Hi there,
I’m lucky enough to get 10Gb fiber installed in my house tomorrow. As the provided router only has one 10 Gigabit port, I want to build a pfsense router and switch to be able to connect more and have more control.
What kind of CPU power do I need so I can enjoy the full speed? I won’t be using 10Gb 24/7, just normal enthusiast use, and for now all that will be connected is one PC with 10Gb Ethernet, or SFP+, a NAS with SFP+, and a few other PCs with regular 1Gb Ethernet. In the future I might add a webserver or two, but nothing crazy.
I don’t have that big of a budget, so I won’t be buying current gen xeons, but either older xeons, or more recent consumer hardware. What do you guys recommend?
You surprisingly don’t need as much power as people the assume you do just to route a network. As-long a you are not planing on having the Pf Sense router do any FTP or website hosing you should be fine with a run of the mill 4-6 core with minimum 4 preferably 8 gb of ram and you will beat most ISRouters out there. Spend the money investing in good network cards and a external switch don’t try and switch from the router Pf Sense is not as streamlined as dedicated router or switch do-to the x86 architecture being built for PC’s not networking equipment.
It all depends on what you do with it. There are lots of services on pfsense and depending on what services you are interested in using will change your config. If you are planning on simply routing you dont need much cpu power at all.
Ryzen 3 1200 / A320 or B350 should be fine for 10GB symetrical, with basic firewalling and packet mangling. 1G of ram is severe overkill for that kind of router.
R3 1200 and an A320 board are not the sweet spot for spending money on a home server. I’d recommend you considered home server hardware, and then just do router as a VM on it.
Suprised everyone is just jumping in on this without first asking wtf does someone need a 10gig connection for a home? I want details on what this magical 10gig connection to a home is unless you live inside an Amazon data center then i can understand
How fast of a CPU you need is less dependant on bandwidth and more on packets per second. Each firewall state consumes RAM and each packet will need to be inspected and processed by the firewall. So if you’re a single user, or only a handful of users (normal home use rather than hosting a high traffic service or a large business etc.) then you don’t need much power.
As a reference point, I can get about 3 Gb/s through pfSense for a single iperf3 (TCP) connection with a Xeon E5-2670 and Intel X520 NICs. This is with MTU 1500, firewall enabled, and some pretty generic tuning.
There are certainly faster CPUs out there these days, but I’m not confident that you will generally be able to saturate your connection with pfSense on any type of hardware. The scalability limits are in the software.
…the core of pfSense (pf, packet forwarding, shaping, link bonding/sharing, IPsec, etc) will be re-written using Intel’s DPDK.
…
DPDK is a set of libraries and drivers for fast packet processing.
…
We have a goal of being able to forward, with packet filtering at rates of at least 14.88Mpps. This is “line rate” on a 10Gbps interface. There is simply no way to use today’s FreeBSD (or linux) in-kernel stacks for this type of load.
The project which seems to have emerged from that work is called TNSR, rather than pfSense 3.0, but I’m not exactly sure what the status of it is or if it will ever be released in a community edition.
As for if anyone needs 10GbE at home? No, of course not, but don’t you also kinda want it? One of the ISPs here is doing a big push (as there is real competition here) and they need something for marketing. In cities here in Switzerland 1GbE is already widely available, so they just use the same connection to the end user as all the others, they just don’t cap you at 1Gb as they know that most people won’t use more anyways. In reality it’ll probably never be truly 10Gb, but hey, even 2Gb is twice as fast as 1Gb. Funny enough, the router they included didn’t work the first time around, and now they are sending a new one.
Since I am really new to networking, I don’t know what I will want to do in the future, all I have now is an Unraid NAS with some SMB shares. I am however eyeing at a faster NAS/SAN as I do quite a bit of video work. For now, there is now budget for that however.
Do any of you have experience with old servers form e.g. HP that you can get from ebay/local equivalent for a few hundred bucks? Are they any good or not worth the trouble?
I was just hoping I could save a few bucks by using cheap server network cards, maybe even SFP+ instead of paying 200-300$ on a 10Gb router. I saw a few people online building they’re own switches with PfSense, but I have no clue how hard it is to get those cards running and how well it will run in the end.
So what I’ve gathered from this is that I don’t need more than a Ryzen 3, but the limitation is more PfSense itself. And trying to cheap out on network cards isn’t worth it. Am I right with this summary?
If yes, do any of you have a good recommendation for a cheap 10Gb switch and network card?
I have this one in my shopping cart, pending my house move. Mikrotik CRS328
Mellanox Connect-X2 EN work fine for me, but they were old when I got them (PCIe 2.0) , and I’m using them with Linux not pfSense. (Sadly, I don’t have a need for quick router at home).
I will probably pick one of these up for my main system then, as I am running Ubuntu 18.04 on there. Did you have to do much tinkering to get your’s working?
The switch is a bit more than I would like to spend, I’ll keep an eye out for similar used options.
