Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Xeon vs Celeron

    Scheduled Pinned Locked Moved Hardware
    14 Posts 8 Posters 7.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      ben.suffolk
      last edited by

      Hi,

      I am just looking at the relevant hardware for a new pfSense firewall. I will be using HP, and it seems that the DL320 G5 looks like a good option.

      I can either get it with a Celeron 3.2Ghz (512 K cache), or a Xeon 2.4 (4M cache).

      To put it into context, there will be 2 identical machines in a carp cluster, They will be used to sit in front of a number of web servers (with public IPs, so no NAT on the firewalls).

      I will be using the D-Link DFE580TX PCI-X 4 port cards in the machines (allowing extra ports for management LAN, and rule syncing)

      Memory wise, the Xeon comes with 1G standard, and the Celeron 512M as standard, but clearly with the saving on the cost of the Celeron I could up the memory if required.

      What I want to know is how much difference, for a firewall, will having the Xeon make? Its pretty much £200 more expensive than the Celeron. I don't mind spending the money if it's needed, but don't want to waste money I could spend on other parts of the project.

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        Maybe not the answer your looking for, but i can't help myself :)

        IMO with the future in mind
        Celeron is so slow, Xeon ( http://en.wikipedia.org/wiki/CPU_power_dissipation) price is also high, i think i would go for core 2 dual.
        1G ram
        Intel nic just works better with freebsd. I would also select giga nic's

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • B
          ben.suffolk
          last edited by

          Thanks Perry,

          The server has the Xeon 3060 Dual Core processor in it, which I believe is just the server version of the E6600 Core 2 Duo.

          I know the Celeron is a much slower chip, but I guess what I didn't know is how much CPU speed is needed in a firewall. I guess what your saying is the enough to make it worth while not buying the Celeron?

          Network card wise, I had heard the Dlink one works fine, and its just less than £100, vs an Intel one at around £350, so thats a big price difference, unless the performance of the 2 cards is very different.

          Ben

          1 Reply Last reply Reply Quote 0
          • jahonixJ
            jahonix
            last edited by

            Intel NICs are a no brainer. Set and forget. Don't know about the D-Link stuff. Maybe.

            The CPU performance dependes on how much bandwidth you need to push and how many VPN tunnels willl be established. Even harder to tell without figures.

            1 Reply Last reply Reply Quote 0
            • B
              ben.suffolk
              last edited by

              Hi Chris,

              At the moment there will be 3 VPN's (all IPSEC) but its possible that might have to be upped a little in the future, but its not going to be loads.

              Bandwidth wise, a guesstimate would be around 40 megabits per second.

              Regards

              Ben

              1 Reply Last reply Reply Quote 0
              • jahonixJ
                jahonix
                last edited by

                OK, comparing to what I have to draw some conclusions from that:

                • 16MB/512k ADSL

                • PIII Celeron 1100MHz

                • 512MB Ram

                • one permanent IPsec tunnel

                • and another one when I'm on the road - but I don't watch my CPU then

                phpSysInfo reports: Load Averages  0.13 0.07 0.05

                I have not seen my CPU graph reaching 100% unless I trigger lightsquid to rebuid its data. It usually flutters between 0% and 25%.
                Since you would have three times the CPU power for only 2.5 times the bandwidth the 3.2 GHz Celeron CPU should be sufficient. Assuming you give it enough RAM to breathe and good NICs that don't load the CPU too much (like Intel Server NICs).

                And if you need more power in the future you still have the opportunity to upgrade the CPU.

                But don't nail me to it. This are estimates!

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  40 Mbps of IPsec, or 40 Mbps of total traffic? Huge difference, the overhead for encryption for IPsec is processor intensive.

                  If you're looking at 40 Mbps of total throughput, and less than 5 Mbps of consistent IPsec traffic, the Celeron would be more than adequate. That should scale up to 1 Gbps, guessing roughly. You can probably get 2 Gbps with the Xeon, as another rough estimate.

                  1 Reply Last reply Reply Quote 0
                  • B
                    ben.suffolk
                    last edited by

                    Thanks for that,

                    40Mps was approximate overall bandwidth, so it looks like the celeron will be fine for the moment, and if the traffic does scale up to the point where it needs to be replaced, then I'll spend the extra then, as its probably a way off yet.

                    Ram wise, will 1Gig be OK, or should I give it some more? (I'd like to be running snort, but thats pretty the only additional package really. And I know that can be memory hungry).

                    Regards

                    Ben

                    1 Reply Last reply Reply Quote 0
                    • jahonixJ
                      jahonix
                      last edited by

                      As always: more is always better. But 1GB should be sufficient for the moment.

                      Snort's memory usage depends on the ruleset you define. The more rules the more memory.

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb
                        last edited by

                        1 GB should be fine. But the price differential between 1 and 2 GB is probably very minimal, so I'd likely go for 2 GB.

                        1 Reply Last reply Reply Quote 0
                        • F
                          fastcon68
                          last edited by

                          I use a pentium D Dual core 3.00 ghz processor.  It run's great!  i have run on server different processor's.

                          dual 500 P III (256 MB) with a 512K fractional t-1
                          dual P II 266 (384 MB) DSL, and a 512K fractional t-1
                          Pentium D Dual Core(64 bit processor) 3.00 MB / 512 DSL
                          C3 GIGA Pro ((733 MHZ clone) 256 MB of ram) 3.00 MB / 512 DSL
                          Tested on a Compaq 6400R with 4 - 500 MHZ Xeon processors with no issues  3.00 MB / 512 DSL

                          My luck has been great.  I think that a faster processor and more ram is important.  I have customer sites that connect to my IPSEC VPN.  All three use different VPN end points. 
                          1- Symantec gateway - Fractional T-1
                          1 - Netgear 380 - Cable connection
                          1 - Linksys with VPN endpoint - Fixed IP DSL 5 mb / 768 ,m

                          All three work great connected to my endpoint.  My end point is a DELL SC400 with 2 - GB network adapters.  One is a broadcomm and the other is a $14.00 special no name.  They both work great.  I have those connected to a vlan on my DELL 8 GB managed switch.  I have a web server, ftp server, terminal server, and a few other services set up behind my firewall (PF-Sense)  The system works really good.  I am on 1.2-RC3
                          built on Thu Oct 18 15:19:54 EDT 2007.

                          I am not upgrading at this point.  This snapshot is ultra stable and I have had no issues with the services that I am running from behind my firewall.  I am in the process of testing a Veloiraptor 700 firewall to see if I can get PF-Sense or Monowall to run on it.  If I it would be great.

                          My other thing I am going to setup is a virtual firewall on vmware.  I am planning to use a new 4 way server with 2.6 Gb of ram and run that virtual device as my firewall.  Then I can backup my image and always recover in the event a upgrade does not work correctly.

                          My new question is there any progress on the 64 bit verision of code or a release on Freebsd on release 7.0?

                          But back to your prginal point I like a Xeon processor in any flavor, I am not crazy about the Celeron processors.  I do agree more is better in any case.

                          RC

                          1 Reply Last reply Reply Quote 0
                          • C
                            chazers18
                            last edited by

                            i run a AMD Athlon 900 with 768mb  pc133
                            with 3 3com cards

                            this is the company firewall/ vpn concentrator and all the other goodies that PFsense offers.

                            and i run aprox 15-20% at full capacity

                            3 different Vpn with 10 users total on the other side of the 3 different VPN (open Vpn)

                            my connections are
                            2m x 2m cable and
                            3m x 768kb
                            under full load it still works fine.

                            i personally think that the Celeron will pull you though with minimal issues.
                            1gb will do you good… but pending on what you are running all with the base pfsense that could change in a mouse click

                            1 Reply Last reply Reply Quote 0
                            • V
                              Visseroth
                              last edited by

                              I'm running on a P4 2.66Ghz, 512MB of RAM, 40GB HD, 2 onboard Intel NICs and 1 RealTek NIC for DMZ.

                              On my system I'm running squid proxy and this machine runs fine! I don't usually see more then 10 to 25% CPU usage on average and the only time the machine goes down is for some sort of hardware upgrade!

                              My internet connection is 6Mb/512Mb with a server hosting email, TS and a web server and 3 home work stations that draw quite a bit of bandwidth because we are power users, always downloading something, always have something pulling bandwidth. I average 4 to 10GB a day of download.

                              Awesome firewall!!!

                              1 Reply Last reply Reply Quote 0
                              • P
                                pega2k
                                last edited by

                                Hi!

                                If I recall right HP sell a firewall server for Microsoft ISA, the hardware is a HP DL320 and the CPU are Celeron, that why I think that for pfSense I am sure that the Celeron must be more than enough.

                                And for the NIC the recommendations is a good quality net cards (right now Intel or Broadcomm chipset, you get probably VLAN support, QoS tag, TCP Offload, etc.) and if possible all the cards must be the same model/brand.

                                Greetings…

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.