512MB or 1GB

  • I am working on a build for my parents for Christmas, and the machine needs more RAM.  So I was on ebay and saw a auction for 512MB (2x256MB) corsair XMS CAS 2 DDR 400, and spontaneously bid on it before realizing that it was 2x256MB.

    I'm planning on building a pfsense box, and I was going to use 1GB (2x512MB) CAS 2.5 DDR400 with it, but now I'm thinking that I should put that in my the build I'm doing for my parents,and use the stuff I just got one ebay.

    My pfsense box is for my home network with 2 desktops, and my media server (basicly a HTPC that runs a bittorrent client and various software that allows me to download and stream media over the internet to my laptop at work).  I am definetly using squid, I want to use STunnel, and I'm thinking of using SNORT  It will be on a gigabit LAN with a 8mbps connection, and have a wireless access point.

    I was thinking that the 512MB of CAS 2 RAM might be better due to the better timings, but is it enough RAM?  With 512MB do you think I will be using any of the swap file?

    It sucks because both boards are microATX, and only have 2 RAM slots, and I already have a bunch of 256MB DDR ram stick lying around.

  • Using Snort and Squid, I would suggest getting at least a Gig of RAM.  I'm running just Snort and I'm currently using 705 MB of RAM, although my pfSense box has 2 Gigs installed.

  • Really?  My IPCop box had snort and squid, and used less that 512MB of RAM, with zero swap used.  I guess pfsense just uses more RAM.

  • I use the ac method with Snort which uses the most memory but I appreciate the faster startup times.  You can use one of the other Performance methods which uses less memory.  Also, the more rule categories you use, the more memory Snort will consume.  Memory usage will depend on how you use Snort.

  • Im using ac-bnfa mode with snort and it uses around 150-180mb of ram. I have almost all the rules, only chat,icmp, local and porn are turned off.

    With imspector,bandwidthd and snort i have 223mb of free ram (from 512)

    I have no experience on squid but if it doesnt use more than ~200 I think 512 would be enough.

  • You'll have to follow the tutorial linked below (credit to Bellera) to get the ac-bnfa performance mode.  Its not one of the standard performance modes in the pfSense package.  It requires a config file edit but it is very easy to do.


  • I found a guy that is going to sell me a 512mb stick of RAM for $15 shipped.  That should get the build that I am working on for my folks where it needs to be.

    Honestly I don't really know a whole lot about snort.  When I had my IPCop box I just turned it on, and subscribed to the Sourcefire VRT rules.

    This is the first that I have heard of ac-bnfa mode, but it sounds cool.  I'll check it out

    I'm not even sure if I need snort for my home network.  I never realized that it was such a resource drain.  Added protection is nice, but my main concern is speed.

Log in to reply