Will this hardware work for gig thorughput?



  • I have been doing alot of forum searching and I think I have found the right hardware for my nat/firewall. I want to run it by the community to see if it’s right. First some background. I host game servers from my gig fiber with up to 60 freaks connecting at any given time. That number is growing and I hope to have many more (think 1000). I need bidirectional gig throughput. The R7000 works great but lacks the functionality of a real firewall. Ok enough bloviating here is the hardware in question.

    JetWay JNF9J-Q87 (this mobo has 2 on board intel NICs can I use these)
    Intel Core i5-4460
    Crucial 16GB( i know 16 gigs is over kill but too cheap to pass up)
    Intel PRO/1000 Pt Dual Port Server Adapter( if I’m unable to use on board NICs)

    Also would a 300 watt PSU be enough?

    Thanks in advance and sorry for yet another will this hardware work thread.



  • The Intel i210 is supported the Intel i217LM I really don´t know, but with this
    Core i5 CPU you should be able to route 1 GBit/s at the WAN Interface with ease.

    You might be also have a closer look to the Intel Xeon E3-1225v3 to get a more electric
    power saving CPU it you want.



  • Awesome! I'll look into the E3. Thank you.



  • @fuzzyfreak:

    I have been doing alot of forum searching and I think I have found the right hardware for my nat/firewall. I want to run it by the community to see if it’s right. First some background. I host game servers from my gig fiber with up to 60 freaks connecting at any given time. That number is growing and I hope to have many more (think 1000). I need bidirectional gig throughput. The R7000 works great but lacks the functionality of a real firewall. Ok enough bloviating here is the hardware in question.

    JetWay JNF9J-Q87 (this mobo has 2 on board intel NICs can I use these)
    Intel Core i5-4460
    Crucial 16GB( i know 16 gigs is over kill but too cheap to pass up)
    Intel PRO/1000 Pt Dual Port Server Adapter( if I’m unable to use on board NICs)

    Also would a 300 watt PSU be enough?

    Thanks in advance and sorry for yet another will this hardware work thread.

    The i5 is overkill, I used Celeron 1037U before, and now Celeron N2930….both worked like a charm.
    I would suggest using the money for mobo + i5 cpu for Supermicro C2558, much lower power consumption, and the processing power is still good.



  • Ok I will chime in:
    The 217 will work, as will the 210, so that's plenty.
    If the box is only running pfsense, an i3 would be enough. That said I wouldn't recommend celerons/pentiums/atoms for this application

    If your game server is downstream you may want to run 10gbit to it for latency reasons. Totally your call though, not essential. Chelsio T420-so-cr and Mellanox connectx2 (and 3) are both suitable for this. Don't go Intel if you go down this road.

    The intel i350-T2 and i350-T4 (V2/V1 doesn't matter) cards are much better than the onboard when you are dealing with lots of connections at once. They have bigger queues than the onboard so you can offload more which is good for line speeds when you have 1000 people hitting the server, again not essential.

    16 gig is enormous overkill, you could get away with 4 gig.

    300w is overkill, you could get away with 120w (and I have in the past)

    What's your budget?



  • The N2930 from Edwardwong gets 940 MBit/s at the WAN port + overhead and NAT and firewall rules it would
    be nearly 1 GBit/s in real. And for under $250 it is for firewall only not to high in price.



  • @BlueKobold:

    The N2930 from Edwardwong gets 940 MBit/s at the WAN port + overhead and NAT and firewall rules it would
    be nearly 1 GBit/s in real. And for under $250 it is for firewall only not to high in price.

    People! Seriously! Please read his requirements! 1000 connections, line rates, 1 gig up and down. I have my doubts about the onboard nics being able to handle this comfortably let alone an N2390 with worse Nics.



  • @Keljian:

    @BlueKobold:

    The N2930 from Edwardwong gets 940 MBit/s at the WAN port + overhead and NAT and firewall rules it would
    be nearly 1 GBit/s in real. And for under $250 it is for firewall only not to high in price.

    People! Seriously! Please read his requirements! 1000 connections, line rates, 1 gig up and down. I have my doubts about the onboard nics being able to handle this comfortably let alone an N2390 with worse Nics.

    Then you should read my post more seriously (about the config):
    This is the board I used: http://www.jetwaycomputer.com/NF9HG.html
    Onboard 4 x Intel i211AT NICs which are also good for server applications, I don't think this is a "worse NIC" when compared with the Intel Pro/1000 PT Server Dual Port (I actually own this dual port card as well)

    Clients running games behind, I assume OP mainly needs the NAT functionality from the firewall itself, so the N2930 is capable to do already.
    Recalling from my memory, I built pfSense 1.0/1.1 firewall about 8 years ago for my office, the hardware was just a Pentium 4 with 1G RAM (dual WAN setup), and the number of users was 150-200.

    If you try to search for commercial firewall build with N2930, there are already a number of results, I wouldn't say N2930 is an extremely powerful build, but at least it's not as crapy as what you think.



  • I never used the word  "crappy"

    Hardware assist for this application could be very worthwhile is all



  • If what OP needs is just NAT + simple firewall, we don't really need too much processing power.
    Just like the firewall I just built, with 20-50 torrents running together behind firewall, there should be > 1000 connections simultaneously while cpu usage is still low (I am using 1G up/down FTTH internet at home).

    The usual "big eater" will be something else like IDS/IPS or VPN.

    Maybe we can take a look to a performance test from SecureRouter.org (which based on OpenBSD),
    http://securityrouter.org/wiki/Performance

    But in general, I do think using those Rangeley CPU (C2558/C2758) are good idea for future expansion.



  • I would want suricata if I had 1000 gamers hitting my server, which shared a connection with my home network.



  • Then I believe a C2558/C2758 will do the work for OP.