Netgate m1n1wall

Author Topic: bandwith in isp need help about hardware detail  (Read 1531 times)

0 Members and 1 Guest are viewing this topic.

Offline s_265_925

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
bandwith in isp need help about hardware detail
« on: June 14, 2012, 05:05:20 am »
hi all!
i have an isp and i only need restriction for my users in some services and filter some ports ...
i have about 10 Gb in and 10 Gb out traffic!
what hardwares should i use for best performance for this amount of traffic?
what is your idea ?

Online stephenw10

  • Hero Member
  • *****
  • Posts: 8159
  • Karma: +5/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #1 on: June 14, 2012, 05:24:00 am »
10Gigabits per second in and out?  :o

I'm not sure there is any hardware that can do that in a single box. Due to the way pfSense works and the current performance of CPUs I believe the best possible throughput is 4-5Gbps. I could be wrong though.

Following this thread with interest.

Steve

Offline allpoints

  • Jr. Member
  • **
  • Posts: 39
  • Karma: +0/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #2 on: June 14, 2012, 01:52:08 pm »
BIG Linux core switches:

http://www.aristanetworks.com/

 ;D

Offline s_265_925

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #3 on: June 15, 2012, 02:23:48 am »
thanks all for replay  :) ! but i need cpu -ram- lan details ! can i use a multiprocessor server ;D?!  i need solution !! any idea ?
before that ! is it possible to do this with this amount of traffic  ??? ???
« Last Edit: June 15, 2012, 02:27:43 am by s_265_925 »

Online stephenw10

  • Hero Member
  • *****
  • Posts: 8159
  • Karma: +5/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #4 on: June 15, 2012, 05:18:31 am »
It hadn't even occurred to me that you might not be asking about pfSense.  ::)

You probably could do this with pfSense but not with one machine. You would need to split your 10Gb connection across a number of boxes, say five each firewalling 2Gb.

This is way out of my league to be honest. If you're serious about doing this I'm sure BSD perimeter could sort you out.

Steve

Offline s_265_925

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #5 on: June 15, 2012, 08:07:52 am »
first thanks for helping!
i think you are right splitting is the best way  ;D! now with your experience what do you think for 2 Gb traffic in and out what should i use ! i mean what hardwares can do that for me without hanging and other problems  ::).
« Last Edit: June 15, 2012, 08:09:54 am by s_265_925 »

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
  • Karma: +0/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #6 on: June 15, 2012, 10:04:12 am »
10Gigabits per second in and out?  :o
I'm not sure there is any hardware that can do that in a single box. Due to the way pfSense works and the current performance of CPUs I believe the best possible throughput is 4-5Gbps. I could be wrong though.

Following this thread with interest.

There was a topic on this sub-forum How Far Have You Scaled Your PFS Box?, but most posts are from the 2008/2009 era. It'd be interesting to hear about recent pfSense deployments, considering that newer FreeBSD supports several 10G cards.

Based on what I read here http://lists.freebsd.org/pipermail/freebsd-pf/2012-June/006643.html there is also some effort underway to create an SMP-friendly version of PF for FreeBSD

Online stephenw10

  • Hero Member
  • *****
  • Posts: 8159
  • Karma: +5/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #7 on: June 15, 2012, 10:19:59 am »
Ah, interesting reading. Interesting that this is a FreeBSD effort and not OpenBSD.
Also particularly happy to see that this is very much current.

SMP to one side it should be possible to beat the old records with modern hardware. What do you think is now possible?

Steve
« Last Edit: June 15, 2012, 10:27:07 am by stephenw10 »

Offline s_265_925

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #8 on: June 16, 2012, 03:34:35 am »
SO WHAT ?  ::)  POSSIBLE OR NOT ?  ;D

Offline s_265_925

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile

Online stephenw10

  • Hero Member
  • *****
  • Posts: 8159
  • Karma: +5/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #10 on: June 16, 2012, 05:25:03 am »
It is possible, yes.  ;)

I've never tested anything at these speeds personally so I can't give you any recommendations. As we discussed the currect, and likely near future, versions of pfSense are restricted by the fact that pf(4) does not multithread. Therefore to get the greatest throughput you need a machine with a high cpu clock speed per core rather than multiple cores at a lower speed. There is very little point in using a 16core xeon server for example.

Steve

Edit: The applianceshop hardware looks nice and you are guaranteed that it will all work with pfSense.  ;) Perhaps drop them a line and ask about maximum throughput.

Edit: They state 9.5Gbps in the brochure. But is that for a single connection or the total of many connections?
« Last Edit: June 16, 2012, 05:30:34 am by stephenw10 »

Offline s_265_925

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: bandwith in isp need help about hardware detail
« Reply #11 on: June 18, 2012, 12:38:33 pm »
thanks for helping  ;D