1 Gb up / 1Gb down hardware for < $400



  • Hello, here's another post about what hardware is cheapest and best.

    I have a 1G up / 1G down fiber connection with three apache web servers (1k visits/day with streaming video on a heavy day) and a home network behind it.  I'd like to run a Squid reverse proxy on the pfSense install.

    My question: what kind of hardware am I looking at to make this run smoothly?  Up until now I've been squeaking by with an Asus N56U, but it's starting to go down every other day or so now, probably because my network traffic is picking up.

    My options:

    Buy a pfSense Appliance. I emailed sales and they tell me I should go with a SG-4860 for $200 more than the SG-2440.  But, of course they would say that.  Double the RAM, double the Atom cores, and more Gb ports.  But is it necessary?

    Build my own.  If I do this, what kind of minimum specs do I need?  Pretty sure I can beat the pfSense specs and save money.  For those recommending this path, would a 2 NIC system + unmanaged Gb switch be appreciably slower than a 4-6 NIC system sans switch?



  • What's your budget?
    What do you want to run on it?

    A cheap i3 + asrock motherboard + 6-8 gig of ram, with a samsung 850 pro (smallest you can find) would be my config for this. Chuck in (basically) any dual port nic (i340/i350) and have done with it.

    I would run your webservers on one network, and your home network on another, so they are completely separate.

    Personally I virtualise pfSense - 3gig ram, 2 vcpus (on an i7-4790), I run suricata, and a few other plugins and a vpn client. My ESXi box runs 5 VMs most of the time, with another 3 which are run only when needed.

    I didn't want the extra consumption or footprint of multiple boxes.



  • @ Keljian

    Thanks.  I'd like to keep it below $400 if at all possible.  I was thinking of using a 4 port intel NIC like this one (http://amzn.com/B00008PX2M) to give me more flexibility.  I'd hate to set up an amazing router only to have my speed bottlenecked at my cheap unmanaged switch.

    Virtualization is an interesting option.  One of my servers is a Xeon E5-1620 v3 3.5 GHz w/ 16G RAM and only runs 2 virtual hosts on it.  It has a dual port intel NIC as well.  hmmm….

    A third option I'm looking at is this Celeron J1900 box http://amzn.com/B01CV7LW3I, looks like people have had some 1Gb speed success using this one (https://forum.pfsense.org/index.php?topic=109121.0).



  • That Nic you linked is pci - I would recommend against it.

    Virtualisation is an option, but make sure you have the network bandwidth to cope. If you are doing 1gbps up and down from the net, as soon as you add  VMs you are adding to the network load. This is less of a problem with local VMs as the internal vswitch can handle a fair bit of bandwidth, but downstream you may want more which is why my lan connection to my server is 10gbps (my file server is on the same box)



  • oh, so PCI-e is recommended because of the faster bus?

    B



  • Yes and much more common these days



  • Having trouble finding a budget mITX MB w/ a supported intel LAN chipset.  I was thinking LGA 1150 for an efficient Haswell i3.





  • @Keljian:

    http://www.asrock.com/mb/Intel/B150M-ITX/ (note socket 1151 - so i3-6xxx chip required)

    http://www.asrock.com/mb/Intel/Z87E-ITX/

    Looks like these Intel I219V NICs aren't supported yet.  Any other choices?



  • Looks like these Intel I219V NICs aren't supported yet.  Any other choices?

    Please try the version amd64-pfSense-2.3RC latest and see what will happen.
    I think I remember that this will be owning a driver for that Intel i219V NIC.



  • @BlueKobold:

    Looks like these Intel I219V NICs aren't supported yet.  Any other choices?

    Please try the version amd64-pfSense-2.3RC latest and see what will happen.
    I think I remember that this will be owning a driver for that Intel i219V NIC.

    Yikes,

    I plan on building a router with dual Intel i217 + Intel i210AT next week, and I didn't even think to check for compatibility with pfSense.

    Has anyone confirmed that the 2.3RC supports these NIC's?

    How stable is the current 2.3RC?  Does anyone know when the targeted release is?

    Could I manually install the latest igb driver modules from Intel's webpage in 2.2.6?



  • 210 and 217 have support in the current release version, so you have nothing to worry about


  • Netgate

    How stable is the current 2.3RC?  Does anyone know when the targeted release is?

    I don't believe many bits will change between the current snapshot and 2.3-RELEASE.

    There was a posting over the weekend that indicated release is imminent.



  • @utnuc:

    oh, so PCI-e is recommended because of the faster bus?

    B

    Oh yeah.  For the last 10 years at least.

    PCI is an obsolete standard, I wouldn't use it for anything but low performance expansion cards (serial/RS232 interface and stuff like that), and only then if I happened to have them around, I wouldn't buy anything PCI today, or even 10 years ago.

    Even before PCI Express was introduced in 2004, standard PCI was insufficient for most high end server loads, which is why servers of the time used a mix of both standards compliant and non-standards compliant workarounds, like PCI-X, and 64bit, 66Mhz PCI (the original standard was 32bit at 33mhz)

    PCI is to be considered completely dead by modern standards.  The only reason it is kept around at all is because of some industrial applications that rely on old PCI controller boards for which no PCIe equivalents were ever made.  So, backwards compatibiltiy for low performing things for which there are no PCIe equivalents.  Outside of some very specialized applications, there isn't much of this.

    Only time I'd consider using anything PCI in 2016 is if I ran out of PCIe expansion slots, and happened to have an older motherboard that still had a conventional PCI slot, and needed to add something, but I would only do it extremely reluctantly.



  • @utnuc:

    Hello, here's another post about what hardware is cheapest and best.

    I have a 1G up / 1G down fiber connection with three apache web servers (1k visits/day with streaming video on a heavy day) and a home network behind it.  I'd like to run a Squid reverse proxy on the pfSense install.

    My question: what kind of hardware am I looking at to make this run smoothly?  Up until now I've been squeaking by with an Asus N56U, but it's starting to go down every other day or so now, probably because my network traffic is picking up.

    My options:

    Buy a pfSense Appliance. I emailed sales and they tell me I should go with a SG-4860 for $200 more than the SG-2440.  But, of course they would say that.  Double the RAM, double the Atom cores, and more Gb ports.  But is it necessary?

    Build my own.  If I do this, what kind of minimum specs do I need?  Pretty sure I can beat the pfSense specs and save money.  For those recommending this path, would a 2 NIC system + unmanaged Gb switch be appreciably slower than a 4-6 NIC system sans switch?

    May be you'll be interested to my new build?
    https://forum.pfsense.org/index.php?topic=109694.0