The pfSense Store

Author Topic: CPU grunt required to route WAN<->LAN... AND.... LAN<->LAN  (Read 1144 times)

0 Members and 1 Guest are viewing this topic.

Offline rikar

  • Newbie
  • *
  • Posts: 16
    • View Profile
CPU grunt required to route WAN<->LAN... AND.... LAN<->LAN
« on: June 08, 2012, 06:19:49 am »
Hey there, lurker for years, used Smoothwall early last decade on some old gear. Now that I actually pay for my power bill, I want a new low power solution to assist moving away from DD-WRT which I love to death, so stable over 4 yrs.

Environment:

   • 120Mbit/2.4Mbit connection
   • ESXi x 2
   • NAS's  X 2
   • Microsoft file server X 2
   • 3-5 wired clients (desktops, HTPC etc)
   •  Apps server (AirVideo, SAB, SQL etc)
   • Wifi devices, have a WRT400N with DD-WRT for N traffic that I can stick in AP mode on an adaptor I assume (3 tablets, 3  phones, 2 laptops)
   • HP Procurve GB 8 port and a 24 port switch.

>> http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49

The page says "No less then 1.0Ghz CPU" to route 51-200 worth of traffic, which I thought I would be within, but does that include LAN to LAN traffic? I'm a little network green. If I'm moving traffic from a subnet (say my DMZ) through to my inside LAN, this routes through pFsense correct? What if I setup pFsense control VLAN's?

From this thinking plus threads on the forum, I don’t need just  ~1Ghz, but enough grunt to move 1Gbps.
 I want to be able to run Snort, maybe cache and a few VPN connections.

It "seems" that my Q is A here >>
http://forum.pfsense.org/index.php/topic,45922.0.html

"If you need Gbps transfer between internal subnets/interfaces then the G530 is the right choice.  

Steve"


Actual Question: Would a intel BLKDH61WWB3 + G620 suffice? Ill being running either a dual port intel NIC or the single onboard one with VLAN.

PS: Some sort of matrix that could answer my question would be well cool.
A package in pFsense that pushed "benchmark type" results to a cloud, the data could be well useful to peeps I would have thought.


Thanks sooo much!!!


Michael

Online stephenw10

  • Hero Member
  • *****
  • Posts: 8127
    • View Profile
Re: CPU grunt required to route WAN<->LAN... AND.... LAN<->LAN
« Reply #1 on: June 08, 2012, 07:05:29 am »
Welcome, nice router! (Hitachi?)

The page says "No less then 1.0Ghz CPU" to route 51-200 worth of traffic, which I thought I would be within, but does that include LAN to LAN traffic? I'm a little network green. If I'm moving traffic from a subnet (say my DMZ) through to my inside LAN, this routes through pFsense correct? What if I setup pFsense control VLAN's?

pfSense filters traffic between any of its interfaces. Therefore if you are moving files from a 'dmz' to a LAN you need pfSense hardware that can filter that traffic at the required speed, possibly up to gigabit.

Actual Question: Would a intel BLKDH61WWB3 + G620 suffice? Ill being running either a dual port Intel NIC or the single onboard one with VLAN.

Yes. You will be able to route at gigabit wire speed with that board/cpu. If you use VLANs all your traffic has to use a single connection but that may not be such a problem. Since you already have a nice VLAN capable switch you can try it without any cost.

I agree we need some more recent figures for the hardware page. The trouble is there are so many variables that hard figures can be misleading.

Steve

Offline rikar

  • Newbie
  • *
  • Posts: 16
    • View Profile
Re: CPU grunt required to route WAN<->LAN... AND.... LAN<->LAN
« Reply #2 on: June 08, 2012, 08:08:18 pm »
Thanks, its a FESTOOL Oberfräse OF 1010 EBQ-Plus :)

Thanks so much for your reply Steve!

Traffic going through interfaces requires CPU usage, gotcha.

If i go VLAN, it would seem all traffic go through pfSense, as I would be firewalling various subnets., gotcha.

Quote
The trouble is there are so many variables that hard figures can be misleading.

There are a lot of variables but then there are a lot of pfSense users. Mashing a few 10,000 tables of data together would show some commonalities i would have thought. Shame I lack statistical analytic skills, would be fun and beneficial to the community.

Thanks so much again, gunna go grab some hardware!

Michael