Hello, I am a network engineer student who needs a little help picking parts for a Pfsence box. It needs to be able to handled fiber internet at 1gigbit down 255 megabit upload, and in the future be able to handle 10 gigabit network, when I start building my new home in about 3 years. So far I came up with this type of build from pcpartpicker.com. What I really need to know will this build fulfill my needs or is there something else that would be better. I want to be able to use all the options that are available in Pfsence, so I can learn everything there is to know about networking. I don't have an old computer that I can install Pfsence on, so I have to build a new one. Any help would be appreciated.
P.S. I know when I switch to a 10 gigbit network I my going to have to upgrade the nics onbord with an add on card.
The CPU should handle the throughput. You do not need 16 GB of RAM. You could get away with 4GB. I have 4gb and am only using 10% of it right now in my pfsense box. You don't need that ssd. Either put an old spinning rust in it or buy a 32 or 64gb ssd. You also don't need that cpu cooler. The stock intel will be just fine. Get a cheaper motherboard without wifi cause wifi drivers for psfsense are not that great. You say you want to swap in 10gb nic at somepoint but you should not ever need 10gb nics in the pfsense box. you would rather buy a 10gb switch and your local network would use it to talk to your PCs with 10gb nics that you put in them.
I know I don't need 16 GB of ram, I want to make sure I had enough ram to use all the option that are available in Pfsence, as I mention above this Pfsence box is going to be the router for a 1 gigait fiber internet connection and device to be able to implement everything I learn from my networking classes, in other words my own home network lab. The reason this is important is I want the ability to try and change things I cann't do at the college network lab because the It department has some feature looked down and only unlocks it when the professor is around.
I don't like hhd anymore not since they have gotten the bugs out of ssd's, but thanks for the input. Also the reason I picked the ssd i did was I could get a larger ssd for about the same price as the 120 GB ssb i would have purchase. It is my belief a 32 or 64 GB ssd would be to small for my needs taking into consideration my experiences with ssb's.
I picked that motherboard because it was the cheapest I could find that had 2 nics on the motherboard, and plan on setting up ap for wireless devices that I have.
I guess I didn't comuincate clearly enough of why I would want to have the ability to add 10 gigabit nics to the Pfsence box, my internet provider is thinking of offering in three to four years from now 10 gigbit internet service to homes. But that project is in the future.
You still will not need 16gb of ram period if you are that worried about it get 8gb. There are 120GB ssd going for around 40 bucks on amazon spend your money however you would like in that area just trying to help save money so you can go 10 gig later. The motherboard is great for the dual nics but i advise you to get an external AP like a Ubiquiti. For better reliability and you say you want to learn and so with a Ubiquiti you can set up multiple ssid with separate vlans. By the time your ISP offers 10 gig you will need a whole new rig anyway cause that cpu probably wont handle that kind of throughput.
A atom could handle the through put, IP tables requires next to none, id go with a celeron(or even i3, and the latest bleeding edge core i7 or xeon if youre using VPN, there's a very big diff) atleast though if alot of users are going to be using it, network trafficking requires very little computational power. NO!...NONONONONO...NONO just NO! for a static system which runs 24/7, you do not want mechanical parts, just NO they will die eventually where as a SSD with a low writes system has next to no chance of ever dying, heck a SD card could outlive a spinning rust drive, its a simple matter of moving parts vs. non moving parts. Honestly you could do just as well, if not better, as pfsense with a regular ubuntu server/core distro, albeit it would require abit more work, since you'd have to go CLI, but both supports VPN, and all the network magicks like dhcp, hostapd, yada yada.
Adding 10 gigabit nic's was an option I was going to add some years down the road, but I have changed my mind, when I would be ready to add 10 gigabit nic's I would be replacing just about everything else, so have decided not to worry about that until the time comes.
I try avoid buying electronic's on Amazon, I have heard a lot of horror story's about people buying what they think is a new item but what they receive is a use item. My mother purchased a book on Amazon, the add said it was a new book, but what she received was a very used book. I am rethinking the size of ssd, a 120 GB ssd should be plenty of space. I can take the savings and put it toward getting a better cpu or motherboard. Also when I start building my house I will leave this Pfsence box for my mother and two sisters to use { yes I curantly live with my mother how else is a student able to afford college} I will have to build a new one anyway.
You will need a decent CPU for 1gbps, there's a difference between transferring data at that speed between two interfaces and firewalling a high number of packets per second. An atom won't do, I'd recommend some sort of quad core. You don't need a 10gb nic on the router unless you plan on having multiple 10gb networks and you need to route between them. If you're just connecting your network to the internet then as long as the nics are the same speed as you're internet connection then you're fine.
You don't need a lot of RAM, 4GB is plenty for pretty much anything. The only thing I can think of that would use a lot of RAM is snort, which if you used a lot of rules and used the fastest pattern matcher would require maybe 32gb of RAM. BUT there is no performance benefit between the standard low memory pattern matcher and the fastest high memory one, so don't spend any money you don't have to on that, because there is literally no difference.
EDIT: Missed the bit about a future 10gb internet connection. But in that case just wait until then because the hardware requirements for that are going to be huge and it's not worth wasting money on that now when it will be cheaper by the time you get a faster internet connection.
I have come to the same conclusion I am going to need at least an I3 on the Intel or some multi core AMD. Does anyone on this forum know anything about AMD processor I have to confess I have used nothing but Intel products? I looked into the recommend specs on Pfsence web site, and they recommend for 501+ Mbps Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters. Now I have a question would I need a sever motherboard and PCI=e adapter cards instead of use the on board nic's?
I guess the best way for anyone to help is to try and communicate my current needs, this network is going to have four televisions wired to the network providing internet tv, two desktop computers, two laptop computers and I was going to add ap devices so tablets, and I phones can connect to the internet.
The home I am living in now has 4 adults sharing the house network, because the house was built in the 1920 right now every device connect to the network using wireless technology. So you can guess every once in a while me and my sisters get into arguments about who is using to much bandwidth. I plan to fix this problem by adding cat 6a or cat 7 Ethernet cable to the whole house and upgrade our internet service from 50 megabit to 1 gigabit, but that is a project that will have to wait until summer or fall when I have saved enough money to purchases a gigabit switch and the cabling I need to wire the hole house.
If you want to get the most out of your gigabit internet connection you're going to need good NICs, like the intel ones with working TCP offload drivers (which may be disabled by default in pfsense). The rest of the system doesn't need to be server grade but you will need a decent CPU especially if you don't have decent NICs.
Pfsense boots quick from an SSD, so benefit there. (In contrast, FreeNAS doesn't seem to boot any faster). Also you could use the extra ram for proxy caching in the mean time, if that is your thing.
Can't comment on >gigabit speed though, I live in Australia and don't have access to your crazy alien technology.
pfSense boots quick if you have a hard drive as well, pfSense is a network appliance and is fairly lightweight, mine boots from an HDD that is more than 10 years old in under 30 seconds.
I went back to pcpartpicker.com and edit the build I had there and made some changes. I lowered the ram from 16GB to 8GB with the idea if I need more I can always add more, changed the I3 to an I5 4 core like was suggested, and add an Intel nic card.
I know most likely will have to replace the case from a thin mini itx to something that can handle full size nic, since the onboard nic most likely wouldn't be able to take full advantage of a i gigabit network, which is important to me more than the cost.
The only Intel manufacture nic I could find on pcpartpicker.com where Intel EXPI9404PTLBLK-1PK PCI-Express x4 at around $420 dollars a pop that adds quite a bit to the price of the build, if some could suggest an less expensive Intel model nic I would be very grateful.
I looked at the up, my bandwidth will be higher than the up can provided I have to use network adapter cards not the nic that are built into the mother board I have plans to add in the near future a plex server, web server, a file seerver, own email server, and some sort of backup file server, so you can see once I update my internet service to 1 gigabit, I probably will need more bandwidth than the up can provide. Also, I live in America and I think the import taxes would run up the cost to where it would be the same.
Sounds Like something to look into when I build my house which is a few years off just yet , I will probably will need the 16 port switch model instead of the 8 port model you suggested. Though right know I am still researching the pro and cons of of using fiber cable instead of 10 gigabit Tbase Ethernet, (Cat 6a copper).
I have decide it would be to expensive to rewire the current house I live in with fiber cable, the only reason I will be using Cat 6a copper cable is I need the increase footage per end point. I can't install my cabling into the wall, so I will have to come up with a creative way of installing the cabling, I was thinking of drilling hole in the floor where I want to put an outlet for example say I want to put an Ethernet outlet by the living room television, I would drill a hole in the ceiling run the cable up to the attic, run across the attic floor, drill another hole in the attic floor where my switch will be located, run the cable down to the Ethernet outlets that will be attached to my switch. Thanks for the suggestion though.