Changing my apu 1c to something else, suggestions - 500mbit fiber.



  • Hi.

    First time user of pfSense and would like to say I already love it.
    Except that Ive gone back to the stock router for the moment.

    Bough a system with the apu 1c 3xgigabit interface.

    Too bad I didnt read up a little bit earlier but thought this could handle what I needed.

    Anyway;

    I was originally planning on getting a 300/300mbit fiber connection but then after buying it I found out the price difference pr month wasnt that much.
    Ended up ordering a faster connection and now my apu cant handle the speed.

    Through speedtests and other testing I get around MAX 430mbit down which is a bit disappoint. ( not that its a bad connection but when im running 500/500 I think it should handle that).

    • Is it because of the Realtek NIC`s ?
    • I really don't need all functions on the pfSense but would like to know it better - is the realtek just not good enough or are there feautures out of the box that I can turn off to get more speed?

    If not,

    How much of a good system , cpu, nic wise do I need to maintain a stable 500mbit++ through wan?

    Was looking at just building a midi tower  either with intel i3 or i5, is quad core really necessary?

    Friendly regards

    Lars Skogstad, Norway



  • That's actually pretty good for the APU. The Realtek nics and the processor limit throughput.
    You should be able to get around 500 from a 2Ghz dual core Atom with Intel nics. Netgate sells an 8 core 2.4Ghz Atom box with Intel nics that can do near GB speeds. You probably want something between those. Most people are using embedded chipsets due to power use. I'd guess a desktop with fast dual core and some Intel GB nics would work for your purpose.



  • Greetings Lars,

    I am assuming that you are talking about a corporate network and not a home install. Right?
    Assuming so:

    In order to handle 500 Mb/s comfortably (in sustained flow) you would probably need a 1.5 to 2 GHz processor to begin with.
    For a system like pfSense which is built on top of FreeBSD you would probably want to have a quad core to handle your traffic and firewall operations more smoothly. (There are some other factors like the non-multiplexed memory and system interface buses, etc. but I'll spare you the pain)

    Now, this is assuming that your box is not doing additional things like proxy cashing, virus scanning, etc.

    You might also want to throw in as much RAM as possible, starting with 4GB, which by today's standards is not a big thing.

    If I had to build such a router/firewall I would start with a barebones PC in a standard chassis and experiment a bit with more or less memory, different processor speeds etc.

    Why not to throw in the best and the most of everything along with the kitchen sink you may ask?
    Well, more clock speed, more memory, more CPU cores come at a price in terms of energy consumption. You might want to minimize that.

    One thing I can tell you almost for sure, you're not going to drive your 500 megabit per second with a box that consumes 10 watts. And the problem is that the performance curve is not linear but exponential. Meaning that if a 100 Mb/s router box requires x processing power and energy, a 200 Mb/s box requires more than twice x (typically an additional 10 to 15% which grows with the performance level)

    In turn a question for you: I am curious to know how much they charge you for a 300 Mb/s or 500 Mb/s fiber connection in your area and what kind of CPE (customer premises equipment) they are installing.

    Good luck,
    Halea



  • Hello good people,

    thanks for fast reply. been away but saw the post now.

    This is for my home connection, planning on 1gbit in a half year / year I guess.

    They have just put everything up here atm and I couldnt be promised a 1gbit yet.

    Yeah thats the thing why im wondering about the quad core. 
    Because I want to have a freenas aswell or server in my network as well.

    I need it to atleast push 500mbit stable. The router that followed delievers over 530mbit ( zyxxel ) but its optimized for 1 pc and several TV`s, I do NOT like the interface on the router.
    Its very limited.

    But the thing is, I find it quite "wasteful" to use a tower pc just for using as a router. Living in a kinda small apartment so trying to save a little bit space and sound levels down.

    Saw an upgrade package with i5 quad , 8gb ram -  Going to order intel nics used from server @ ebay.

    Suggestion? Maybe I just need to step up and buy a midi tower and just get some good hardware, kinda guess its good for the future.

    1u server is out of the question because of the fan noise =/

    • Lars

  • Netgate Administrator

    Here's a thread detailing a 1Gbps capable build:
    https://forum.pfsense.org/index.php?topic=45439.0
    As you'll see the cpu requirements just to firewall/NAT 1Gbps are not too stringent. If you are running packages or VPNs etc that would put the requirements up considerably.

    Steve



  • Would pfSense 2.2's faster pf be enough to push the APU1C to ~500 Mbps range?



  • @fragged:

    Would pfSense 2.2's faster pf be enough to push the APU1C to ~500 Mbps range?

    450Mbps or so with raw FreeBSD.  400Mbps or so with pfSense (ALTQ has its price).

    Might want to look at these in about 10 weeks: http://store.netgate.com/Production-Boards-C209.aspx


  • Netgate Administrator

    As others have commented the 430Mbps figure given in the first post is significantly higher than most people have acheived. I believe most reported something around 350Mbps so 400 under 2.2 is a step up.

    Steve



  • I have a 1Gbps/1Gbps fiber circuit to my house.  I run a 7551 currently (soon one of the ADI boards).

    1Gbps/1Gbps is nice.  If I ran an APU I would get less than 1/2 that.


  • Netgate Administrator

    @gonzopancho:

    1Gbps/1Gbps is nice.

    Ha! I can only dream of that sort of bandwidth at home.  :)

    Steve



  • I'm about to get 1gbit fiber at home as well.
    I'll still be using the APU but with an intel dual gbit mini pcie card.
    The measurements i did show me about 650mbit/s without any tuning.
    I guess with the intel cards i should be able to use some hardware offload features.


  • Netgate Administrator

    Impressive. That's running 2.2?



  • Yes. With one of the early alphas.

    https://forum.pfsense.org/index.php?topic=59555.msg405522#msg405522

    I should retest this again with a newer version ^^;



  • @gonzopancho:

    I have a 1Gbps/1Gbps fiber circuit to my house.  I run a 7551 currently (soon one of the ADI boards).

    1Gbps/1Gbps is nice.  If I ran an APU I would get less than 1/2 that.

    How's the 7551 handle the gigabit connection? Is there much headroom left on the CPU?



  • not a ton, at least, not the way I test things (very small packets).