Hardware for 1Gbps NAT and 100Mbps VPN
-
Hi guys,
I need an 1U rackmount solution for 1Gbps firewall/NAT and 100Mbps OpenVPN. There will be around 8-10 VLANs, connected via tagged traffic directly, and 2 WANs, one 1Gbps for main traffic and one 50Mbps as backup. Traffic between VLANs excluded or minimal.
Nothing else. No extra packages.
I'd have 2 of these boxes at 2 different locations, they will route inside each other's private networks with OpenVPN. 15-20 users would ocasionnaly work from home using OpenVPN, they will connect to one of the locations considered as primary.
Do you think Supermicro A1SRI-2758F or Supermicro A1SRI-2558F-O would be able to handle these? I'd run them from a NanoBSD USB disk.
-
they could/should as its basically the same chipsets/cpu that are in the new pfsense/netgate appliances …. but you'll never know unless you try.
there are people on this forum that have got one of these supermicro board, but not sure what throughput they got out of it
-
I'm interested if it could handle the max throughput or not (I want to replace a couple of Microtiks).
Unfortunately pfsense/netgate appliances are not available for shopping in my area (in theory they are, but shipping+import duties makes it unreally expensive, +shipping time is extremely long)
-
A1SRI-2758F - yes
-
A1SRI-2758F - yes
Does it boot fom USB the NanoBSD image correctly? Or boot hacks need to be applied?
-
Deleted because not related!
@kejianshi
Thanks it was my false, that was for another set up with RouterOS! -
I'm not sure of boot issues.
-
-
Why not use Innodisk DOM for the job?
http://surl.dk/elk/
-
I want to keep NanoBSD as I consider it extra-safe, much better than the full install.
-
Not sure. As in I think it should work fine but I'm not sure.
I don't own that one.
-
use a supermicro c2758 based solution with ecc ram. you can use a sata-dom (SLC memory) for the OS.
-
If you want to build something yourself the parts I outlined here should do the job. The hard drive can be replaced with a SATA to CF adapter and a high grade CF card or whatever if you feel like it.
If you don't want to put the parts together yourself you can get basically the same thing in a 1U case in the pfSense store.
-
found this if you are in the USA
http://forums.redflagdeals.com/amazon-com-usa-lenovo-thinkserver-rd640-rack-server-447-98-orig-2-379-00-a-1653257/
-
-
-
I haven't measured it personally but it does sit at 57C idle in a closet with no active cooling according to the coretemp driver built into pfSense. Under load it jumps up to 62C. The powerd service works perfectly with the board so the CPU frequency and voltage change dynamically based on system load.
However I have talked to someone who built the exact same system except he used a Samsung 840 Pro as the hard drive and according to his Kill-A-Watt meter the box drew 28 watts under max load.
-
A1SRI-2758F - yes
Does it boot fom USB the NanoBSD image correctly? Or boot hacks need to be applied?
Okay, my A1SRI-2758F arrived yesterday. It boots perfectly the v2.2 4GB NanoBSD image from a USB stick plugged in either port (USB2, USB3 on the back, or USB3 header inside the board).
Using the latest bios v109. -
It also boots perfectly the NanoBSD image from a 4GB CF card connected with a SATA adapter to port SATA2 (the first of the black ones, in bios set to IDE mode instead of AHCI). It doesn't boot it if the adapter connects to a SATA3 port (white conector on the board), but that's because I guess my CF-to-SATA adapter is only SATA2 compatible.
-
I want to keep NanoBSD as I consider it extra-safe, much better than the full install.
Can you elaborate? I am thinking of using the same motherboard to build pfSense for my home. I was planning on using a SSD, but may consider a USB stick.
I would also be curious to see your throughput with the build. I will be getting symmetrical Gigabit service soon and would like to build something that will give me the fastest throughput.