Yet another Gbit hardware thread
-
Hi there,
I have been successfully using pfSense on a Atom D2800 and was able to max out my 100 Mbit/s and user OVPN up to ~20 Mbit/s
However time has come to move to a country where my new home will have Gbit fiber connection so I want to upgrade on hardware.
I will only need NAT and OVPN, I am not running Squid and an IDS is running on a VM on my Hypervisor.Few options:
I still got a i3-4130 laying around which I will use first for sure, anyone any experience on how much throughput I could expect on that? My guess its limited with its 2 cores even though got AES-NI. Beauty I could just upgrade to a Xeon E3 once I get to the limits of this system.
2nd option get a Intel Rangeley C2XXX are those capable of getting 1 Gbit through? What would be the OVPN performance since it got AES-NI and QuickAssist (if that is yet used in pfSense)
3rd running it on my ESXI platform which is a XEON E3 1245E3 already running, FreeNAS, Ubuntu Server with very little load, Security Onion, a PBX and from time to time another VM. I could just take the money and upgrade this system if especially CPU gets the bottleneck?
OVN btw is mainly used to stream HD content from my home country overseas as well as tunnel to my VoIP provider. With symmetric Gbit I am also looking into road access to my home network via either IPSEC or OVPN.
I also had a look at Mikrotik routers since the Policy Based Routing in RouterOS looks promising but I my take is, its easier to upgrade pfSense boxes.
Cheers
Christian
-
I still got a i3-4130 laying around which I will use first for sure, anyone any experience on how much throughput I could expect on that?
2 cores @3,4 GHz could handle 1 GBit/s line easy, as I imagine it, but mostly the total other stuff on top
of usage will be narrow down the cpu power, likes, snort, squid, ….I will only need NAT and OVPN,
And the pfSense packet filter called pf, otherwise it makes not really sense, or?
My guess its limited with its 2 cores even though got AES-NI
Handling what kind of expected throughput is here more the question, or?
What do you need and/or what kind of throughput do you expect from this cpu?Beauty I could just upgrade to a Xeon E3 once I get to the limits of this system.
At this days the best choice and way to set up a powerful pfSense firewall, only in my opinion!
4 cpu cores @ 3,4 GHz and Intel NICs would do the best job!2nd option get a Intel Rangeley C2XXX are those capable of getting 1 Gbit through?
With 4 or 8 cpu cores you will reach the goal, for sure, but this is also related to the circumstance
how many packets you will be also installing and running. I think better to go with the 8 core variant
the main difference would be something around $20 - $30 more for an 8 core variant.What would be the OVPN performance since it got AES-NI and QuickAssist (if that is yet used in pfSense)
- AES-NI is integrated up and running in pfSense, but as I am informed right, mostly the IPSec performance would
be benefit from this feature, correct me please if I am wrong. - Intel QuickAssist Technology or QTA is so brand new that I only can imagine that they are working on it,
but there is no action at this time, and the first devices would be more their own sold appliances because
from them they know all other hardware inside, so if this would be entering the community images, we have
to wait a long time as I see it right. Too new function.
Here is a bit reading stuff about AES-NI related to OpenVPN & IPSec
Cryptographic Support
Few small words about it in the Blog
Small conversation on pipermail about it
So you will be able to build your own mind about it.I also had a look at Mikrotik routers since the Policy Based Routing in RouterOS looks promising but I my take is, its easier to upgrade pfSense boxes.
For sure a total other kind of device/system, but;
A RB1100AHx2, CCR1016 or CCR1036 would be do this job for sure also
as I see it right. - AES-NI is integrated up and running in pfSense, but as I am informed right, mostly the IPSec performance would