Hardware recommendations?



  • Im looking to get a new router.

    I'm stuck between a RouterOS device and a PfSense machine.

    I've seen the watchguard fireboxes can be converted, most of them I'm finding within the price range I am willing to dip into are only 100mbit which I want gigabit.

    http://www.ebay.com/itm/Barebones-Mini-ITX-pfSense-Firewall-Router-Intel-D2500CC-PicoPSU-80-2x-Gbe-LAN-/200839113376?pt=US_Firewall_VPN_Devices&hash=item2ec2f1aaa0 <–- i've found things like this but I also need to be able to add in wireless functionality.

    As far as hardware reccomendations go does anyone have any, as well as has anyone here had experience w/ RouterOS and how does it compare?



  • Additionally can you set up a wireless interface via USB?

    And how well would pfsense run on an Asrock e350m1 e350 APU machine?


  • Netgate Administrator

    You can use usb wifi adapters and some can be used as an access point. However the wifi hardware support is limited so you have to choose your card/stick carefully. See: https://docs.google.com/spreadsheet/ccc?key=0AojFUXcbH0ROdHgwYkFHbkRUdV9hVWljVWl5SXkxbFE&hl=en#gid=0
    There is no 802.11N support at all so if you need that you have to use an external access point. To be honest access points can be had so cheaply these days that it's hard no to recommend going that route. You can also locate it for better radio reception as a bonus.

    I don't know what your price range is but Watchguard boxes can be had very cheaply, even the gigabit models. E.g. : http://www.ebay.com/itm/181193373805
    That box will not route at gigabit speed though. What are your actual requirements?

    Steve



  • No requirements really, Im just using this in the home setting and I want some additional functionality.

    The most intensive thing I'd probably be doing is transferring data within the network to my NAS.

    I prefer buy it now items and @ 30.00 shipping thats a joke. lol



  • I could sell you "Specially configured" DD-WRT linksys E2000 set up as Wireless N AP/Gigabit switch for $20 + $1,000,000 shipping…

    Or you could buy one and configure it yourself for like $20.  ;D



  • I already run a Buffalo router preloaded w/ dd-wrt.

    Im looking for a firewall as well.

    Only way to do that is to add entries to iptables which I don't care for.



  • Then you are all set.  You buffalo router can be your gigabit switch and your wireless N AP.

    Just plug it into a configured pfsense LAN port and you are all set.



  • Ill just look at gigabit firebox solutions.

    its not difficult to do the conversions is it, what all is required. I've kinda looked at some of the info on it.

    @Stephen, That is a non gigabit model.
    What are the models that ARE gigabit?



  • Does it have to fit some certain special form factor or power consumption spec?



  • Yeah, not a 4 ft long 1u rackmount blade. or anything of  large size. I'd like it to be something I can fit on my desk. or next to it.

    Also whats a good intel gigabit nic w/ multiple ports on it that would be supported by pfsense



  • If it just needs to fit on your desk, just get yourself a nice small desktop board, a couple of 2 port PCIe NICs, almost any modern intel or AMD CPU, a couple GB or more of ram and put it on your desk.  If all the hardware is 2 years old or more and especially if its all Intel, it going to work great.  It doesn't need to be expensive either.  But, if it doesn't have to fit a 1U chassis I'd suggest a quad core processor clocked at 3GHZ or more. A modern I5, I7 or AMD or something will allow you to get pretty creative.  When I'm not constrained by space, power or heat, I opt for horsepower.



  • BTW - Gigabit NICs are are nice and I definitely like the pretty green color it turns my switch's lights, but gigabit ports doesn't equal gigabit throughput necessarily.  If you have some space, build something with a bit of CPU to spare  ;)



  • Well right now the machine I've got to play with is a 1.6ghz dual core AMD 350 APU machine w/ 4gb of ram.

    Asrock e350m1 specifically.

    I was looking into something like this potentially as well http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=281150078955&fromMakeTrack=true&ssPageName=VIP:watchlink:top:en



  • The realtek 8111e on the Asrock might be a problem and the processor isn't going to give you blazing throughput.  Might be a headache.

    The server is pretty big, but it will surely work one would think.

    I might go a different way though if I were going to spend $200 or more.



  • The advertisement for the server on ebay says dual core in the specs then quad core further down.  Which is correct?



  • Yeah, I noticed that. I already messaged the seller for clarification… haha. I'll have to do some digging. Ill probably end up going for a server for it.



  • If its going to give you 8 or 16 threads, I like the server too.  You can put ESXi on it, use two cores for a pfsense and put a bunch other services on the remaining vCores.



  • if I had a new haswell machine i'd use my current rig on it with a 3960x, 12 threads :D



  • I have a couple small VMs running here and there but my personal machines are all either quad or dual core.  (Thats the downside of being able to fix things well - Nothing breaks often - Nothing gets upgraded often).  The up-side of that is my pfsense here runs on a dual core AMD with no virtualization, my desktop is quad core no virtualization. Most everything here is single serving one user/purpose per machine and its super reliable.  I've done 8 core 16 thread installs for a few people and its nice and saves on power bill, but mine is way more reliable.  Most things run well, but the more I do it for others, the less I want pfsense on a VM for me.



  • Im not looking to get extreme speeds, I imagine my APU machine will have more throughput then my current router lol. Definitely more processing power.



  • I like your APU as a pfsense actually.  I just don't like its network chipset.  If you stick a dual or quad port Intel NIC in the video PCIe slot, it would be pretty nice actually.



  • Yeah that was going to be the idea, because I can't just plug something in and have nothing come out. Do you have any recommendations for dual gigabit intel nics? I love Intel nics.

    Right now I've a EVGA X79 FTW in my current rig, and its got dual gigabit nics onboard but for some reason it acts up and does nooooooot work right sometimes. the speeds are super bottlenecked. and other times works fine. So I bought a Intel card and it works like a dream :)

    My plans were going to be a small SSD for the OS and a dual gigabit nic :)

    http://www.ebay.com/itm/HP-NC360T-Dual-Port-Gigabit-Server-Adapter-PCIe-Low-Profile-LP-412651-001-HH-/130964213434?pt=US_Internal_Network_Cards&hash=item1e7e134eba

    Lookin at something like this maybe



  • http://www.ebay.com/itm/171056854896?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1439.l2649

    I know for sure this one works well and sits nicely in the video slot…

    Prepare to spend big bucks though.  These are $26 each.

    I think its basically the same card.

    You could use a single port and VLANs with VLAN switch, but if you don't need to why????

    Yeah - I think your plan for the APU is fine.



  • In that case, Ordered the card, Ordered an SSD. And a new CPU fan for that APU machine cause their fans are shitty and the bearings went out lol.



  • Yeah - I have a small Atom build that did same thing…  Solid platform, but the fan is a pain.  Totally not needed but loud enough to irritate when goes bad.
    I wouldn't necessarily have gone with an SSD though.  What SSD did you get?  What kind of install are you doing?  Embedded or full?



  • Elaborate on install type(I think im gonna be doing a full), And I may not do SSD, I didnt press the okay button yet :P

    I could just use a HDD I've laying around too.



  • Well.  A full install from a "live CD" download provides the most options.  It also makes the most frequent writes to the HDD.  There isn't much in the way of TRIM support going in pfsense to my knowledge.  So, frequent writes will kill a cheaper SSD.  By cheaper, I mean anything that isn't industrial SSD is a gamble in my opinion for full install with SSD.

    So, I have little western digital black 2.5 inch drives in my small ones and a 500GB WD Black in my home pfsense.  (Thats way more than is needed.  only about 20GB is currently used).

    So, think about how you want to go.


  • Netgate Administrator

    @CaptainWTF:

    @Stephen, That is a non gigabit model.
    What are the models that ARE gigabit?

    The X550e has 4 Marvell Gigabit NICs. The details on that ebay auction are wrong.
    Hardware details of all the fireboxes are listed on the wiki page: http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox

    Steve



  • @kejianshi:

    So, frequent writes will kill a cheaper SSD.  By cheaper, I mean anything that isn't industrial SSD is a gamble in my opinion for full install with SSD.

    Gotta agree with this… I've killed several cheaper SSD's. The latest is an Intel and it seems fine so far.



  • SLC SSD is just fairly bullet-proof anyway, which is probably what you have.  But most people don't seem to get that if it isn't SLC its just a matter of time.



  • @kejianshi:

    So, frequent writes will kill a cheaper SSD.  By cheaper, I mean anything that isn't industrial SSD is a gamble in my opinion for full install with SSD.

    Gotta agree with this… I've killed several cheaper SSD's. The latest is an Intel and it seems fine so far.

    @kejianshi:

    SLC SSD is just fairly bullet-proof anyway, which is probably what you have.  But most people don't seem to get that if it isn't SLC its just a matter of time.

    this isn't as true as fear mongers like to think, if you treat the device like it has a finite write, it will last a long long time.
    I have a cache on a old kingston MLC 30gb , still going strong with large amount of writes,
    but, things like non-journaled, noatime, nodirtime, (and in newer systems/drives) discard, ALMOST makes the difference between the 2 techs nothing more than dollar signs, now once you go to capped SSD's, then we are in a totally different market.



  • I ran a Kingston(intel) 40gb ssd for 2 years on a physical live install of pfsense (1.2.x versions) with no issues before I switch to virtual.  It's now running as a bootup drive on a server.  I think people's fear of wearing out SSD's is overrated.  If you know you have a high write setup, then that would be the only place I would worry (I do have a HD on such a server).  All I can say is stay away from brands that don't have a reputation as well as anything too small (so it has wear space).



  • I'll agree that if you take all kinds of precautions to reduce writes to a MLC you MIGHT be ok, or you MIGHT be gambling.
    SLC doesn't cost a bunch more for no reason at all - Its just better.

    My opinion is still up in the air on the newer MLCs with sandforce and "duraclass" garbage disposal.

    If I needed my full install install of pfsense to double as my volleyball or soccer ball, I'd use SSD for sure, otherwise as long as my pfsense sits on a table and shock/impact isn't an issue, I'm waiting on TRIM to be well sorted out.



  • @kejianshi:

    I'll agree that if you take all kinds of precautions to reduce writes to a MLC you MIGHT be ok, or you MIGHT be gambling.
    SLC doesn't cost a bunch more for no reason at all - Its just better.

    My opinion is still up in the air on the newer MLCs with sandforce and "duraclass" garbage disposal.

    If I needed my full install install of pfsense to double as my volleyball or soccer ball, I'd use SSD for sure, otherwise as long as my pfsense sits on a table and shock/impact isn't an issue, I'm waiting on TRIM to be well sorted out.

    trim works fine up-to-date BSD releases, pfsense is just on the backside of that curve, it's coming! soon! ™



  • Yeah - I'm sort of expecting it in 2.1 but not too sure.  I've seen some of the devs talk it. 
    It would be a great thing to have.  I know its just a matter of time.



  • According to this http://forum.pfsense.org/index.php/topic,62648.msg338372.html#msg338372 you can enable it in 2.1 Haven't tried it yet because I haven't switched to 2.1 for my "prod" firewall.



  • Anyone know what the status is for pfsense support on these e-350 APU's?



  • @CaptainWTF:

    Anyone know what the status is for pfsense support on these e-350 APU's?

    Short answer - load up the LiveCD and try it. You stated that you "had this to play with" - so play with it.

    Long answer that's still short - there's a compatibility list (it's a Free BSD compatibility list) - check it. The short answer is more direct and takes less time. Things not on the list may work; so back to the short answer.


Log in to reply