Hardware for 300/30 and Fiber?
-
Hello and thanks in advance for taking the time to help.
I'm new to pfSense but not general router, QoS, forwarding etc. I am currently on a 300 down, 30 up line with fiber right down the road.
So I had a few questions as to how things are treated in PF.
-
When you add more nics. They are basically for vlan or bridging if I read right. So I couldn't add 2-3 4 nic cards and drop a switch completely or else I would loose bandwidth on the lines it shares.Correct?
-
To stop the cpu from choking, should I go i3/i5? Or is something like the Atom 8 core supermicro for 300 is still strong enough? I have both availible, but Sandy and not haswell. I use blowfish as my VPN so not that big of a deal.
-
I run OpenVPN on an unraid box, but might switch it to the PF box if it's strong enough. As long as it can see SMB shares from unRaid. Is the VPN package capable of such?
-
What would be a nice MB/CPU for something like a 2u case. I'd like to stay in a 2/3 for simplicity and better cooling.
-
Is an SD still OK as long as you don't run squid? Most likely will be PF, AV, VPN, ip blocker for foreign ips, and maybe a few others I can't think of atm.
Sorry for any redundant questions. Did my best searching, lots of help. But with how fast hardware changes, it's hard to find a current build.
And again, Thanks.
Kenny. -
-
Hello and thanks in advance for taking the time to help.
I'm new to pfSense but not general router, QoS, forwarding etc. I am currently on a 300 down, 30 up line with fiber right down the road.
So I had a few questions as to how things are treated in PF.
- When you add more nics. They are basically for vlan or bridging if I read right. So I couldn't add 2-3 4 nic cards and drop a switch completely or else I would loose bandwidth on the lines it shares.Correct?
You can but that doesn't mean you should. If you need a switch, use a switch. if you need a router, use a router. If you have to bridge router ports, the option is there. Nothing wrong with putting NICs in pfSense or using VLANs.
- To stop the cpu from choking, should I go i3/i5? Or is something like the Atom 8 core supermicro for 300 is still strong enough? I have both availible, but Sandy and not haswell. I use blowfish as my VPN so not that big of a deal.
I'd go with a 4-core rangeley probably.
-
I run OpenVPN on an unraid box, but might switch it to the PF box if it's strong enough. As long as it can see SMB shares from unRaid. Is the VPN package capable of such?
-
What would be a nice MB/CPU for something like a 2u case. I'd like to stay in a 2/3 for simplicity and better cooling.
Defer to others. No idea what unraid is. 2U rackmount? Everything fits in a 2U rackmount. You ought to be able to get redundant HA nodes in a single 1U if you try.
- Is an SD still OK as long as you don't run squid? Most likely will be PF, AV, VPN, ip blocker for foreign ips, and maybe a few others I can't think of atm.
The Intel 30GB mSATAs feel like the way to go to me.
-
a celeron j with realtek nics can easily do that speed (gigabyte board)
you can buy more or less, depending on your needs.
if you are buying new, etc and going to get an i3 or similar - better bet to get an atom c2758 based board from supermicro
-
Thanks.
I have an i3, i5 and spare Atom 330 (dual with hyperthread I think) laying around so I may try the Atom. Just wasn't sure how much pfsense needed to do its thing. New to it. :)
And by 2u. I mean it lets you use standard atx psu's, fanned based cooling and silent fans. I know I could fit it in a 1u, but with less headaches. :D
Are there config files that you can export? So I could give the Atom a try and move it if I needed to another system. No biggy if not.
Thanks again. Kenny.
-
Your U is different from my U I guess. :/
-
I'm running two WANs, 300/20 rated (actually gets about 325/22), and 50/6, through our coming soon SG-4860 at home. Lot of capacity to spare at that. I've had a VK-T40E on it for a while, which could max out the 325/22 with capacity to spare.
-
The hardest ask you've listed there is OpenVPN. Do you need the full 300Mbps of encrypted traffic?
Steve
-
Hello HodKenneth,
this year you would have good luck and many choices to realize this project.
But it is in mey eyes more owed to the circumstance what this Firewall must
handle out for you.- Soekris is bringing out at the Q4/2015 a new net6801box and you will be able to add
2 quad port NICs so you will get 12 GB LAN Ports at total! Is this sufficient enough for you? - If not or you want to go by an X86 device that is more powerful and/or you need more
GB LAN Ports I suggest to go by an Intel Xeon 4 Core likes Intel Xeon 1286v3 3,x GHz
and a multi port HotLava Adapter, based on the total WAN speed of 300/30! - Otherwise two different vendors are bringing out new Boards, shown at the CeBit in Hannover
this year, at the moment they where no prices out for those both boards but they can fill the space
between the Atom and real Intel Xeon, here are two links to them, right to buy at Q2/2015.
Supermicro X10SDV-TLN4F and X10SDV-F
ASRock Rack D1540D4X
Both comes with dual 10GbE LAN interfaces and would be powerful enough to handle your WAN stream.
Like want to go, from top till down:
- Intel Xeon E3-1286v3 / 4 Core
- Intel Atom C2758 2,4 GHz / 8 Core
- Intel Xeon D-1500 2,4 GHz / 8Core
- Intel i5 / 4 Core
- Take one SSD or more as share
- see above at point 1 or go to Supermicro an serach the site for chassis
- No Squid, AV, Snort and other things it would be enough but as I see it right
you can also pimp many boxes by and mSATA or SSD later with no problems, also.
- Soekris is bringing out at the Q4/2015 a new net6801box and you will be able to add
