Pfsense Box - Single Nic verses Dual Nic setup



  • I'm a small-business owner who works from home considering Pfsense as a firewall. I have done some leg work, and it seems there are two options for the Pfsense firewall connection.

    Dual - Network Interface Card
    -OR-
    Single - Network Interface Card - "Requires Smart Switch"

    I would like to use a single NIC connection for a Pfsense box so it won't limit my choices on SFF computer configurations and lower the cost of ownership. I do realize an Intel NIC controller is preferred and supported better as the hardware/drivers are of higher quality. I do plan on all NICs to be of Gigabyte speed and full duplex.

    My budget is cheap as Possible without sacrificing any of the present potential or future functionalities of Pfsense …. Sniff, ClamAV, Squid, etc....
    My internet will be provided by Charter using a cable modem with a 30/6Mbps connection. In the future, I may upgrade to their 100 Mbps tier. Number of computers connected will be between 2 to 3.

    Questions

    • Will a single NIC connection for a Pfsense box affect security?

    • Will a single NIC connection for a Pfsense box prevent me from using important security setting, functions or plugins available for Pfsense?

    • If I use a single NIC connection for a Pfsense box will it degrade the internet browsing, video streaming, or download performance for the end users?

    • What would be if any benefits of using a dual NIC configuration versus a Single?

    • Could end users be able to tell the difference from a Pfsense box running on a Single NIC verses Dual NIC?

    • Stability of a Pfsense box running on a Single NIC verses Dual NIC?

    Some Computers I chose

    The Switch

    Ultra low Power consumption



  • Answers:

    Will a single NIC connection for a Pfsense box affect security?

    Not in much of any legitimate way.  There used to be some attacks in very early hardware, but modern hardware is fine.

    Will a single NIC connection for a Pfsense box prevent me from using important security setting, functions or plugins available for Pfsense?

    No, other than possible speed hits.  If you did any local network segmenting with pfSense, like a DMZ or something, you might notice some speed bottlenecks with accessing things on that DMZ network, but probably not enough of a hit to really care about the slight performance deficiency.  And, it's quite likely pfSense itself would be just as much of a bottleneck there since you're effectively asking pfSense to be a switch.

    If I use a single NIC connection for a Pfsense box will it degrade the internet browsing, video streaming, or download performance for the end users?

    Not at the speeds given for your internet service.  You'd have to get closer to 300 or more Mb too max out the Gb on your likely hardware.

    What would be if any benefits of using a dual NIC configuration versus a Single?

    Speed and you wouldn't need to spend as much for a "smart" VLAN capable switch, and the ease of setup since you don't have to configure a switch.  And when I say speed, I don't mean internet, but local speeds if the pfSense is doing some kind of filtering between local networks, but it probably isn't.

    Could end users be able to tell the difference from a Pfsense box running on a Single NIC verses Dual NIC?

    Not if you set it up right, and if you don't, it probably just won't work anyway.

    Stability of a Pfsense box running on a Single NIC verses Dual NIC?

    Nope.

    Now, your hardware choices.  Those mini Dell machines aren't always that great on power, there's not much about them that makes them that much better than a full size machine.  They require an external power supply, make sure it comes with it (I don't see it specifically listed as having or not having it.)  All of those are Core2Duo's, though, which they're pretty good on powering themselves down when idle.  Both of the larger machines have PCI-Express slots, but if you are going to put a card in them, make sure they have a low profile bracket included.



  • Thanks for your input matguy,

    Its appearing more obvious to me now there are other valuable potential gains that could be had if I simply acquire a computer with PCI/PCI-E expansion slots. With no expansion capability it obviously limits your options.

    • PCI/PCI-E Slot for Wireless AP card

    • PCI-E Slot for a Dual NIC Server grade card

    I do hate having a somewhat higher overall monthly Kw usage, versus an Atom based product :D. But I will have the juice to run more tasks and not have to worry about hitting a ceiling. Give it a few more years there should be many POWERFUL low wattage CPU's on the market which will remove the Power Consumption Equation from Pfsense boxes.


  • Netgate Administrator

    I agree with everything Matguy said.  :)

    You will only notice the speed limitation using VLANs if you are transfering data between internal interfaces (if you have more than one). WAN to LAN speed cannot get close to that limit on half decent hardware, including everything you linked to.

    By using VLANs and a switch your pfSense box becomes completely dependent on the switch. If, for example, your switch forgets it's configuration everything stops working with no easy way to bypass it temporarily. This is an unlikely scenario though, modern hardware like the GS108T is very reliable.

    You can achieve very low power consumption along with computing power far in excess of an Atom by using one of the low end Sandybridge CPUs. It won't even cost you that much more, though more than a $100 Dell box! For an example build: http://forum.pfsense.org/index.php/topic,44269.0.html
    There are other similar posts built on the G620.

    I really appreciate the trouble you went to formatting your original question. Refreshing change!  ;D

    Steve



  • @Clear-Pixel:

    Thanks for your input matguy,

    Its appearing more obvious to me now there are other valuable potential gains that could be had if I simply acquire a computer with PCI/PCI-E expansion slots. With no expansion capability it obviously limits your options.

    • PCI/PCI-E Slot for Wireless AP card

    • PCI-E Slot for a Dual NIC Server grade card

    I do hate having a somewhat higher overall monthly Kw usage, versus an Atom based product :D. But I will have the juice to run more tasks and not have to worry about hitting a ceiling. Give it a few more years there should be many POWERFUL low wattage CPU's on the market which will remove the Power Consumption Equation from Pfsense boxes.

    Understandable, but the power cost of running a Core2Duo, unless power in your area is very expensive, is probably fairly negligible.  A standard Core2Duo machine can easily be less than 60 watts when performing full bandwidth routing for your connection, assuming you don't have a huge amount of other processor hitting features turned on, even then, likely less than 90 watts.  That's going to likely be way less than any lights that are probably left on at night.  An Atom box is likely to be 20 to 30 watts depending on many factors.  So, at worse, 40 to 70 watts more to run a Core2Duo, and at worse, that 70 watts would only be during busy business hours, so, say, 10 hours of 70 watts and 14 hours of 40 watts?  Average of 52.5 watts above an Atom for an average day (40 on weekends and holidays).  That's an average of 250.7 KWH/month.  Average KWH cost in the US is/was $0.12.  So, your basic worst case scenario is probably $30/mo to go with a Core2Duo Vs. an Atom, but I would think it's probably more likely to be around $15/mo if anything at all (remember that 60 watts, it's probably less than that at idle, and that CPU is barely above idle during normal business routing.)

    Of course, none of that takes in to account Heat and AC.  That power use of your router, assuming it's in open air that's part of your climate controlled office space, becomes part of that system; it's adding heat to the room.  If you're in a cold climate and the heat is run most of the calendar year, the electric cost of that machine is mostly un-noticed (unless, again, electricity is very expensive and your building it heated with something less expensive.)  On the other hand, in warm climates, assuming AC is used to cool the occupied space, the heat produced is really bad in that every bit of electrical energy used comes across as BTU's your AC needs to move back out of the building (unless you can put the router in an un-climate controlled area, but then you may need to worry about over-heating.)

    Things to consider…

    But, if power usage is a large concern, it is quite common to find a decently capable Atom CPU/Motherboard with PCI-Express slots for NIC's.  Although, at your speed, you'd be perfectly fine with a PCI 10/100 Intel card for your WAN connection, anyway.  I would imagine that a decent Atom could do everything you'd rationally want to run on a standard business router, VPN included, at your WAN speeds.

    Also, something to consider, and one reason I mentioned a 10/100 card, your mention of "Server grade" PCI-Express card.  Many of them have heatsinks on them... for a reason; while they're great for taking some of the processing off the CPU assuming your OS supports it, it can easily negate a lot of your power savings goal.

    Now, I don't know about any other server needs you may have or already service, such as if you have a local file server or other application server(s), but if power is of paramount concern, it might be worth looking at combining such services, hardware wise, via virtualization.  With enough RAM, one of those larger Core2Duo machines could easily run a lot of services for you (the 755 and 960 Small Form Factor machines you linked will take up to 8GB of ram; that could easily run pfSense with 1GB and 2x Windows or Linux VMs with 3GB each; or adjust as desired.)  Of course, that's a lot of eggs in one basket, but it can certainly save on power.



  • @stephenw10:

    I agree with everything Matguy said.  :)

    You will only notice the speed limitation using VLANs if you are transfering data between internal interfaces (if you have more than one). WAN to LAN speed cannot get close to that limit on half decent hardware, including everything you linked to.

    By using VLANs and a switch your pfSense box becomes completely dependent on the switch. If, for example, your switch forgets it's configuration everything stops working with no easy way to bypass it temporarily. This is an unlikely scenario though, modern hardware like the GS108T is very reliable.

    You can achieve very low power consumption along with computing power far in excess of an Atom by using one of the low end Sandybridge CPUs. It won't even cost you that much more, though more than a $100 Dell box! For an example build: http://forum.pfsense.org/index.php/topic,44269.0.html
    There are other similar posts built on the G620.

    I really appreciate the trouble you went to formatting your original question. Refreshing change!  ;D

    Steve

    That's a good point, Steve.  Both the agreeing with everything I said ;) and the switch configuration stability.  Yes, they're usually pretty good, but also in the case of a full switch failure (power supply, meteor shower, whatever) you'll have to re-configure either that switch or a replacement, without internet to help you.  This is a good argument for non-managed switches in an office without constant IT support.



  • In the past, I have always done custom builds for myself. I got tired of computer components price gouging, spending $2000 on a custom build isn't fun after the newness wears off,
    so I shopped Ebay and pick up a New HP Z800 Workstation for $800 bucks sometime back. Just for the sake of jumping through all hoops, I'm looking at some new low powered components
    to see just how cheaply I can build a Quality low powered custom box.

    Here are three of many components that still need to be decided on.

    Tally so Far = $185

    If your Kw consumption numbers are close matguy, in a 12 month period I would save somewhere around $180 in power by doing a new custom build.
    What I choose for for hard drive will also be important SSD or Spinner.
    As for running Linux VMs it would come in handy, as I do plan on running a full blown private web server for web development
    for self teaching and a local file server for another backup source.

    Considering changing the switch to a Commercial Grade Switch

    As for a HIGH QUALITY Motherboard, High Efficiency Power Supply, Case and keeping the noise level at zero or near if possible, that will require some more research.
    If anyone would like to contribute please feel free to do so. I will post my findings over the next several days.

    Again, thanks for everyones time…



  • Personally, I'd probably do the 755 or similar model machine, maybe not a SFF unless space was a concern (it makes NIC selection easier when you're not worried about low profile brackets.)  HP DC7700's are good too, usually not too hard to find under $100 shipped, depending on where you live.  With a Core2Duo, any of those are likely to be pretty good on power and take a few NICs, the DC7700 and I think the 755 both have onboard Intel Gb Nics.  Pair that with a simple PCI Intel 10/100 card for super cheap and a small SSD for $50 or less and you should have a good router that'll last a very long time for about $150 total and should be pretty light on power intake.

    You can also find DC5700's with a Core2Duo for closer to $50 if you shop around, but they only have PCI and PCI-Express x1. (Oh, and they only take 4GB of ram, not a worry for your pfSense needs, but worth mentioning.)

    Future upgrade could be a PCI-Express NIC, dual or single, depends on what you're needing.  I know the DC770 and I think the 755 also has open PCI-Express x16 and x1 slots (after you take out the video card, if included), you can put anything you want in the x16 slot and a single port GB NIC should be x1, so you could cheaply upgrade as needed; lots of options.

    At that point, you wouldn't need a VLAN capable switch, and I presume you already have a switch of some sort, so you might not need to buy one at all.

    Personally, I used to be big on the self built scene, but over the past 5 years or so, with so much hardware available for so cheap on Ebay, I haven't built a machine for years.  With general corporate computer refresh cycles, computers aren't getting replaced because they're too slow, they're just out of warranty or hard to get new service parts from the OEM's.

    I run a VMware cluster at home with 2x old HP DC7700's, I couldn't get cheaper with built hardware, I've tried.  I might be able to run one machine with more RAM each (they max out at 8GB) and save on power, but it'd take me 2 or 3 years to "pay back" the difference.  They sit upstairs and out of the way, so it doesn't really heat up the house in the summer (great cross breeze with windows), but still helps keep the chill off the upstairs in the Winter, so the power isn't a big deal where they sit.  Of course, I've also been fortunate to be able to pick and choose from old employer's surplus stacks, so a lot of the hardware I have sitting around was somewhere between free and ridiculously cheap anyway.

    I did finally come to respect the all mighty power bill when I started running a couple old Dell PowerEdge 2850's as VM hosts, though.  That hurt for a couple months when the bills came in.



  • If you are interested in low power, but high performance, then build an Ivy Bridge i3 box. I have a box with a Z77 mobo, Ivy Bridge i3 3220, 4GB of ram, and am using 2 PCI-E Intel gig NIC's, and see ~30-40w power usage at the wall. (Tested with a kill-a-watt). That is honestly bordering on Atom territory with significantly more CPU power. Speed step and everything works correctly and it idles at 400Mhz and spins up to the full 3.3Ghz as needed. I am using a Seasonic 300W 80+Bronze PSU to run it. Oh yeah and I am using an older Samsung 64GB SSD (It's actually an OCZ Summit, it uses the older gen Samsung controller, the one before the 830). Machine runs awesome and it has the horsepower to run any scenario I throw at it, including OpenVPN/AES encryption. (Sadly with an i3 you do not get AES-NI, but if you step up to an i5 you can get SIGNIFICANTLY faster AES encryption performance with AES-NI, which does appear to be supported!) If you need to save a few bucks, you can go with a B75/H77 mobo instead of Z77. I have built several business workstations with the AsRock B75 Micro ATX board and they work GREAT! You can even step down 1 notch to the AsRock B75M-DGS and still have a solid board (stick to one with 100% solid caps, not just solid caps on cpu power).

    With any of those older Dell workstations you are going to be looking at 100w+ for idle easy, and have LESS performance. You can build this whole setup for pretty cheap if you're smart and get in on a combo deal and whatnot.

    Also, dont worry about getting a 35w CPU, honestly that watt rating ONLY MATTERS IF THE CPU IS PEGGED AT 100% ALL THE TIME otherwise it is in a race to idle all the time and a 65w rated cpu from the same generation will idle at the same low amount. The i3 3220 I am using is rated at 55w, but it truly sips power. Save the money that you'd spend on a S or T series CPU, it's not going to save you on power unless you are really making the CPU do a lot of work. (And honestly the low-wattage ones are just lower clockspeed and have less turbo). My box is in a MicroATX case and the only 2 fans are the PSU and the CPU fan, which is rpm controlled and runs very slow so the machine is basically silent.

    FWIW Here is the PSU I used: http://www.newegg.com/Product/Product.aspx?Item=N82E16817151086
    and the NIC's: http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033 (NOTE: This NIC comes with both low profile and full height brackets, so you can go with a SFF setup if you want).



  • @extide:

    If you are interested in low power, but high performance, then build an Ivy Bridge i3 box. I have a box with a Z77 mobo, Ivy Bridge i3 3220, 4GB of ram, and am using 2 PCI-E Intel gig NIC's, and see ~30-40w power usage at the wall. (Tested with a kill-a-watt). That is honestly bordering on Atom territory with significantly more CPU power. Speed step and everything works correctly and it idles at 400Mhz and spins up to the full 3.3Ghz as needed. I am using a Seasonic 300W 80+Bronze PSU to run it. Oh yeah and I am using an older Samsung 64GB SSD (It's actually an OCZ Summit, it uses the older gen Samsung controller, the one before the 830). Machine runs awesome and it has the horsepower to run any scenario I throw at it, including OpenVPN/AES encryption. (Sadly with an i3 you do not get AES-NI, but if you step up to an i5 you can get SIGNIFICANTLY faster AES encryption performance with AES-NI, which does appear to be supported!) If you need to save a few bucks, you can go with a B75/H77 mobo instead of Z77. I have built several business workstations with the AsRock B75 Micro ATX board and they work GREAT! You can even step down 1 notch to the AsRock B75M-DGS and still have a solid board (stick to one with 100% solid caps, not just solid caps on cpu power).

    With any of those older Dell workstations you are going to be looking at 100w+ for idle easy, and have LESS performance. You can build this whole setup for pretty cheap if you're smart and get in on a combo deal and whatnot.

    Also, dont worry about getting a 35w CPU, honestly that watt rating ONLY MATTERS IF THE CPU IS PEGGED AT 100% ALL THE TIME otherwise it is in a race to idle all the time and a 65w rated cpu from the same generation will idle at the same low amount. The i3 3220 I am using is rated at 55w, but it truly sips power. Save the money that you'd spend on a S or T series CPU, it's not going to save you on power unless you are really making the CPU do a lot of work. (And honestly the low-wattage ones are just lower clockspeed and have less turbo). My box is in a MicroATX case and the only 2 fans are the PSU and the CPU fan, which is rpm controlled and runs very slow so the machine is basically silent.

    FWIW Here is the PSU I used: http://www.newegg.com/Product/Product.aspx?Item=N82E16817151086
    and the NIC's: http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033 (NOTE: This NIC comes with both low profile and full height brackets, so you can go with a SFF setup if you want).

    There's some good info about i3's here, but the note about older Dell workstations being 100w+ for idle is a very broad statement, and not exactly true (depending on your definition of "old".  While many will be 100w+ at idle, especially the Hyper threaded P4's, a lot can be under.  Many Dell machines with a Core2Duo will idle around 50w, even a big Optiplex 755, and you can get those for under $100 shipped through ebay (depending on your location.)



  • After wasting some time pondering a pfsense laptop, I'm back to the SFF Desktop. No I'm not going to drop a grand on a custom build for a fire wall. Just a used business desktop PC will work just fine with a dual Intel Nic card.

    As you can tell I prefer the HP line, as they have better expansion capability and I own a Z800 workstation so…..
    Prices seem a bit high on ebay at the moment, maybe its just that time of the year for iGouging ;).

    HP 8000 Elite SFF Spec's
    http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c01960471/c01960471.pdf

    Ebay $220 range

    • Q45 GMCH Integrated Graphics Controller

    • Intel Graphics Media Accelerator 4500

    • 82801 ICH10-DO

    • DDR3 Memory - 800/1066/1333-MHz (FSB)

    • Intel 82567LM Network Interface Controller

    HP dc7900 SFF Spec's
    http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c01549447/c01549447.pdf

    Ebay $140 range

    • Q45 GMCH Integrated Graphics Controller

    • Intel Graphics Media Accelerator 4500

    • 82801 ICH10-DO

    • DDR2 Memory - 800/1066-MHz (FSB)

    • Intel 82567LM Network Interface Controller

    HP dc7800 SFF Spec's
    http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c01202501/c01202501.pdf

    Ebay $120

    • Q35 GMCH Integrated Graphics Controller

    • Intel Graphics Media Accelerator 3100

    • 82801 ICH9-DO

    • DDR2 Memory - 800/1066-MHz (FSB)

    • Intel 82566DM Network Interface Controller

    http://en.wikipedia.org/wiki/Intel_GMA#GMA_X4500

    FreeBSD

    FreeBSD 8.0 supports the following Intel graphic chipsets: i810, i810-DC100, i810e, i815, i830M, 845G, 852GM, 855GM, 865G, 915G, 915GM, 945G, 945GM, 965G, 965Q, 946GZ, 965GM,945GME, G33, Q33, Q35, G35, GM45, G45, Q45, G43 and G41 chipsets. In practice, chipsets through 4500MHD are supported with DRM and 3D using FreeBSD 9. Work to integrate GEM and KMS is currently adding support for i-series integrated graphics and improving support for earlier chipsets.

    http://www.freebsd.org/releases/8.1R/hardware.html

    Could someone please elaborate on this quote from Wikipedia "In practice, chipsets through 4500MHD are supported with DRM and 3D using FreeBSD 9."

    All of the reading I have done over the pass week or so, any of the (3) HP boxes above with factory hardware would be compatible with pFsense 2.01? Ofcouse you would have to add a Dual Nic PCI-E card.  And for graphics utilize the on-board graphics for an LCD monitor?

    I am assuming based on what I have found, the on-board nic would not function?

    One more thing, the dc7900 bio's should support DDR2 running at 1333 MHz FSB if the mem was upgraded?….its the same chipset as the dc8000?

    Anyone have a Intel based dual port ethernet low profile bracket they would sell? ..... Just the bracket. I assume it should fit a Dell or HP Intel based card. Will pfsense reject a dell or HP based Intel Card?
    http://www.ebay.com/itm/230880662390?ssPageName=STRK:MEWAX:IT&_trksid=p3984.m1438.l2649



  • The dc7900 is my favorite.  I have three of them - used as a regular desktop, an ESXi host and a spare that I use for all sorts of disposable things.

    Being all "Intel InsideTM" they are good for running ESXi.

    Given the minimal differences between the 7900 and the 8000 it would be hard to justify 50% more for the latter.  Either way, you've got 3 PCIe slots and a PCI in those machines and the extra cost for a dual NIC might not be worth it.

    What makes you think the 82567LM on-board NIC won't work with pfSense?  I hadn't thought about that before and might check it on my spare (my pfSense is a VM).



  • I am assuming based on what I have found, the on-board nic would not function?

    Definitely works.



  • The reason I'm thinking this, is because the ethernet chipset model 82567LM isn't listed http://www.freebsd.org/releases/8.1R/hardware.html

    The reason I listed the Elite 8000 is the stock memory is running at 1333 mhz ….. most likely couldn't see a difference .... but doesn't hurt to have a little extra SNAP!

    How I will configure the computer I'm not sure what path to take at the moment. I may just install only pfsense, or ESXi and will look into other free available options. Ive have heard you need to have a raid controller for ESXi etc... so I will have to dig into it soon. Would be nice to have a VM of a full blown web server, a VM of freenas, and some flavor of linux in a VM. If that's the path running it all VM style. I will need more Mem....Might could pull the stock 2Gb modules out (1066mhz) and stick 8Gb of 1333mhz in the dc7900? Assuming HP's bios has support and a option for upping the FSB to 1333.

    It will be to help protect my home based business, and of course after hours I will be doing the things geek do when he get online after work. I plan on spending much time learning pfsense to get my internet connection locked down as tight as humanly possible.

    Sounds like your saying screw the dual nics, just use the on-board nic and a managed switch.


  • Netgate Administrator

    The Intel driver in 2.0.1 is actually a patched version of what was released with FreeBSD 8.1. As such it is actually somewhere between 8.1 and 8.3 in terms of support.
    You can always try the 2.1 snapshots, built on 8.3, to get further hardware support. They have been quite stable for some time. Though individual snapshots can still introduce bugs.

    Steve



  • I use DC7700's a lot as well, they're inexpensive, available in the SFF size, takes PCI-Express x16 and x1, and available with a Core2Duo (generally a sweet spot for performance/price/wattage.)

    The DC7900's and DC7700's both use DDR2 (666 to 800MHz and 533 to 800Mhz, respectively).  The 8000 uses DDR3.  They are different beasts.  Even if you could bump up the 7900 to over 1000MHz memory speed, the increase likely wouldn't do much for you, if anything at all.  All of those machines support a range of Celerons, Pentium Ds, and Core2Duos.  The DC7900 and 8000 support Core2Quads, but a Quad won't help you much, pfSense generally doesn't benefit from any more than 2 cores.  With a Core2Duo it's pretty rare to saturate the processing power in pfSense unless you're doing a lot of other options, such as a lot of VPN, deep packet inspection, content caching for a lot of users, etc.  This isn't a desktop machine, so extra "snap", such as responsiveness in a GUI isn't a factor, it likely won't affect any kind of latency, either.

    But, that's just hypothesis, feel free to test, please let us know if you do. Just remember, your local router is likely not the source of latency on the internet, it's a weakest link issue, which is usually the internet as a whole, your router probably wouldn't make a difference.  It'd be kind of like making sure your driveway in your house was as fast as possible because the traffic getting to work takes a long time; you may end up spending a lot of make a very little, possibly zero, net benefit.

    I still use an old Celeron 400 for my home router, although with m0n0wall, still (over 7 years running.)  Being a Pentium II era machine, it has PC-100 SDRAM; a whole 128MB of it.  Latency has never been a concern, and I throw a lot at it.  CPU usage is rarely over 10%.  If it makes you feel warm and fuzzy, feel free to go the extra mile to bump up your memory speeds.  Personally, I wouldn't expend the effort to try.



  • Sounds like your saying screw the dual nics, just use the on-board nic and a managed switch

    No, just saying that one on-board plus three PCIe slots plus one PCI slot gets you up to five single-port NICS.  How many do you want in a home office machine?  ;)  Sure, if you have the dual NICs already, use them but they may be more than twice the price of single-port NIC.

    You don't need RAID for ESXi (at least not this scale).  You also don't need at least one physical NIC for each virtual machine either.  You could run pfSense and other VMs with just one NIC for your WAN connection and one for LAN.



  • Wow, how did I gloss over the ESXi portion?

    Like biggsy said, you don't need RAID for ESXi.  There used to be a requirement for SCSI for local VMFS volumes (the volumes where virtual hard drives for your virtual machines live), but that mainly just ruled out IDE, SATA works fine.  And, to re-itterate, I the DC7900 is DDR2, while you might be able to find 1333 MHz RAM in DDR2 I wouldn't expect it to work in that machine (maybe it'll clock itself down, maybe the machine will just beep at you.)  The DC7900 is capable of holding 16GB of DDR2, but, 16GB of DDR2 is not cheap.  We'll put it this way, it would probably be worth it to find a DDR3 machine to take advantage of the cheaper DDR3 RAM, especially when you get to higher densities.  Otherwise, 8GB of DDR2 isn't scary expensive, at which point the difference between a DC7700 and DC7900 starts to fade (a 7700 will take 8GB of DDR2 just fine, I have a few of 'em with 8GB each.)

    With a VM host, RAM is usually a big deal, so if you really want to run a few VMs, getting something that can take 16GB may be beneficial.  If you're just running pfSense and a couple small VMs, 8 would probably be perfectly fine.  On my single DC7700 with 8GB of ram I run 2x 2008 DCs, 2x XP desktop test VMs, and a 2003 server, it has about a GB free right now; CPU runs about 500MHz to 1GHz on average on a Core2Duo.

    On the NICs, if it's otherwise easy to do multiple NICs, do it.  It'll save configuration hassles, especially if you're not used to working with VLANs otherwise.  The other thing it saves is down time in case of a switch or other failure, you can easily just swap out any old switch laying around if you don't need the VLAN support.

    Like biggsy mentioned, there's no need for dual port NICs if you've got slots.  A single Gb PCI-Express card will give you your 2 ports, it's unlikely that your WAN need GB (if it does, bonus to you) so a simple 10/100 PCI card is probably fine for your WAN.  So, if you do end up running ESXi or any other virtualization, you can still have multiple network connections, although it's quite likely you wouldn't need them anyway.



  • I just got lucky on ebay and picked up a HP 8000 Elite in mint condition for $147 …. A dc7900 would have been great, but thought I would attempt to snatch up a newer model.

    I will try a single nic using a managed switch. Having gigabit connections throughout the home network, assuming everything is running full duplex in reality should be overkill  :)  Also assuming the onboard chips perform as the spec's state using the pfsense/FreeBSD driver.

    Heck my internet connect is 30Mb/6Mb ..... LMAO ...... and a internal gigabit lan, it all should be quite SNAPPY ;D!

    It will be a new learning experience setting up multiple v-lans and tags etc.... I'm sure I will end up buying the pfsense book, and hit you great guys up to help keep me flying straight.



  • @Clear-Pixel:

    I just got lucky on ebay and picked up a HP 8000 Elite in mint condition for $147 …. A dc7900 would have been great, but thought I would attempt to snatch up a newer model.

    I will try a single nic using a managed switch. Having gigabit connections throughout the home network, assuming everything is running full duplex in reality should be overkill  :)  Also assuming the onboard chips perform as the spec's state using the pfsense/FreeBSD driver.

    Heck my internet connect is 30Mb/6Mb ..... LMAO ...... and a internal gigabit lan, it all should be quite SNAPPY ;D!

    It will be a new learning experience setting up multiple v-lans and tags etc.... I'm sure I will end up buying the pfsense book, and hit you great guys up to help keep me flying straight.

    That's a decent deal, depending on what you need, you can outfit that machine with 16GB for well under $100 (closer to $70), even for the faster of the speeds that it supports.

    That may have just made it in to my budget ESXi recommendation list.  A good 16GB machine for under $300 out the door isn't bad.  Put a few together with a half way decent iSCSI SAN (even a good desktop with RAID and FreeNAS) and you've got the makings of a decent (non enterprise) cluster that would support HA.  I had been using DC7700's with 8GB for that, previously.



  • Another + might be that it seems that the 8100/8200/8300 Elite motherboards and power supplies are compatible with the same chassis as the 8000 elite. So if you loose a motherboard etc….repair it or you could if needed purchase a used 8100/8200/8300 motherboard and CPU to upgrade to a i5.

    The same might could be said about the 7800/7900 series you just don't get as big of a Bang! lol



  • …picked up a HP 8000 Elite in mint condition for $147

    Nice buy.  Hope I don't find anything like that.  I've got enough machines already.  Have lots of fun.

    Wow, how did I gloss over the ESXi portion?

    Well, I thought it might be getting off topic a bit but, since you mentioned VMs in your first response, I figured you opened the door  ;D



  • Nice buy.  Hope I don't find anything like that.  I've got enough machines already.  Have lots of fun.

    Price should have been around $100  :D guess it's because the time of the year.



  • @biggsy:

    Well, I thought it might be getting off topic a bit but, since you mentioned VMs in your first response, I figured you opened the door  ;D

    Oh, I'm usually one of the first to see an opportunity to pontificate vastly on the subject of Virtualization, especially with ESX(i).  I was quite surprised I missed the mention.

    @Clear-Pixel:

    Nice buy.  Hope I don't find anything like that.  I've got enough machines already.  Have lots of fun.

    Price should have been around $100  :D guess it's because the time of the year.

    Really?  Usually closer to $100?  I need to start watching out for those.  Might replace some of mine with those (more ram per machine equals more work for less power usage, assuming Core2Duo or better.)



  • Matguy:
    Your watts and cost calculations above are way off.

    Using your watts difference of 52.5 try this:

    52.5 watts above Atom
    52.5 x 24hr per day = 1,260 watts per day
    1,260 watts / 1,000 = 1.26 kwatts per day
    1.26 kwatts X 365 days per year = 459.9 kwatts per Year
    459.9 kwatts per year / 12 months per year = 38.325 kwatts per month
    38.325 kwatts per month X $0.12 per kwatt = $4.599 per month difference
    $4.599 per month difference * 12 months per year = $55.188 per year difference

    Clear-Pixel has already spent more in time and effort than he/she will ever recover with power savings in an area with typically priced power.  Just grab a decent used notebook and hook it up.  Even my old 2003 vintage DELL Inspiron 5100 with Broadcom NIC works fine.  Only issue I've seen with the NIC is not being able to spoof the MAC on VLAN'ed WAN interface.  Although I was able to force the MAC spoof just for the sake of doing so.

    The quantities are too small for there to be any economy of scale savings.


  • Netgate Administrator

    @NOYB I think you mean kWh per day or year.  ;)

    @Matguy Yes I think you made a calculation error there.

    It doesn't matter because you are both arguing the same point; that the savings made do not justify the initial outlay. The argument is just made more powerful with this new figure.

    Steve



  • @NOYB:

    Matguy:
    Your watts and cost calculations above are way off.

    Using your watts difference of 52.5 try this:

    52.5 watts above Atom
    52.5 x 24hr per day = 1,260 watts per day
    1,260 watts / 1,000 = 1.26 kwatts per day
    1.26 kwatts X 365 days per year = 459.9 kwatts per Year
    459.9 kwatts per year / 12 months per year = 38.325 kwatts per month
    38.325 kwatts per month X $0.12 per kwatt = $4.599 per month difference
    $4.599 per month difference * 12 months per year = $55.188 per year difference

    Clear-Pixel has already spent more in time and effort than he/she will ever recover with power savings in an area with typically priced power.  Just grab a decent used notebook and hook it up.  Even my old 2003 vintage DELL Inspiron 5100 with Broadcom NIC works fine.  Only issue I've seen with the NIC is not being able to spoof the MAC on VLAN'ed WAN interface.  Although I was able to force the MAC spoof just for the sake of doing so.

    The quantities are too small for there to be any economy of scale savings.

    Good catch, it looks like I seriously fumbled something between my average wattage and my KWh/month math.



  • @NOYB $0.15 per kWh here.

    The main point here about power consumption is the GREEN aspect!

    It's not that big of a deal at the moment, but when the government/states decline new construction permits for coal fired power plants. And existing operators shutting down plants, you will be scrambling to cut your energy cost!



  • How much are you expecting electric power price to go up and when?

    If things get so bad that I'd be scrambling to save a few kWh of power, computers, internet, etc. will be history.



  • @NOYB:

    How much are you expecting electric power price to go up and when?

    I agree 1kWH per day is probably insignificant to most "1st world" dwellers. I suspect for many dwellers of "remote, 3rd world" communities relying on solar power or generators, 1kWH per day can be very significant.


  • Netgate Administrator

    @NOYB:

    How much are you expecting electric power price to go up and when?

    This is an interesting question.

    Here in the UK the average annual household electricity bill has almost doubled in the last 10 years.
    See: http://www.decc.gov.uk/en/content/cms/statistics/energy_stats/prices/prices.aspx#

    A lot of that is because for long time the price of energy in general has been kept low by North Sea gas which has now run out pretty much.
    For a number of years the electricity producers here have been doing everything they can to reduce the consumption of their users. This included sending out free CFL bulbs to every household repeatedly and subsidising their cost in shops. Until very recently I could buy a CFL bulb for 11p. All of this is because they are approaching, some would argue have reached, the level of consumption at which they'll have to start building more power stations in a serious way. This is compounded by the fact that much of the existing infrastructure is now well past it's original design life. When that happens I expect the cost of electricity to rise significantly.  ::)

    Steve



  • @stephenw10 …. Well said

    There are many scenarios that will be playing out over the next decade globally, as corporations/governments will have total control over the majority of commodities/services/goods etc. They will create the perfect Storm.

    Need I say more?


Log in to reply