Hi there,
I’m looking to create a PFSense router for my server rack that has 10Gb
My specs are as followed
Dual X5687 CPUs with 16GB RAM, 120G SSD Raid 1 and dual onboard 10Gb SFP+ a 10Gb Fibre card for my uplink.
Would this be suitable for a full 10Gb network?
Thanks!
(I’ll post my full rack setup in a week or so. :>)
Prolly not enough cpu. 10gb packet flows are prolly ok but 10gb traffic analysis takes a ton of CPU horsepower. Think about analyzing 1gb of traffic per second. The CPUs will be cutting it close. I did a rtr+dmz+lan and was unable to attain near wire speed between lan and dmz was around 600mb/sec. Upgraded to broadwell e v3 2x 8 core 3.2ghz and problem solved.
My calculations: 2Ghz x20 threads (minumum) for 10Gbps. I think your X5687s meet the minumum, but it depends, you plan to be at 10Gbps 24/7?
First of all, thanks for your hasty responses!
Would you agree it would be more optimal to move to something like a dual socket E5-2670 or E5-2690 based system?
Thanks!
Dual socket E5-2670 (sandy-bridge LGA2011) should be plenty. I would message wendell just to double check.
2670 would be far better than the x series xeons, for sure, just lower overall latency.
Depending on what you are doing, there can still be performance issues but I think for most reasonable things and a largeish rule table, you’d be ok
Do you really need 10Gbps traffic analysis?
I’m guessing this is for home/learning purposes, otherwise you’d probably not be planning to use rescued hardware… if so, you can learn how to man-in-the-middle https traffic just the same with 100Mbps as with 10Gbps… Actually, it might even be useful to learn how to setup multiple boxes in that case to do traffic analysis, (you could use VMs).
If deploying in a prod environment, I’d recommend you go with multiple machines – that way you lose only some of the capacity when you’re doing upgrades/maintenance or when machines go down.