Multiple cpu|cores

  • Hey Guys, hope all is well. Im about to embark on a nifty solution for a couple of projects I have, and wanted to know how pfsense handles multiple cpus. I only saw one or two brief posts about this, so sorry in advance if Imissed anything.

    Does it make sense to have at least cpu's, possible multiple core to run on? I want to build a box that is bullet proof ( of course redundant as well ) and make sure it can handle all of our project needs. firewall/nat/proxy/snort as well as a few other addons will be used.

    Any feedback would be great!



  • If you install the SMP kernel you'll be able to make full use of the available cores.

    From a practical perspective, it's largely irrelevant how the cores are physically arranges, whether it's (say) one quad core, 2 dual cores or 4 single cores.

  • So its good idea to use multiple cpu/cores then ( that was the main point of my post if I wasnt clear =] )



  • In general that's always going to be the case for anything that's doing more than one task.  If it's only a firewall then multiple cores is likely a waste.  However once you start throwing in proxy servers, and particularly snort, more processing power and more cores is a good thing.  Memory is also important once you start using squid and snort.  I'd suggest that 1 GB should be the absolute minimum you consider.

  • If you were JUST running openbsd or freebsd with pf, then one cpu is all you would need. pfsense does many other functions, like drawing graphs, pumping data across http/https using php, dhcp, dns, etc. so other cpus are helpful in that respect, as they offload those duties away from a cpu that can process packets.

  • Though pf in FreeBSD is giant locked still (meaning it can't run on multiple cores simultaneously), there are some network throughput benefits to SMP, and given that other services are also running, there are definitely benefits to using SMP.

  • the only issue I've seen with SMP is in multi wan configs,  the slbd process which does the load balancing will run away with one of the cores for some reason, and/or spawn multiple instances  on the SMP kernel.  This didn't seem to be a show stopper on my box, but I wasn't running snort or ntop or other cpu intensive things. This apparently will be gone with 1.3 as they transition off slbd I believe

Log in to reply