pfSense Gold Subscription

Author Topic: Just upgraded to Gigabit at the house, looking back into setting up pfsense agai  (Read 446 times)

0 Members and 1 Guest are viewing this topic.

Offline LVNeptune

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
I ran it many, many years ago back when the most you could get from your ISP was 25Mbit and I did load balancing across several cable connections and DSL to get 100Mbit when it was unheard of for home internet. Eventually faster and faster speeds came and I no longer required the pfsense and went to a traditional router.

I feel like I've run full circle. Very few modern routers support full 1Gbit throughput. I want to be able to 100% max out my connection. Was looking into building either a mini-itx machine or getting one of those prebuilt $300~ NUC'ish devices off Amazon.

I have absolutely zero need for a VPN tunnel running to my house and even if I did I would most likely get a standalone VPN gateway device instead of using up the CPU cycles on my router.

What would you recommend in this situation? Everything I keep reading has OpenVPN in mind which I don't care about.

For reference, this is Cox's NEW Docsis 3.1 Gigablast offering. This is not fiber. Not that it really makes any difference other than this is 1Gbit/35Mbit not 1Gbit synchronous like with regular fiber.

Thank you all in advance.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 645
  • Karma: +52/-1
    • View Profile
A baseline Intel chip with AES-NI and at least two good NICs is all you need. If you want to build custom, the (Very cheap) J3355B boards will do fine, add a cheap Intel NIC, and at least 2GB of RAM. Storage doesn't matter what you use, even a USB drive or CF card would do. Most people use a small SSD since it doesn't have moving parts.

BlueKobold

  • Guest
Quote
I feel like I've run full circle. Very few modern routers support full 1Gbit throughput. I want to be able to 100% max out my connection. Was looking into building either a mini-itx machine or getting one of those prebuilt $300~ NUC'ish devices off Amazon.
A home router often came ASIC/FPGA based and pfSense is a x86_64Bit firewall that can be turned into a fully
UTM device and this may need then more horse power for sure.

Quote
I have absolutely zero need for a VPN tunnel running to my house and even if I did I would most likely get a standalone VPN gateway device instead of using up the CPU cycles on my router.
OpenVPN is very popular, but if you, as an example are using Apple iPhones or Tablets, that will be able
to support IPSec out of the box, you could also using IPSec VPN to your home!

Quote
For reference, this is Cox's NEW Docsis 3.1 Gigablast offering. This is not fiber. Not that it really makes any difference other than this is 1Gbit/35Mbit not 1Gbit synchronous like with regular fiber.
PPPoE based or not?

The SG-4860 is serving up to ~900 MBit/s and a small and ~470 MBit/s IPSec throughput.

Offline xionoix

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
I also just upgraded to Cox's NEW Docsis 3.1 Gigablast service this week. What a story just trying to get Cox to activate the modem.  I went through three tech who had no idea what I was talking about.  This isn't PPPoE based.

I have been running pfSense, and my Protectli E3845 based box is only seeing ~500Mbps, but an i7/gigabit NIC laptop connected directly to the modem sees about 840Mbps down and almost 50 up.

So I am scouring the forums for next steps.

@BlueKobold: You say your SG-4860 is hitting ~900 Mbps.  Can you tell me what services are running with those numbers?

BlueKobold

  • Guest
Quote
I also just upgraded to Cox's NEW Docsis 3.1 Gigablast service this week. What a story just trying to get Cox to activate the modem.  I went through three tech who had no idea what I was talking about.  This isn't PPPoE based.
I was only asking for PPPoE because in pfSense this part is "only" CPU single core threaded!!! And this could be the
angle point here, if you are not using PPPoE you might be able to get closer to route 1 real GBit/s with ease and not
so fast hardware, as the older C2000 atoms are being.

Quote
I have been running pfSense, and my Protectli E3845 based box is only seeing ~500Mbps,
Did you try out to tune a bit the NICs and network part? What NICs, cpu and RAM are inside of that box?

Quote
but an i7/gigabit NIC laptop connected directly to the modem sees about 840Mbps down and almost 50 up.
Ok, this can be for sure, but please let us being realistic and talking about the same things and not comparing apples and
bananas against! The most peoples that are coming from their plastic home router that is ASIC/FPGA pushed, will be
thinking that pfSense is something like linux and it must be running fast as the home router, but pfSense is doing, NAT
and pf (BSD packet filter) and all the made rules must be passing, then often other packets are inspecting and proofing
that network traffic too! but your modem is doing nothing of this! It is a pure modem, no SPI, no NAT, no firewall rules,
no http proxy such squid or ids as snort is doing and so this number will be even different each from another. sometimes
more sometime not. 

Quote
So I am scouring the forums for next steps.
Might be a good thing in my eyes.

Quote
@BlueKobold: You say your SG-4860 is hitting ~900 Mbps.  Can you tell me what services are running with those numbers?
Link to the ~900 MBit/s but I donīt know if he is using PPPoE wether or not!!!
SG-4860 on symmetric GBit/s fiber line
I run a SG-4860 at home. I have a 1Gbps/1Gbps connection. I get > 900Gbps all the time.

Link to the ~470 MBit/s over IPSec VPN, but I donīt know the other VPN endpoint!!!
SG-4860 IPSec VPN throughput
Net-net I'm seeing 470-477Mbps over the VPN

I hope that is now more clarifying the numbers I told around here.

Offline messerchmidt

  • Sr. Member
  • ****
  • Posts: 306
  • Karma: +11/-4
    • View Profile
ryzen 5 @1200, cheap board, ebay dual intel nic, 8gb ram, 128gb ssd

an old videocard

pick a case and psu

Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
As has already been mentioned, J3355B is a good build.

Also if you want to buy used, a thinkpad with AES-NI coupled with a web managed switch will do the trick for really cheap.

You really don't need much in the way of hardware to route 1Gbps, espeically sine your connection is symmetrical.

Buy an SG-4860 just to route gigabit without OpenVPN if you hate your money.

Offline noons

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
If your willing to spend the money 350 will get you the brand new sg-3100 which netgate is insistent can handle 1Gb symmetrical without issue. Benefit with this little guy is at 6w you get a built in switch.. Plus you support the project and get 1 year of support on top of it.