NIC card requirements for Network Appliance
I am presently taking Cisco Advanced Router classes but am new to pfSense.
Currently building a Network Appliance and wish to use pfSense on the following configuration:
- ASRock 970DE3/U3S3 AMD 770 DDR3 800 - AM3+ Motherboard (Has Realtek RTL8111E PCI-Express x1 Gigabit?LAN?Controller which I think would be inferior to an Intel PCI-e card, e.g. Intel PRO/1000 Pt Dual Port Server Adapter (http://www.amazon.com/Intel-1000-Dual-Server-Adapter/dp/B000BMZHX2/ref=sr_1_3?ie=UTF8&qid=1392674981&sr=8-3&keywords=intel+nic)
- AMD quad-core CPU
- 8 GB DDR-3
- 1 TB WD HDD (Caviar black)
Should I add the 2-port Intel PCI-e NIC card? Anything else to add?
Note: Will be using pfSense on this appliance with a Cisco 2911 router and a Cisco SG300-10 10-port Gigabit Managed Switch.
Also, please forgive the idiocy of this question as I am new to pfSense. Thanks!
What throughput are you expecting?
Are you going to run any packages like Squid or Snort?
If not then you won't need either a 1TB HD or 8GB RAM.
The Realtek interface should work but Intel NICs are preferred. How many interfaces do you need?
Thank you, Steve, for responding.
Are you going to run any packages like Squid or Snort? - Am presently barefoot and stupid, i.e. new to the whole concept of a dedicated firewall in a network appliance, so I will answer that question down the line.
If not then you won't need either a 1TB HD or 8GB RAM. - Can't help it cause this is a new build, and as you know it's hard to find less than a TB HDD and 4 X 2 GB RAM (very minimal compared to my other computers and file server)
The Realtek interface should work but Intel NICs are preferred. How many interfaces do you need? That would be my question. Primitive logic would tell me the Comcast bus. class modem would input and I would need an output to my router (from router to switch with VLANs for server and hosts)
Right now as I am just building the NA, I would assume I should add two Intel NIC's, question being should they be separate stand-alone NICs or a dual port single NIC? Basically, I just want to get started with pfSense so I can play with it and grow with it.
I know my questions are infantile given your body of knowledge, so please forgive. You are very kind to indulge me. If it's any consolation, I am quite dogged and don't remain stupid for too terribly long.
It won't hurt having 8GB of RAM. ;) You don't need more than a few GB for pfSense but yes it looks like the cheapest drives are still 500GB.
As you say for a firewall configuration you need at least two interfaces, WAN and LAN. However it's possible to do that in VLANs using just one NIC. I would get the Intel card, they are significantly better in terms of reliability and performance under pfSense. Having 3 physical NICs available gives you more options as well. Dual port NICs often command a premium over two single NICs but it makes no difference to pfSense.
You are so kind to help. Every day in my Cisco classes I learn more (going straight for the CCENT), and hopefully I will not be belaboring you with such newbie questions for too long.
Gonna take out the Win 7 Ultimate 64 bit and install Ubuntu on the machine, since I'm migrating from Windows to Linux and Open Source anyway. Plan to play with pfSense and read the manual as I have questions.
In conclusion, I would assume that separate single port NICs would perform better than NICs with multiple ports.
In general the multiport cards are simply multiple chips on a single pcb. Since the PCI-e bus is sufficiently fast/wide the fact that they are one card is not a restriction. There is no difference from pfSense's point of view.
Some applications require a multiport card(s) because there aren't enough slots available to use single port cards. In that situation you are forced to pay the premium, if one exists where you are.
Steve, I am forever indebted to you for all the hand-holding. Quite frankly, after working with computers (seriously, not data entry) for 25 years, I only wish I could see an end to this learning curve. I feel like Sisyphus.
Well, enough of that. NIC cards that I have found vary dramatically in price, such that I have decided to go through the specs of the various network appliances listed at http://www.applianceshop.eu/index.php/firewalls/opnsense.html.
Briefly, I found:
As you can see, the price difference is huge. Also, I found other NICs which were rated for servers and CAT-5 networks. Who still uses CAT-5 cable I don't know (old and slow, not rated for Gigabit but only Fast Ethernet speeds); I upgraded all my cabling to CAT-7 just because I'm a little bit "mental" in my desire to stay ahead of the game.
**1) What should I look for in NIC specs?
Is a server NIC different/unique in some way?**
Single port vs Multi-port: Common sense, if there be such a thing, tells me that separate single-port NICs would be preferable to a multi-port card (no bottleneck, lest it be on the BUS and then number of ports per card would seem not to matter)
Intel NICs only?
This cheap-o motherboard has:
1 x PCI Express 2.0 x16 slot (PCIE3 @ x16 mode)
3 x PCI Express 2.0 x1 slots
From what I understand, PCI-e 2.0 is more than adequate. Your thoughts, kind Sir?
I would go with the Intel NIC personally though I believe there are many people using the HP branded versions here. That particular HP NIC is a Broadcom chipset which is also well supported by FreeBSD (and hence pfSense) but Intel is still the preferred choice.
The Intel Pro/1000 PT should give you no problems.
There are some differences between the server and desktop oriented NIC chipsets, the PT has ECC buffers for example, but unless you are pushing the absolute maximum traffic through it I doubt you'll notice. The usually have more hardware offloading capability.
A PCI-e 2.0 bus can handle 500MB/s per lane in both directions. That's ~4Gbps. Even in a single lane slot the bus will not be the bottle neck in your system.
Cat 7 you say. Nice.
Here at home I have cat 5e and have not seen any data-rate restriction. I didn't really pay much attention to laying the cable either. If you need more than 1Gbps you start getting into trouble if you bend the cables too sharply or run too close to interference etc as I understand it.