Re: [Soekris] soekris 4801 and pfsense 2.x
Hi, does the soekris 4801 +case_lan1621_boardhttp://soekris.eu/shop/net4801/net4801_48_board_and_case_lan1621_board_en.html will support all this traffic ? The 4801 is very limited and realistically scales up to 4kpps to 10kpps depending on the OS. The pfsense web interface is very heavy and modern versions don't even run on boxes like the 4801 due to RAM limitations. You are better off with a 5501 or 6501 box. I have been using pfSense on a 5501 and a 6501 with load balancing over 2 ADSL lines. It works quite good. Web access to pfsense interface is quicker on 6501 device. If you have a lot of connected computer on you lan, you should use a device with high CPU. It increases WAN access speed. I had an issue with the net6501 that deals with faulty SSD drive. Use as much as possible nanoBSD version and redirect syslog events to an internal syslog server. Regards. Éric Boudrand ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] soekris 4801 and pfsense 2.x
hi so the 4801 can be use only for monowall or small firewall ;) a+ 2013/9/10 Eric Boudrand d...@boudrand.net Hi, does the soekris 4801 +case_lan1621_board http://soekris.eu/shop/net4801/net4801_48_board_and_case_lan1621_board_en.html will support all this traffic ? The 4801 is very limited and realistically scales up to 4kpps to 10kpps depending on the OS. The pfsense web interface is very heavy and modern versions don't even run on boxes like the 4801 due to RAM limitations. You are better off with a 5501 or 6501 box. I have been using pfSense on a 5501 and a 6501 with load balancing over 2 ADSL lines. It works quite good. Web access to pfsense interface is quicker on 6501 device. If you have a lot of connected computer on you lan, you should use a device with high CPU. It increases WAN access speed. I had an issue with the net6501 that deals with faulty SSD drive. Use as much as possible nanoBSD version and redirect syslog events to an internal syslog server. Regards. Éric Boudrand ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech -- Chahid Ouarzoun skype: visptelco tel fr: +33 1 77 69 57 12 tel ma: +212 5 24 29 18 95 gsm ma: +212 650 47 77 79 ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] soekris 4801 and pfsense 2.x
Hi, If you don't reqiure custom modifications all the time, no different user access to the interface etc. you could just create the pf.conf and use it on an OpenBSD installation (this is what I use, other BSDs may be fine too). It wouldn't need as much RAM as pfSense. However, this wouldn't help with the throughput limits. Sent from my Samsung Galaxy S4 LTE On Sep 10, 2013 1:47 PM, chahid ouarzoun chahid.ouarz...@gmail.com wrote: hi so the 4801 can be use only for monowall or small firewall ;) a+ 2013/9/10 Eric Boudrand d...@boudrand.net Hi, does the soekris 4801 +case_lan1621_boardhttp://soekris.eu/shop/net4801/net4801_48_board_and_case_lan1621_board_en.html will support all this traffic ? The 4801 is very limited and realistically scales up to 4kpps to 10kpps depending on the OS. The pfsense web interface is very heavy and modern versions don't even run on boxes like the 4801 due to RAM limitations. You are better off with a 5501 or 6501 box. I have been using pfSense on a 5501 and a 6501 with load balancing over 2 ADSL lines. It works quite good. Web access to pfsense interface is quicker on 6501 device. If you have a lot of connected computer on you lan, you should use a device with high CPU. It increases WAN access speed. I had an issue with the net6501 that deals with faulty SSD drive. Use as much as possible nanoBSD version and redirect syslog events to an internal syslog server. Regards. Éric Boudrand ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech -- Chahid Ouarzoun skype: visptelco tel fr: +33 1 77 69 57 12 tel ma: +212 5 24 29 18 95 gsm ma: +212 650 47 77 79 ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] soekris 4801 and pfsense 2.x
On Sep 10, 2013, at 1:17 PM, Nikola Gyurov ngyu...@gmail.com wrote: Hi, If you don't reqiure custom modifications all the time, no different user access to the interface etc. you could just create the pf.conf and use it on an OpenBSD installation (this is what I use, other BSDs may be fine too). It wouldn't need as much RAM as pfSense. However, this wouldn't help with the throughput limits. OpenBSD may or may not be a big help here. The OpenBSD team has done a lot of work on pf since the version that's in pfsense was released. Some of the work was performances based and that may be enough to get the job done on net4801 hardware for you. More on that later. One big change was a pf.conf syntax change regarding how NAT is handled which happened with OpenBSD 4.5. If you are using NAT, I would _not_ count on a pfsense generated configuration to work in OpenBSD 4.5+ Otherwise, the news if very good. If my research is correct the OpenBSD team has gained big performance increases in both their network stack and pf many of which aren't reflected in pfsense. According to this talk: youtube.com/watch?v=VNyBAcO2pIg [20:15] they roughly doubled the throughput of pf and their network stack from 28Mbit / sec to 56Mbit / sec on low end Soekris hardware. They don't specify the hardware beyond low end Soekris but when they say low end I assume that they mean a 45xx or a 48xx. I myself have tested 55xx and 65xx hardware and find that you can achieve 80 ~ 90 Mbit/sec with OpenBSD on the net5501 with the standard 100Mbit/s vr interfaces. To go faster you'll need to install a good Gigabit NIC in the net5501's PCI slot. The net5501 will keep up with the traffic but in this configuration, with a dual intel em PCI NICs I get lot's of heat. If the high heat bothers you, save yourself some time and opt for the net6501 or go for a rack mount chassis and plan on adding a fan. $ sysctl -a | grep deg hw.sensors.nsclpcsio0.temp0=92.00 degC (Remote) hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote) hw.sensors.nsclpcsio0.temp2=70.00 degC (Local) Hope this helps, -- Chris signature.asc Description: Message signed with OpenPGP using GPGMail ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] soekris 4801 and pfsense 2.x
Actually, OpenBSD is slightly changing syntax over time, but the changes from a version to another are trivial and easy to implement. The bigest one I can remember was introduced in 4.7 with the changing of the redirection etc. As for the configuration generation on pfSense - while most of the things on OpenBSD just work, working with another config rarely happens :) What I meant was that he can generate his config on pfSense so he'd have a general idea of what does he need, then rewrite it to work on OpenBSD - could be tricky, but not impossible. A good guide to PF (if not the best) is Peter Hansteen's 'The Book of PF', 2nd edition -- http://nostarch.com/pf2.htm @Chris, are you actually running on 127 degC? NS (now TI) do produce some tough hw! These are my temp stats on the 6501-50 with two WD HDDs in the box: $ sysctl | grep deg hw.sensors.cpu0.temp0=34.00 degC hw.sensors.cpu1.temp0=34.00 degC hw.sensors.acpitz0.temp0=43.00 degC (zone temperature) hw.sensors.acpitz1.temp0=43.00 degC (zone temperature) Best regards, Nikola Gyurov On Tue, Sep 10, 2013 at 9:17 PM, Christopher Hilton ch...@vindaloo.com wrote: On Sep 10, 2013, at 1:17 PM, Nikola Gyurov ngyu...@gmail.com wrote: Hi, If you don't reqiure custom modifications all the time, no different user access to the interface etc. you could just create the pf.conf and use it on an OpenBSD installation (this is what I use, other BSDs may be fine too). It wouldn't need as much RAM as pfSense. However, this wouldn't help with the throughput limits. OpenBSD may or may not be a big help here. The OpenBSD team has done a lot of work on pf since the version that's in pfsense was released. Some of the work was performances based and that may be enough to get the job done on net4801 hardware for you. More on that later. One big change was a pf.conf syntax change regarding how NAT is handled which happened with OpenBSD 4.5. If you are using NAT, I would _not_ count on a pfsense generated configuration to work in OpenBSD 4.5+ Otherwise, the news if very good. If my research is correct the OpenBSD team has gained big performance increases in both their network stack and pf many of which aren't reflected in pfsense. According to this talk: youtube.com/watch?v=VNyBAcO2pIg [20:15] they roughly doubled the throughput of pf and their network stack from 28Mbit / sec to 56Mbit / sec on low end Soekris hardware. They don't specify the hardware beyond low end Soekris but when they say low end I assume that they mean a 45xx or a 48xx. I myself have tested 55xx and 65xx hardware and find that you can achieve 80 ~ 90 Mbit/sec with OpenBSD on the net5501 with the standard 100Mbit/s vr interfaces. To go faster you'll need to install a good Gigabit NIC in the net5501's PCI slot. The net5501 will keep up with the traffic but in this configuration, with a dual intel em PCI NICs I get lot's of heat. If the high heat bothers you, save yourself some time and opt for the net6501 or go for a rack mount chassis and plan on adding a fan. $ sysctl -a | grep deg hw.sensors.nsclpcsio0.temp0=92.00 degC (Remote) hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote) hw.sensors.nsclpcsio0.temp2=70.00 degC (Local) Hope this helps, -- Chris ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] soekris 4801 and pfsense 2.x
Sorry, wrong box. It's: $ sysctl | grep deg hw.sensors.cpu0.temp0=71.00 degC hw.sensors.cpu1.temp0=71.00 degC Best regards, Nikola Gyurov On Tue, Sep 10, 2013 at 10:03 PM, Nikola Gyurov ngyu...@gmail.com wrote: Actually, OpenBSD is slightly changing syntax over time, but the changes from a version to another are trivial and easy to implement. The bigest one I can remember was introduced in 4.7 with the changing of the redirection etc. As for the configuration generation on pfSense - while most of the things on OpenBSD just work, working with another config rarely happens :) What I meant was that he can generate his config on pfSense so he'd have a general idea of what does he need, then rewrite it to work on OpenBSD - could be tricky, but not impossible. A good guide to PF (if not the best) is Peter Hansteen's 'The Book of PF', 2nd edition -- http://nostarch.com/pf2.htm @Chris, are you actually running on 127 degC? NS (now TI) do produce some tough hw! These are my temp stats on the 6501-50 with two WD HDDs in the box: $ sysctl | grep deg hw.sensors.cpu0.temp0=34.00 degC hw.sensors.cpu1.temp0=34.00 degC hw.sensors.acpitz0.temp0=43.00 degC (zone temperature) hw.sensors.acpitz1.temp0=43.00 degC (zone temperature) Best regards, Nikola Gyurov On Tue, Sep 10, 2013 at 9:17 PM, Christopher Hilton ch...@vindaloo.com wrote: On Sep 10, 2013, at 1:17 PM, Nikola Gyurov ngyu...@gmail.com wrote: Hi, If you don't reqiure custom modifications all the time, no different user access to the interface etc. you could just create the pf.conf and use it on an OpenBSD installation (this is what I use, other BSDs may be fine too). It wouldn't need as much RAM as pfSense. However, this wouldn't help with the throughput limits. OpenBSD may or may not be a big help here. The OpenBSD team has done a lot of work on pf since the version that's in pfsense was released. Some of the work was performances based and that may be enough to get the job done on net4801 hardware for you. More on that later. One big change was a pf.conf syntax change regarding how NAT is handled which happened with OpenBSD 4.5. If you are using NAT, I would _not_ count on a pfsense generated configuration to work in OpenBSD 4.5+ Otherwise, the news if very good. If my research is correct the OpenBSD team has gained big performance increases in both their network stack and pf many of which aren't reflected in pfsense. According to this talk: youtube.com/watch?v=VNyBAcO2pIg [20:15] they roughly doubled the throughput of pf and their network stack from 28Mbit / sec to 56Mbit / sec on low end Soekris hardware. They don't specify the hardware beyond low end Soekris but when they say low end I assume that they mean a 45xx or a 48xx. I myself have tested 55xx and 65xx hardware and find that you can achieve 80 ~ 90 Mbit/sec with OpenBSD on the net5501 with the standard 100Mbit/s vr interfaces. To go faster you'll need to install a good Gigabit NIC in the net5501's PCI slot. The net5501 will keep up with the traffic but in this configuration, with a dual intel em PCI NICs I get lot's of heat. If the high heat bothers you, save yourself some time and opt for the net6501 or go for a rack mount chassis and plan on adding a fan. $ sysctl -a | grep deg hw.sensors.nsclpcsio0.temp0=92.00 degC (Remote) hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote) hw.sensors.nsclpcsio0.temp2=70.00 degC (Local) Hope this helps, -- Chris ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] soekris 4801 and pfsense 2.x
Thanks a lot for this response regards 2013/9/9 Chris Cappuccio ch...@nmedia.net chahid ouarzoun [chahid.ouarz...@gmail.com] wrote: Hello guys, can some one give me benchmark or share experience with an installation of soekris 4801 using pfsense 2.x. i planned use it for 30 pc and 30 ip phones + 3 wan connection using load balancing. does the soekris 4801+case_lan1621_board http://soekris.eu/shop/net4801/net4801_48_board_and_case_lan1621_board_en.html will support all this traffic ? The 4801 is very limited and realistically scales up to 4kpps to 10kpps depending on the OS. The pfsense web interface is very heavy and modern versions don't even run on boxes like the 4801 due to RAM limitations. You are better off with a 5501 or 6501 box. -- Chahid Ouarzoun skype: visptelco tel fr: +33 1 77 69 57 12 tel ma: +212 5 24 29 18 95 gsm ma: +212 650 47 77 79 ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] soekris 4801 and pfsense 2.x
chahid ouarzoun [chahid.ouarz...@gmail.com] wrote: Hello guys, can some one give me benchmark or share experience with an installation of soekris 4801 using pfsense 2.x. i planned use it for 30 pc and 30 ip phones + 3 wan connection using load balancing. does the soekris 4801+case_lan1621_boardhttp://soekris.eu/shop/net4801/net4801_48_board_and_case_lan1621_board_en.html will support all this traffic ? The 4801 is very limited and realistically scales up to 4kpps to 10kpps depending on the OS. The pfsense web interface is very heavy and modern versions don't even run on boxes like the 4801 due to RAM limitations. You are better off with a 5501 or 6501 box. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech