Netgate SG-1000 microFirewall

Author Topic: [ Show your pfSenses! ] - Thread - (bandwidth warning!)  (Read 55120 times)

0 Members and 1 Guest are viewing this topic.

Offline fLoo

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
[ Show your pfSenses! ] - Thread - (bandwidth warning!)
« on: December 21, 2012, 03:56:30 pm »
I'd like to raise a pfSense show-off thread. I'm gonna start off with my just build up replacement for my virtual pfSense (moved from ESXi back to hardware)

- Intel D2500CC (2x 1,8 Ghz)
- 4 GB Ram
- 3x Gbit NIC
- 128 GB SSD
- 75W power supply
- pfSense 2.1 (pfSense-memstick-2.1-BETA1-amd64-20121221-0526.img.gz)

« Last Edit: December 21, 2012, 03:58:32 pm by fLoo »

Offline extide

  • Jr. Member
  • **
  • Posts: 92
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #1 on: December 21, 2012, 04:32:08 pm »
Ok, here is my setup:

Cable Modem (Cisco/Linksys DPC-3008) sitting on top of machine.







Hardware:
Intel Core i3 3220 - 22nm Ivy Bridge - Dual Core 3.3Ghz - HT Disabled
ASRock Z77 Extreme 3
2x2GB DDR3 1333
64GB OCZ Summit SSD (Samsung Controller)
2x Intel PCI-E Gigabit Ethernet Adapters
Plextor DVD-RW
300W Seasonic 80+ Bronze PSU
Generic Case

Guts:





Below is a shot of the whole setup.
NOTE: The large Compaq server (8-way P3 Xeon) AND the Disk Array sittong on top of it ARE NOT IN USE. They are functioning ONLY AS A SHELF!

NetGear GS108P PoE Switch
2x Dlink DAP-2553 Wifi AP's using PoE from the GS108P (one for 2.4Ghz, the other for 5Ghz)
And the grey rectangle with green sticker on it sitting next to the monitor is the DirecTV DECA adapter. (Connects the DirecTV DECA network, which is ethernet over COAX that co-exists with the sat signals, to the rest of my network.) This way my DVR's all grab IP's from my pfSense box and have full internet access.

The monitor and keyboard are for when I need to manually go in there and work on something, which is pretty rare. :)

« Last Edit: December 21, 2012, 04:34:42 pm by extide »

Offline fLoo

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #2 on: December 21, 2012, 05:09:14 pm »
Oh damn - you want the people totally show off? I see - lets continue with me:

My complete setup (2 Wi-Fi-APs missing here)

- Cable Modem (Cisco EPC-3212)
- TP-WR1043ND (Public AP - Routing traffic through vpntunnel.se)



You can see (or its hidden):

- 24 Port Management Switch
- TP-WR1043ND (SamKnows bandwidth measurement)
- RIPE Atlas node (Network measurement)
- Raspberry PI + DVB-C Stick to monitor network segment usage of my local internet provider
- mini-LCD Monitor to monitor network statistics



- ESXi 5.1 WhiteBox (Core i5, 16 GB Ram / 2x 3 TB + 2x 64 GB SSD)
- 12 TB Raid-5 Firewire-NAS (hidden on the right)
- Yes i need to clean the ESXi :)


Offline extide

  • Jr. Member
  • **
  • Posts: 92
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #3 on: December 21, 2012, 05:15:17 pm »
Hey, I just posted my router ;) I have a Ubuntu Server running ZFS, a windows server, and a dedicated linux folding@home box as well. :) I can put more pics later.

Tell me more about the "Raspberry PI + DVB-C Stick to monitor network segment usage of my local internet provider" that is pretty cool... What kinda stats can you see?

Offline fLoo

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #4 on: December 21, 2012, 05:22:11 pm »
Hey, I just posted my router ;) I have a Ubuntu Server running ZFS, a windows server, and a dedicated linux folding@home box as well. :) I can put more pics later.

Tell me more about the "Raspberry PI + DVB-C Stick to monitor network segment usage of my local internet provider" that is pretty cool... What kinda stats can you see?

Because i'm using internet via a cable modem you can monitor the network usage of your network segment. The reason is because cable is a shared medium and every single customer in your segment can see every single bit (multicast), although its encrypted. So what u can do is the following:

Take a DVB-C-Stick (i prefer sundtek.de because of its full linux support), then u tune your dvb-c stick to the same frequency as your cable modem (in europe thats usally 546 - 602 mhz), toggle modulation and use dvbsnoop to read off the statistics of the frequency-channel.

Result:


Offline extide

  • Jr. Member
  • **
  • Posts: 92
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #5 on: December 21, 2012, 05:25:00 pm »
Yes, I understand how cablemodems and DOCSIS networks work, but I had no idea you could get a device to monitor the stuff like that! I am totally going to get one of those and set it up on one of my linux boxes!

Cool, looks like I can get a PCI-E one also. I may have to rig up some stuff to read the current DS/US channels from the cable modem and then feed that to dvbsnoop to get the infos. How are you making that graph? Are you manually doing it with RRDTOOL or is there some software out there for doing this specifically?

Thanks for the info BTW!
« Last Edit: December 21, 2012, 05:37:40 pm by extide »

Offline fLoo

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #6 on: December 21, 2012, 05:29:36 pm »
Yes, I understand how cablemodems and DOCSIS networks work, but I had no idea you could get a device to monitor the stuff like that! I am totally going to get one of those and set it up on one of my linux boxes!
Cool, waiting for your stats. If you need assitance (complete ready scripts for Cisco-Modems + RRDTools) just msg me. Oh and - dont forget to monitor your signal to noise :)


Offline extide

  • Jr. Member
  • **
  • Posts: 92
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #7 on: December 21, 2012, 05:39:51 pm »
Ok, sweet, I have a Cisco DPC 3008 so hopefully I wont need to modify the scripts much to grab the stats. It's funny, in another thread I posted on here today I asked if there was some software to grab this info from the cable modem and insert it into a DB so you can graph it over time. So, yes, I would love those scripts, thanks!

So, are you just using a coax splitter, standard -3.5dB one? Going to the DVB-C stick and the other side to the modem ?
« Last Edit: December 21, 2012, 05:43:50 pm by extide »

Offline fLoo

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #8 on: December 21, 2012, 05:44:21 pm »
No wait - its a Coax splitter for your TV-Signal, not the one for the modem. You should have a multimedia-splitter already at your wall (1x modem, 1x tv, 1x radio) you split the tv one! And yes, its a standarf 3.5dB splitter, so you should keep care of your stats. Maybe some adjustment of your cablenetwork is needed (increase the power on your cable amplifier and use an -3,5 attenuator for your cable modem).
For me it worked just out of the box, without modifying anything, because its just - 3.5dB :)

IF YOU MODIFY YOUR AMPLIFIER - KEEP AN EYE ON THE SLOPE :)

So u got

___PIN____
-----O-----
----/-\-----
LOG___TV

Regarding your question: Using RRDTool with complete custom (self written) templates and also own scripts to feed the RRD (which i can supply).

Photo:

« Last Edit: December 21, 2012, 06:01:23 pm by fLoo »

Offline gderf

  • Full Member
  • ***
  • Posts: 170
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #9 on: December 21, 2012, 07:18:33 pm »
Cray XD1 with 11,000 interfaces running pfsense 2.1 snapshot.



Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #10 on: December 22, 2012, 12:44:31 am »
Good idea for a thread. We're going to gather pictures from a variety of threads like these in the future and create some kind of micro-site showing off people's deployments. In the mean time, might as well get another thread going.  :)

Here's our primary colocation facility, where this site and most of our others run, as well as the snapshot and release build servers. The firewalls are virtual in ESX, a HA pair with primary on one ESX server and secondary on another.



« Last Edit: December 22, 2012, 12:47:42 am by cmb »

Offline fLoo

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #11 on: December 22, 2012, 04:19:35 am »
Sweeeeeeet :o Thats what i'm trying to accomplish but i still need more money (although my setup is already too fat for home networking) ;)

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11914
  • Karma: +468/-15
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #12 on: December 22, 2012, 05:36:57 pm »
Well I can't pass up this opportunity.



Yes, I have a problem. I'm trying to cut down.  ;)

Steve

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #13 on: December 22, 2012, 06:48:30 pm »
Well I can't pass up this opportunity.

Yes, I have a problem. I'm trying to cut down.  ;)

haha  Those aren't running the Watchguard software I presume?  ;D

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11914
  • Karma: +468/-15
    • View Profile
Re: [ Show your pfSenses! ] - Thread - (bandwidth warning!)
« Reply #14 on: December 22, 2012, 08:48:47 pm »
I'd love to say none of them are but the X-edge boxes at the top are Arm based and I haven't managed to hack a workable OpenWRT image onto them. Yet.  ;)

Steve