Public Intrernet Access for 1000 users



  • Dell PowerEdge 1950 III 3.5" Server, 2x 3.0GHz QuadCore, 32GB, 2x 1TB SAS

    Any thoughts on if the above server above could keep me alive for 2 years pushing out 250 MPS to 1000 to 1500 users?

    I am trying to test he logic of one new box for about $1500 plus any spares or two of these ready to go for under $1000 with 2 Intel pro /1000 cards and dual power supplies.

    Will probably run squid and basic traffic shaping to try to keep anybody from doing anything crazy

    with the 8 cores I was thinking I could run snort to blacklist any infected machines

    Thank you in advance



  • IMHO this is simply perfect configuration, yet keeping in mind retention of data



  • Any thoughts on where it would start maxing out?


  • Netgate Administrator

    @gdelong:

    pushing out 250 GPS

    What figure is this supposed to be? 250Gbps doesn't seem rational.  ;)

    Steve



  • Any thoughts on where it would start maxing out?

    1000 users / 1000 Mbit = 1 Mbit per user

    Computer hardware will handle everything just fine



  • If anything, I think you have massively over speced the machine. One quad core should be ample for what you are considering doing. Considering you are not running vpns etc, 2 cores may even suffice. But I would hold on to the memory (16 gig would probably be sufficient) to handle the connections.

    Heck with 1500$ you are going into c2758 appliance price ranges. You could get away with less.

    Bottleneck 1 will be the network card(s) depending on what you get; Intel i350 or better are designed to handle massive throughput, effectively eliminating this bottleneck, at 1 gig. If you want more in future then the next step up is 10gig. If you are considering this, then 1x 10 gig 2 port Nic would be suggested, Intel of course. (Believe it is the x540 series)

    Bottleneck 2 will be snort, as it is single threaded and you will be making lots of connections and pushing lots of packets. Thus single core performance will be your Achilles heel. Suricata is multithreaded and will likely be able to handle much more throughput. Note: There are esoteric/arcane setups of snort which allow multiple instances of it to run in separate vms etc, which would work, but it is a hassle to set up.



  • yes that dell is overkill. unless you have spare units of same, I would do a supermicro 4 or 8 core atom build with 8-16gb ecc ram (better to be safe than sorry).  I would run pfsense off an sata slc dom.

    You can setup two of those for redundancy for ~1500$ with a basic managed switch

    two of these: http://www.newegg.com/Product/Product.aspx?Item=N82E16816101872

    with 16gb ddr3 ecc in each @ http://www.newegg.com/Product/Product.aspx?Item=N82E16820148770&cm_re=16gb_ecc--20-148-770--Product

    one of these SLC DOMs per system # http://www.newegg.com/Product/Product.aspx?Item=9SIA3CX2B51795&cm_re=slc_dom--9SIA3CX2B51795--Product

    not sure about the switch, but mikrotik seems to be a popular choice as per bang for buck. @ http://www.newegg.com/Product/Product.aspx?Item=9SIA1EA1Y37275&cm_re=microtik--9SIA1EA1Y37275--Product



  • I want 250 gb/s…


Log in to reply