic at the required speed, possibly up to gigabit.

@rikar:

Actual Question: Would a intel BLKDH61WWB3 + G620 suffice? Ill being running either a dual port Intel NIC or the single onboard one with VLAN.

Yes. You will be able to route at gigabit wire speed with that board/cpu. If you use VLANs all your traffic has to use a single connection but that may not be such a problem. Since you already have a nice VLAN capable switch you can try it without any cost.

I agree we need some more recent figures for the hardware page. The trouble is there are so many variables that hard figures can be misleading.

Steve

rikar

Thanks, its a FESTOOL Oberfräse OF 1010 EBQ-Plus :)

Thanks so much for your reply Steve!

Traffic going through interfaces requires CPU usage, gotcha.

If i go VLAN, it would seem all traffic go through pfSense, as I would be firewalling various subnets., gotcha.

The trouble is there are so many variables that hard figures can be misleading.

There are a lot of variables but then there are a lot of pfSense users. Mashing a few 10,000 tables of data together would show some commonalities i would have thought. Shame I lack statistical analytic skills, would be fun and beneficial to the community.

Thanks so much again, gunna go grab some hardware!

Michael