Hardware requirements in this situation…



  • Hello,

    I'm considering some changes to my current setup and need some advise.
    I'm fairly new to pfSense and my networks as of yet are not yet fully operational so I do not know yet what's what.

    A sort of estimate will have to do I think.

    I have a rackmount Soekris 6501 (Thats 4x Intel NIC, 1.6Ghz Atom E6xx, 2GB ram, 250GB Sata). Would that be able to cope with 4x 40/4Mbit DSL (multiwan) and 3 subnets with each about 20-30 clients at any given time.

    This machine would handle 2x Captive Portal, Squid, Traffic shaper, NAT/Firewall, DNS, DHCP, NTP, Radius (for CP) and IPSec + All background stuff pfSense does out of the box.
    To make up for the missing 3 NIC ports I'm thinking of adding a card (http://soekris.eu/shop/lan_boards/lan1841_pcie_quad_ethernet_board_en.html) for that so the net6501 has 8 ports total in that get-up.

    Thoughts?



  • Atom will do just fine. Don't expect it to fly.. and don't think about adding Snort or Dans (clamd) to it.

    Since it is single core (600 Mhz to 1.6 Ghz Atom E6xx) .. you may want to keep an eye on the CPU usage. If its running 75 -85% constantly then I recommend moving to an Intel Celeron G530 based system. With that you could easly use Snort and Dans (clamd).. and it will still fly ;)



  • Right now I'm not looking to run Snort or Dans, just thins the things i listed in my first post. But my "worry", if you can call it that, is - what will happen if those 60 people start to go online. If the Atom can cope and will provide fast throughput on the networks.

    I'm guessing a 1.6Ghz system will be fine, but as I said, I have no direct experience yet.
    The Atom is indeed Singlecore but does support hyperthreading, which is active in pfSense (cpu0 and cpu1).



  • It will handle 4 x 40=160Mbps easily. CPU usage may go high with 60 users downloading all at the same time but it can handle the load.



  • 2 subnets will be capped bigtime. One is a free-ish public wifi point (capped at 2mbit per device, vpn blocked etc.) and another is for actual customers using an account through CP. But less restrictions max. 8mbit per device for example.
    The final subnet is for the company stuff itself, and is 'unmetered'.

    I guess I'm gonna need that network card :) Unless someone else has useful advise.


  • Netgate Administrator

    You can use VLANs and a manged switch to get extra interfaces, perhaps you already have suitable one?

    Steve



  • @Steve -  No, my switches are unmanaged. Replacing them (3x 24p gbit) would be much more expensive than getting the extra card.


  • Netgate Administrator

    That would certainly be true but an additional 5 or 8 port managed switch may not be. It's just a suggestion, I would personally not do VLANs unless I have to. Removing complexity usually results in less problems.  ;)

    Steve



  • @adegans:

    @Steve -  No, my switches are unmanaged. Replacing them (3x 24p gbit) would be much more expensive than getting the extra card.

    You can get a Netgear 10-port Smart switch for under $100. Use that for your VLAN backbone and then segregate the subnets with unmanaged switches branching off the Netgear Smart switch. Technically you can have 9 physical VLANs ports on it going to 9 unmanaged switches for each VLAN. It can handle lots of VLANs if you have other managed switches connecting to it.



  • Hmm I see, but as you said yourself, removing complexity is better. :)



  • @adegans:

    Hmm I see, but as you said yourself, removing complexity is better. :)

    Actually, asterix was proposing the cost-effectiveness of a smart switch:
    @asterix:

    You can get a Netgear 10-port Smart switch for under $100. Use that for your VLAN backbone and then segregate the subnets with unmanaged switches branching off the Netgear Smart switch. Technically you can have 9 physical VLANs ports on it going to 9 unmanaged switches for each VLAN. It can handle lots of VLANs if you have other managed switches connecting to it.

    while stephenw10 was the one positing that less complexity = less problems:
    @stephenw10:

    That would certainly be true but an additional 5 or 8 port managed switch may not be. It's just a suggestion, I would personally not do VLANs unless I have to. Removing complexity usually results in less problems.

    Personally, I'm not having much fun with VLANs at the moment myself, but I also have zero experience with them :P



  • Start with a Netgear GS108Tv2. It's cheap, gigabit, extremely well built and very stable. I learnt all about VLANs playing on this. I have now moved to a 48-port GSM7248v2 managed switch which has the same GUI as the GS108Tv2 but with extra features.



  • Right, but I'm not looking to set up a VLAN kind of setup.


  • Netgate Administrator

    Just giving you options. There are pros and cons for vlans over additional NICs.

    Steve



  • Correction .. the Netgear GS108Tv2 is a 8-port and not a 10-port… still cheaper than adding a multiport NIC. I was in similar situation when I first started using pfSense and adding the Netgear GS108Tv2 was the smart thing to do ;)



  • I see :) Thanks.


Log in to reply