Gigabit pfsense box



  • Anyone got a good recommendation for a low power gigabit pfsense box.
    The WAN down is 120Mbps.

    I've used the alix 2D13 board but it is limited to 100Mbps for the rest this was perfect for me.


  • Netgate Administrator

    You will have to better define 'gigabit pfSense box'.

    Do you actually need to route/firewall at 1Gbps? You might if you have several internal interfaces and need to route between them for example.
    Are you running any extra packages that will require more processing power?
    Compared to an Alix everything is high power! How low do you need to get?

    Steve



  • @stephenw10:

    You will have to better define 'gigabit pfSense box'.

    Do you actually need to route/firewall at 1Gbps? You might if you have several internal interfaces and need to route between them for example.
    Are you running any extra packages that will require more processing power?
    Compared to an Alix everything is high power! How low do you need to get?

    Steve

    I just need have a wan and a lan. Dmz will be used in the future but not yet.
    I don't run special packets. So basicly I just want to have 120Mbps on the lan site. So I can download at 120Mbps from my pc (Which has an gigabit ethernet.) My switch is a gigabit switch (which handled gigabit perfectly (tested from my pc to my server)).

    Any input is appreciated.


  • Netgate Administrator

    The next step up from an Alix box in terms of power consumption would be an Atom based box. An Atom D510 or newer will firewall/NAT at around 500Mbps in one direction or give you about 50Mbps VPN traffic if you ever wanted to use that. That would seem to meet your requirements. It will draw 10-20W depending on the Atom and PSU etc.

    You could wait for the hotly anticipated new Alix product: http://forum.pfsense.org/index.php/topic,59555.0.html

    Steve



  • @stephenw10:

    The next step up from an Alix box in terms of power consumption would be an Atom based box. An Atom D510 or newer will firewall/NAT at around 500Mbps in one direction or give you about 50Mbps VPN traffic if you ever wanted to use that. That would seem to meet your requirements. It will draw 10-20W depending on the Atom and PSU etc.

    You could wait for the hotly anticipated new Alix product: http://forum.pfsense.org/index.php/topic,59555.0.html

    Steve

    Would be perfect! Any alternative that are out now?


  • Netgate Administrator

    Are you looking for a complete box or a list of components?

    The Intel D2500CC is popular as it has dual on-board Intel NICs and is fanless (or can be).

    Steve



  • @RpR:

    @stephenw10:

    The next step up from an Alix box in terms of power consumption would be an Atom based box. An Atom D510 or newer will firewall/NAT at around 500Mbps in one direction or give you about 50Mbps VPN traffic if you ever wanted to use that. That would seem to meet your requirements. It will draw 10-20W depending on the Atom and PSU etc.

    You could wait for the hotly anticipated new Alix product: http://forum.pfsense.org/index.php/topic,59555.0.html

    Steve

    Would be perfect! Any alternative that are out now?

    Same question here, is there any alternative for Gigabit ports, low power, 100+Mb Wan?



  • @darkmage:

    Same question here, is there any alternative for Gigabit ports, low power, 100+ Wan?

    Steve has already offered an alternative to the Alix:
    @stephenw10:

    The Intel D2500CC is popular as it has dual on-board Intel NICs and is fanless (or can be).

    Those boards seem readily available. What requirement don't they meet?



  • Is size a big issue for you?  or power consumption?

    I like my million year old dual core athlon AMD Athlon™ 64 X2 Dual Core Processor 4800+  better than my Intel D2500CC and I think its faster too in actual throughput and ability to handle processor intensive packages also and has just been solid.  But its big and ugly and requires a larger UPS.

    Also, gigabit throughput is affected by lots of things including drive speed.  You can have big time processor and gigabit NIC cards sitting in the X16 video slots (thats where I put the card for my home router) but your caching will slow you down to whatever speed your drive platters are capable of.  If its just gigabit speed inside the lan that you need, you can let a 10/100 pfsense box handle the internet connection and just add a gigabit switch and put all your clients on it.  I think pfsense actually works better with oldish hardware and oldish gigabit Intel NICs.

    But, if you need multiple LAN interfaces on DIFFERENT subnets, yep.  You will have to have gigabit ports on pfsense preferably on the PCIe bus.



  • I just did the math for running a 150 watt old machine 24/7/365 and its about $130 per year.
    A 30 watt machine would be 1/5th that, so about $26 per year.
    So, supposing you plan to keep this thing a few years, lets say 3 or 4, the power saved would be $300.
    So, I guess if you have the money today, a small low watt gigabit box with good processor would pay you back its cost tomorrow.

    (Incase you need to justify to the wife why you are about to blow another $300 on parts AGAIN)



  • @stephenw10:

    The next step up from an Alix box in terms of power consumption would be an Atom based box. An Atom D510 or newer will firewall/NAT at around 500Mbps in one direction or give you about 50Mbps VPN traffic if you ever wanted to use that. That would seem to meet your requirements. It will draw 10-20W depending on the Atom and PSU etc.

    You could wait for the hotly anticipated new Alix product: http://forum.pfsense.org/index.php/topic,59555.0.html

    Steve

    Steve, if I may ask: a very wise and kind man recommended my G1610 to me. I am thinking about replacing it with a Xeon E3-1265LV2, because of VPN. For that, so I read, you would need a special encryption 'thing' in the chipset (for simplicity reasons for myself, I am looking at that the way we had the old 486DX versus 486SX, so the co-processor thing, in the '90s). The 'thing' my G1610 doesn't seem to have, so move up to a stronger processor. But in the above you write even an Atom can do 50 VPN? Isn't that CPU way too slow then too? Or am I wrong, and don't I need to buy a Xeon?

    Thank you  ;D


  • Netgate Administrator

    The D510 can push ~50Mbps of VPN traffic, in one direction. pfSense dev Seth posted some nice graphs of his testing of that CPU here: http://forum.pfsense.org/index.php/topic,27780.0.html

    Your G1610 will no doubt push far more than that. I assume the 'maths co-processor' equivalent you're talking about is the hardware AES-NI built into some newer Intel CPUs (such as that Xeon). I've not done any testing of this personally but there has been much written about it lately. The presiding view is that the current state of AES-NI support in FreeBSD is such that it doesn't actually accelerate VPN traffic by any worthwhile amount. In the future that will no doubt change and even if the acceleration is minimal the CPU offloading may be useful.
    Have a read through this thread at JimP's comments:
    http://forum.pfsense.org/index.php/topic,69073.0.html

    I wouldn't buy any new hardware until you've tested what yours can do.

    Buying a Xeon CPU will no doubt give you far higher VPN throughput but probably not due to the AES-NI support.

    Steve



  • @stephenw10:

    Buying a Xeon CPU will no doubt give you far higher VPN throughput but probably not due to the AES-NI support.

    not yet, Steve.

    Not.  Yet.  :-X



  • Here's the new Alix board.. the price shoots up with all the bells and whistles..

    | Board | apu1c4 | $165 | http://www.pcengines.ch/apu1c4.htm | |
    | Enclosure | case1d2redu | $9.3 | http://www.pcengines.ch/case1d2redu.htm | |
    | US Plug | ac12vus | $4.5 | http://www.pcengines.ch/ac12vus.htm | |
    | M-SATA SSD | msata16a | $20 | http://www.pcengines.ch/msata16a.htm | |
    | Wireless Card | wle200nx | $18.7 | http://www.pcengines.ch/wle200nx.htm | |
    | VPN Card | ?? | $ | | |
    | CPU Info | | $ | http://www.cpu-world.com/CPUs/Bobcat/AMD-G Series G-T40E - GET40EFQB22GVE.html | |
    | Order Page | | $ | http://www.pcengines.ch/order1.php?c=63124 | |
    | | | $217.5 | | |
    | | Shipping | $44 | | |
    | | | $261.5 | | |


Log in to reply