Atom C2758 vs i7-3370
-
We are looking at buying a new firewall and I'm trying to figure out which route to go. I'm considering two options for our main firewall at our data centre which will connect 3/4 site-to-site vpn's to our branch offices and many vpn's for users who are connecting remotely. We will also host a bunch websites/mail servers there too.
The first option is the PFW1000 with a Intel i7-3770 processor found here -> http://www.pfwhardware.com/pfw-firewall-hardware/pfw1000-pro-firewall-pre-loaded-with-pfsense-software-custom-build-your-own/
The other is the Atom C2758 unit sold by pfsense.org found here -> http://store.pfsense.org/c2758/
On paper the i7 seems to outperform the C2758 when looking at OpenVPN w/ AES 256 encryption, 797Mbps for the i7 vs 116Mbps for the C2758. Now we only have 100Mbit links at the data centre and even smaller links at our offices so the C2758 will probably do just fine. But what if we want to enable a bunch extra modules like snort, proxies etc? This will likely put more load on the firewall and decrease performance/throughput right? If everything else was equal on these two units eg 8GB RAM, both had the same SSD, how much of a performance impact would enabling various modules make? Will the C2758 handle anything I throw at it or would going with the i7 give me more leg room?
Any advice would be greatly appreciated.
Thanks,
Marc -
Who can prove the veracity of any vendor claim? I don't want to get into that.
I can tell you that the AES-NI (AES-GCM) changes will blow the doors off AES-CBC (what you're seeing now).
http://freebsdfoundation.blogspot.com/2014/08/freebsd-foundation-announces-ipsec.htmlI can also tell you that these changes are being tested against a C2758 and another, different Rangeley board.
That said, they should work on the i7 just as well.Also, while it isn't running today, there is a "QuickAssist" part on the C2758 that will eventually run (I've just re-engaged Intel
about it.) When that code is finished (and in pfSense), it will blow the doors off the i7 as far as crypto is concerned.https://www.youtube.com/watch?v=M49TKu2cx-Q
http://lkml.iu.edu/hypermail/linux/kernel/1406.0/01810.html
https://01.org/packet-processing/intel-quickassist-technology-drivers-and-patches(I might get the regex stuff going as well, which could help (a lot) with Snort.
http://marc.info/?l=snort-devel&m=128396544311154&w=2
Quad core @ 3.4GHz, or 8 core @ 2.4GHz? Hmm.
The price for the i7 (80 SSD, 8GB ram, single PSU) on that site is $1,830.35. The C2758 is $1500.
Both are supported by the vendor, though the vendor for the C2758 is pfSense.