Pfsense / What hardware would I need for 4Gb/s ?

Adwi_97 · Feb 8, 2016

I am sorry if this topic has been discussed before, but I've been looking over the internet and couldn't find much information about it.

My question is:
What minimum hardware specs would I need for pfsense to achieve transfer rates of around 4xGb/s? I intend to use a NIC card with 4 ports to load balance between all of them which would help achieve these speeds. I also want it to be as low power as possible because it will be running 24/7. I have looked at Intel Xeon E3-1220L which only takes 17W, but it does not support socket configurations of more than 1 so I am not sure it it will be able to keep up on its own.

Also would pfsense be able to go near that throughput if hosted on a virtual machine (so that I could also use it as a NAS) or should I just stick with hardware?
If the Xeon I listed above is not powerful enough, I would appreciate if anyone could point me to one that could handle it while maintaining low power usage or a forum post that answers my question.

bill001g · Feb 8, 2016

If you are not running NAT on the machine it takes very little cpu at all. A cheap switch may be a better options since it is using dedicated asic chips designed for high speed switching. A general purpose processor can never come close. You are going to have to have a special switch anyway that supports port bonding.

Why would you call the device a NAS.....this has been called a file server for many years and of course a large machine can act as a file server. In this case you are likely going to be limited by the disk or even some of the internal bus speeds when you are talking 4g of throughput. It is mostly a disk limitation not a cpu issue.

Be aware bonding ports does work well in a home or smaller environment. No single session can use all the connection. In your case you would need 4 1g transfers to use all 4. The methods used to load balance are really simplistic and do not take utilization into account. You can get unlucky and get all the session on 1 with the others unused. This only works well when you have large central server with many client machines so that they load balance just by luck.

If you realistically feel your application can use 4g you are best off looking at equipment with 10g ports. This is a much better solution and does not suffer with the load balancing issues.

Adwi_97 · Feb 8, 2016

bill001g :

Thanks for a fast reply.
I called it NAS because if I were thinking of using FreeNAS if I virtualized it with pfsense, but file server is what I've had on my mind. I have recently watched video on Youtube from Linux Tech Tips where he managed to get speed of over 400MB/s using NIC with 4 ports and it didn't come to my mind that I could use 10Gb NIC.

So should the Xeon I mentioned above be able to handle 10Gb connection if not using NAT?
Another question is if Pfsense does have some sort of file server built in or should I try to virtualize pfsense and a file server? Would it affect the speed pfsense could communicate with file server if they both were virtualized on one machine?

nigelivey · Feb 8, 2016

Have you had a look at PC Engines Alix boards?? (Google it)

bill001g · Feb 8, 2016

Pfsense is just a linux based firewall you can also run file services if you like. Still a firewall is not much use if it only has 1 nic. You would need a pair of 10g cards....or 2 4 port gig cards. It is designed to filter traffic from one network to another.

If this is a toy to play with in your house it likely does not matter but you do not want a file server on the same box as your firewall. The purpose of the firewall is to protect the server from the internet. If you really need a firewll that can run that much data you are likely better off with a commercial device. Many contain special purpose processors to help speed up the processing of firewall rules.

Adwi_97 · Feb 8, 2016

bill001g :

I have read at some other forum that I should not put firewall on a virtual machine, but I am going to use it in a house with a friend and I just chose pfsense because it seems to be a good replacement for a basic router, but I think that virtualized firewall would still give more protection than what basic router from ISP does.

Thank you for help and best solution goes to you.

bill001g · Feb 8, 2016

In most home situation a router just because it is stupid does the vast majority of a firewalls job. When you have nat with no forwarding rules no traffic from the internet can even get to internal machines. All the fancy rules on firewalls looking for data patterns of attract etc will never be as powerful as the implied rules of block all incoming traffic that nat provides because it is stupid.

A firewall really is only used to protect a server that is intentionally exposed to the internet. It is designed to look for attacks on the ports you are required to leave open for the application to function.

Now if you had a company you might use a firewall to do content filter of internal machines but it provide very little value when the users are the same as the firewall admins.

Search

Pfsense / What hardware would I need for 4Gb/s ?

Adwi_97

Reputable

bill001g

bill001g

Titan

Adwi_97

Reputable

nigelivey

Splendid

bill001g

Titan

Adwi_97

Reputable

bill001g

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page