4. Recommendations for 3Gbit/s WAN with packages

Recommendations for 3Gbit/s WAN with packages

  • C

    I am wondering what kind of hardware would be needed to push 2-3Gbit/s of WAN-to-LAN throughput. I'll be running Snort with a pile of rules, SquidGuard with HTTPS interception, possibly VPN services, and a number of other services. I'd be getting two of these (whatever they are) in a CARP pair.

    If I didn't go with the XG-1540, what specs would you go for? How is support on Intel 10GBASE-T NICs?

    0
  • H

    3Gb and squidguard? At least some SSDs.

    0
  • ?

    f I didn't go with the XG-1540, what specs would you go for?

    Intel Xeon E3-1286v3 CPU @3,7GHz
    16 GB or 32 GB ECC RAM
    4 or 6 SSDs as RAID10
    Gigabyte 6LISL mini ITX board or
    Supermicro X10SAT ATX mainboard
    Supported Adaptec or LSI RAID Controller
    Chelsio adapter pending on the better driver support

    Or the pfSense XG-1540 with a Chelsio adapter perhaps the greater one that is able to fully
    offload the entire NAT job.

    How is support on Intel 10GBASE-T NICs?

    This can be different from card to card but the best option at this time would be the Chelsio adapters
    pending on the driver support.

    If you want to place a Layer2 Switch in front of the pfSense WAN Port you should be take a greater model
    with some SFP+ Ports.

    0
  • K

    I think people are overstating the requirements.

    You will need about 16 gig of ram. ECC doesn't matter.
    Snort is primarily single threaded, so you would want the fastest single thread cpu you can throw at it.. IMO you'd be better off with Suricata as it is threaded.
    SSDs to saturate the 10gig link (1gigabyte per sec, so 2 modern SSDs in raid 0), you don't need any special controllers or anything.
    Chelsio adapter (as it is the best supported brand at the moment for BSD)

    Based on that:
    3.8ghz broadwell xeon : http://ark.intel.com/products/88046/Intel-Xeon-Processor-E3-1285-v4-6M-Cache-3_50-GHz
    16 Gig of ram (1866Mhz - yes speed matters when you're pushing multi gigabit)
    2x Samsung 850 pro drives (128 gig would be more than sufficient)
    Supermicro X10SAT ATX mainboard
    Chelsio 10 GB nic (2 port)

    If you could get rid of the Snort requirement, I'd suggest the Xeon-D boards…

    0
  • C

    Thanks for your thoughts. It doesn't HAVE to be Snort if Suricata can do the same job while being multithreaded. :)

    0
  • K

    @coachmark2:

    Thanks for your thoughts. It doesn't HAVE to be Snort if Suricata can do the same job while being multithreaded. :)

    That being the case, I'd still be going with the setup I mentioned above if I had the funds being that it has 128mb of eDRAM with which you could probably cache your suricata rules ;)

    I might also consider the new samsung 950 drive on a sled…

    http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/ssd950pro/overview.html

    The bigger question here is are you shooting for low cost? Also, is this for home or for a business?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy