SuperServer 1017A-MP as a platform

Ridgeback

Hello…

A newbie question here... - sorry...

I am currently running pfSense on an Alix box, but i want to beef it up a little bit so I can run Squid 3, Dansgurdian, pfblocker, Snort, Mailscanner and Zabbix Agent, with the possibility of a few others.

Before I go and spend hard earned cash on some new hardware I was hoping some experts out there could offer some advice on weather this would be suitable:

Manufacturers link:
http://www.supermicro.co.uk/products/system/mini-itx/1017/SYS-1017A-MP.cfm

Prospective purchase site:
http://serverfactory.co.uk/tower-servers/supermicro-1017a-mp-atom-small-box-pc.html

with the addition of the - Intel 60GB SSD 330 Series SATA3 6Gb/s
for a grand total of £333

Thanks very much in advance...

RB

stephenw10

What bandwidth are you looking for?

Steve

Ridgeback

Hi Steve,

Thanks for replying to my question.

Currently we get around 60 Mbits/s down and 5 Mbits/s up from our ISP, but it's possible it could rise to around 120 Mbits/s down and 10 Mbits/s up in the next year or so.

Thanks,

RB

stephenw10

I see no reason that hardware will give you any trouble. There are plenty of people running N2800 Atom boards and NICs are fully supported. There was an issue with the graphics driver a while ago but I believe that was resolved and it didn't stop pfSense running anyway.
However you might want to consider something more powerful for a 120/10 connection. You should be fine, even after upgrading to that bandwidth, especially if you take time to tune your Snort rules a bit, but you won't be able to push 120Mbps of VPN traffic with that box for example. Maybe you won't ever need to do that.

Steve

Ridgeback

That's Awesome Steve, Thanks very much again!

I doubt we'll need to use VPNs, but if we do, it'll probably be less than 10 Mbits/s total, and only 1, possibly 2 at the most.

As ever, Thanks very much for the advice.

RB

stephenw10

No problem. Bare in mind that I don't actually have an Atom based box to test so those numbers are gathered from other forum posts. What I can be confident of is that doing just NAT/firewall that box will be good for 5-600Mbps and that as a VPN end point ~60Mbps. When you start adding Snort and Squid it really all depends on what rules you're running. You can't have too much RAM if you're running Snort.  ;)

Steve

jasonlitka

@stephenw10:

No problem. Bare in mind that I don't actually have an Atom based box to test so those numbers are gathered from other forum posts. What I can be confident of is that doing just NAT/firewall that box will be good for 5-600Mbps and that as a VPN end point ~60Mbps. When you start adding Snort and Squid it really all depends on what rules you're running. You can't have too much RAM if you're running Snort.  ;)

Steve

My connection at home is 35/35 (more like 42/38) and installing Squid, even having it run memory-only, actually slows things down.  Squid in AC mode with VRT Balanced doesn't seem to have any measurable performance impact though, at least not at 40Mbit/s.

stephenw10

On an Atom box is that?

Steve

jasonlitka

@stephenw10:

On an Atom box is that?

Steve

Sorry, that would have been useful information…  It's a DN2800MT w/ 4GB of RAM and a quad-port i350.