100Mbps cable, 30-40 users. AMD Turion? Intel DC?



  • Hi everyone,

    I've been using pfSense for a few years on an old P4 box for our 20Mbps ADSL connection with no problems, apart from a few hardware failures (PSU went pop, motherboard capacitors bulged, HDDs died…)

    We'll be upgrading to 100Mbps cable and I figured it's a good time to replace the aging box with a new machine.

    Will an AMD Turion 1.5GHz with 2GB RAM be enough to route 100Mbps for 30-40 users? They'll just be doing normal office-related web surfing - no torrenting.
    VPN is handled by another server. I'll also be using pfSense's captive portal's pass-through MAC, and firewall features.

    My other two options are a Turion 2.2GHz or an Intel Dual Core G1610T.

    There's also an i3 option but that feels a bit overkill.

    I had a look at the Hardware Requirements page but it's a bit light on details. It says I'll typically need a system between 700MHz - 1GHz, but there's quite a difference between e.g. an 2.2GHz Turion and 2.2GHz i3.

    I'm looking at the HP Microserver range as they're meant to be server-grade hardware that's designed to run 24/7, as opposed to a desktop. They aren't too expensive at about AUD$289 and are easily available as well. I do realize some people don't think it's a good deal as pfSense doesn't need the four drive bays, but I feel more comfortable running server-grade hardware with good cooling 24/7 rather than a desktop.

    I already have an Intel Pro/1000 PT dual nic to use in the server so the single onboard nic won't be a problem.

    Thanks!



  • I'm running a 100 meg cable connection on a dual core Celeron 847 @ 1.1 GHz. Granted I don't have quite as many users as you, but I think you'll be fine with any of the above options. My network routinely handles torrenting and some gaming.

    Just a note on those HP micro servers, they can be a real pain to work on if you need to open one up for any reason (such as adding a NIC). Space is extremely limited and there are cables running everywhere. I opted against that and built my own ITX system using a Gigabyte motherboard and an Antec case. They've been running 24x7 without issue for several months now. And it only cost me about $200 USD. I also run a VMWare ESXi lab on consumer hardware and haven't had any real issues with them (a noisy heatsink got replaced at one point).



  • That sounds good. I had a look at cpumark, the Celeron 847 is slightly faster than the 1.5GHz Turion (988 vs 832).
    The 2.2GHz Turion is 1,396. The Celeron G1610T is 2,585 but that's for the 2.6GHz version while the one in the microserver is 2.3GHz.

    So it sounds like I should be safe with the 1.5GHz Turion, although the 2.2GHz one would probably be a bit safer?



  • Celeron 1007U is a better choice



  • @tirsojrp:

    Celeron 1007U is a better choice

    Ah, that's the new version of what I got.

    http://www.gigabyte.us/products/product-page.aspx?pid=4497#ov
    http://www.gigabyte.us/products/product-page.aspx?pid=4444#ov

    Gigabyte makes solid hardware, you won't go wrong there. But if you're set on the HP micro servers, I'd say go for the best you're willing to pay for. More headroom for down the road is never a bad idea.

    -edit-

    Seems the new version works just as well as the old version with pfsense 2.1, if anyone was curious.


  • Netgate Administrator

    Any of those should be fine for firewall/NAT on a 100Mbps WAN. More users just means more connections but with 2GB of RAM that will not be a problem.
    You haven't mentioned any packages but that would be the real deciding factor. If you decide you'd like to run Squid or Snort at a later date you could regret not getting a more powerful machine.

    Steve



  • @powermatt:

    http://www.gigabyte.us/products/product-page.aspx?pid=4497#ov
    http://www.gigabyte.us/products/product-page.aspx?pid=4444#ov

    Gigabyte makes solid hardware, you won't go wrong there. But if you're set on the HP micro servers, I'd say go for the best you're willing to pay for. More headroom for down the road is never a bad idea.

    Thanks for the links. The prices end up being similar to the microserver though, as it looks like parts here in Australia costs more.

    The 1007 is about $100ish here. A case is $89-100+, 2GB RAM $22, hard disk $56 (500GB is the smallest I can find) making the total about $280.

    A slightly-slower 1.5GHz Microserver is $299 including 2GB ECC RAM and 250GB HDD, plus a PCIe slot for my intel dual port NIC (as opposed to the dual Realteks on the gigabyte).

    Since the price difference is minimal I think I'll stick with one of the Microservers.

    Oh yes I'm familiar with how tight space is inside the microserver. Fortunately after you've done it a few times, it isn't too difficult anymore. :)



  • @stephenw10:

    Any of those should be fine for firewall/NAT on a 100Mbps WAN. More users just means more connections but with 2GB of RAM that will not be a problem.
    You haven't mentioned any packages but that would be the real deciding factor. If you decide you'd like to run Squid or Snort at a later date you could regret not getting a more powerful machine.

    Ahh, so the processor power only determines the maximum bandwidth the system can route, while the amount of RAM determines how many users (and hence connections) it can support?

    The cable connection is getting hooked up tomorrow, so I'll do a bandwidth test with one of our existing microservers. Is it safe to assume that if I can max out the connection with one laptop on that microserver, 30-40 users doing normal web tasks would be no problem thanks to the 2GB RAM?

    The only package I have running at the moment on our P4 2.8 router is bandwidthd. I don't foresee running squid or snort in the future, but I'll keep that in mind!

    Thanks.


  • Netgate Administrator

    That is simplifying the situation somewhat but yes it's basically true.
    Unless all of your users are simultaneously running bit torrent clients creating many many thousands of connections I wouldn't expect a problem. Even in that extreme situation I wouldn't expect a problem, 2GB is a lot of connection states.
    My home box, which is running a P4 underclocked to 1.2GHz, can push >250Mbps when doing only firewall and NAT.

    As soon as you introduce extra services like Squid or Snort the hardware requirements increase significantly. Both of those require significant CPU time to process packets and lots of RAM leaving less for connections. Even so I wouldn't expect you to have any real problems should you decide to run Squid in the future. It looks like those gen 8 microservers have upgradable CPUs anyway.

    Steve


Log in to reply