Building a PFSense router to host over 100 people

pmiccich

Im close buddies with a guy who owns a shop in town, and there he sells stuff like magic the gathering cards, host LAN parties, sells food, and over all we he just designed the place for people to have a good ass time. Now one problem we have is that when he gets one of the huge LAN parites going, the router he currently has will go on the fritz a little bit. I suggested to him that we dump some cash on a computer to turn into a router. So he tossed me about $350 and told me to go crazy.

Now here are the parts i have laying around:

- Micro ATX Case
  - CF to IDE adapter
  - CF Card
  - A PSU that will fit in the case (Its a fairly cheep one, only 250watts and not single rail so id like to get a new one)

Here is where i need help, i just dont really know what hardware will work with this thing and what wont.

Here is some of the parts i was thinking of getting:

- The motherboard: http://www.newegg.com/Product/Product.aspx?Item=N82E16813135318
  - The RAM: http://www.newegg.com/Product/Product.aspx?Item=N82E16820313345
  - The CPU: http://www.newegg.com/Product/Product.aspx?Item=N82E16819113286
  - The network card (x2): http://www.newegg.com/Product/Product.aspx?Item=N82E16833106121
  - The PSU: http://www.newegg.com/Product/Product.aspx?Item=N82E16817151077

The reason we want to make such a powerful router is because we want to make it almost immune to DDOS (We have some tricks that will work but they require some very powerful hardware)

Would that hardware work well enough?

fragged

How much throughput do you need? Are you planning on running packages like Snort (cpu and memory intensive) or Squid (can be setup to eat all the memory you have)?

Personally I would never go with AMD CPU's and chipsets. While Intel costs you more up front, you (usually) get better stability, higher performance and lower power consumption. Is it worth buying 2 expansion NIC's if that additional money gets you a Intel motherboard with dual NIC's onboard?

Just my thoughts.

pmiccich

Well i was thinking of just getting one of the Ivy bridge pentium's but im really liking that quad core, haha. And yah i need those NIC's, unfortunately even on intel boards, when buying with budget you will get stuck with crappy realtek NIC's, which i normally avoid.

fragged

Remember that the current AMD CPU's have only 1 floating point unit per 2 marketed core's so a AMD quad core is more equal to Intel dual core than Intel quad core. Also depending on what you do with your pfSense setup, you won't be using more than 1 or 2 cores.

pmiccich

Hmmm ok.  Think i should spend the extra money on haswell? or just stick with ivy bridge?

pmiccich

You know, i think i may just stick with the AMD system, only because they still offer an IDE port, that may sound silly but that one feature saves me about $50 :p

tirsojrp

Get a PCI express dual port nic from ebay for $30 or less, replace the CPU and board for an Intel H61 MB+Pentium G2120 and get a 2.5" HDD.

ZGamer

Not sure why you'd be worried about getting DDOS'd, unless your sitting on a routable class-B or larger it's very unlikely unless you are messing with the wrong people.

As far as hardware unless your doing Snort or Squid you really don't need that powerful of a box. If excluding those to options I've held up 100MB business links running pfSense on boxes you would be throwing away these days. cough cough P3 933mhz + 512MB ram, granted more modern releases of FreeBSD are slightly more resource intensive, I've had no problems running it currently with 1vCPU and 768MB ram under VMware….Yes a VM in production and it works just fine.

CPU:
If your really worried I'd probably go with an i3-3220 which is likely overkill (G2020 should be good enough, really looking at the 55w TDP)...if your doing Snort at line speed it really depends on your WAN link. On gig+ links with 2000+ clients banging away at it your looking at westmere xeons unless you want to do some port-mirroring.

Ram:
4GB would be plenty for most things and cover you down the road. If you are planning on Squid then 8GB, but make sure the motherboard can take 16GB down the road in case load increases.

NIC:
As tirsojrp said, pickup a used dual port Intel Pro1000/PT PCI-E adapter off Ebay....should be $30 or less shipped. A lot cheaper than new, and a lot higher quality.

Storage:
CF works but I would go with a regular USB thumb drive, USB2 drives seem to boot quicker.

PSU:
Always get a high quality PSU, being cheap can cause all sorts of issues from higher failure rates to odd voltage outputs and fluctuations.

Worth mentioning as no one else has asked. "Huge LAN parties...will go on the fritz", what kind of switching is he running? I wouldn't recommend running 100 seat lan parties off netgear switches, no offense they have their place but when you care about latency and have a large network...I would go with something of a bit higher grade.