Can someone comment on these hardware specification for pfsense install



  • Hello pfSensei,

    I want to ask if you have a spare time for your comments and suggestions if pfsense will not a have a problem on this setup from a supplier's suggested specification.  I am targeting at least 6000 nodes (excluding wifi users) on a university.

    Thank you very much.

    HW Specs
    IBM System x3550 M4 1U RACKMOUNTED SERVER (7914B2A )
    Processor : 2 units x Xeon 4C E52609 80W 2.4GHz/1066MHz/10MB
    Form Factor : 1U Rack Mount
    Chipset : Intel C604.
    Memory : 32GB PC3L10600 CL9 ECC DDR3 1333MHz LP RDIMM.
    Hard Disk : 4 units x IBM 300GB 2.5in SFF HS 15K 6Gbps SAS HDD
    Optical Drive : IBM UltraSlim Enhanced SATA Multi-Burner
    ServeRAID : ServeRAID M5100 Series 512MB Cache/RAID 5 Upgrade for IBM System x
    Network : Four integrated Gigabit Ethernet 1000BASET ports (RJ45); add on: Intel Ethernet Quad  Port Server Adapter I340-T4 for IBM System x (total 8 ports gigabit eithernet lan)
    Graphics : Matrox G200eR2 with 16 MB of memory integrated into the IMM2. Maximum resolution  is 1600x1200 at 75 Hz with 16 M colors
    Power Supply : 2 units x IBM System x 550W High Efficiency Platinum AC Power Supply


  • Netgate Administrator

    Do you want to run anything beyond firewall/NAT on the pfSense box?
    What is your WAN bandwidth? What total bandwidth through the box including LAN-LAN etc do you require?

    Probably more than sufficient but that scale is beyond my experience.

    Steve



  • @CrackBlue:

    Hello pfSensei,

    I want to ask if you have a spare time for your comments and suggestions if pfsense will not a have a problem on this setup from a supplier's suggested specification.  I am targeting at least 6000 nodes (excluding wifi users) on a university.

    Thank you very much.

    HW Specs
    IBM System x3550 M4 1U RACKMOUNTED SERVER (7914B2A )
    Processor : 2 units x Xeon 4C E52609 80W 2.4GHz/1066MHz/10MB
    Form Factor : 1U Rack Mount
    Chipset : Intel C604.
    Memory : 32GB PC3L10600 CL9 ECC DDR3 1333MHz LP RDIMM.
    Hard Disk : 4 units x IBM 300GB 2.5in SFF HS 15K 6Gbps SAS HDD
    Optical Drive : IBM UltraSlim Enhanced SATA Multi-Burner
    ServeRAID : ServeRAID M5100 Series 512MB Cache/RAID 5 Upgrade for IBM System x
    Network : Four integrated Gigabit Ethernet 1000BASET ports (RJ45); add on: Intel Ethernet Quad  Port Server Adapter I340-T4 for IBM System x (total 8 ports gigabit eithernet lan)
    Graphics : Matrox G200eR2 with 16 MB of memory integrated into the IMM2. Maximum resolution  is 1600x1200 at 75 Hz with 16 M colors
    Power Supply : 2 units x IBM System x 550W High Efficiency Platinum AC Power Supply

    From a hardware perspective, that blows the pants off of the standard Cisco ASA that would have been recommended, so I'd imagine it would work just fine. But like Steve said, need to know what your traffic is like to really be able to say if it would work or not. It should work just fine unless you need to do a lot of extra work on the box beyond simple firewalling, but even then, it looks beefy enough to handle a lot of extracurricular activities.



  • Four 15K hard drives… Is that for RAID10? I would step down to two drives in RAID1, and opt for more RAM instead.

    Also, instead of two E5-2609, how about one E5-2640: fewer cores overall, but no NUMA headaches and better single-threaded performance.


  • Netgate Administrator

    ^Yep. Hard drives and RAM almost certainly way more than you need (or even could possibly use) but can't offer any figues until we hear what the actual requirements are.

    Steve



  • Thank you for your insights.

    I am going to install Squid Proxy with filtering with LDAP, IDS/IPS using Suricata, OpenVPN, a "router on a stick" for WAN (3 ISP to be exact running at 8mpbs each), Proxy Reports, a Captive Portal, Unbound DNS, Traffic Shaper and Layer7, RRD, DHCP Server, pfBlocker and arpwatch.


  • Netgate Administrator

    This sort of scale is outside my experience but….
    That hardware will do anything you want at 24Mbps total.
    You have specified 8 NICs so I assume you will have multiple internal interfaces in which case do you need to see the full 1Gps between them? Are you goigg to be running, say, Snort on internal interfaces?
    Even if you are the hardware you listed is toward the top end of what is available so it shouldn't have any problem. It more a matter of assessing your requiements in order to spec a less powerful machine that will still do the job, you will not need 4x300GB disks and 32GB RAM for example.

    Steve



  • hi steve,
    as u said,the mentioned hardware m3550 do anything at 24Mbps, i think 24Mbps is so terrible…
    i will build pfsene with some features like that....if u are right ,  kill me myself


Log in to reply