RE: [pfSense Support] Review New Hardware Setup
On Thu, 12 Jun 2008 10:15:31 -0500, Ryan Rodrigue [EMAIL PROTECTED] said: Sorry to butt in to this question, but i think it kinda goes along. Has anybody tried the new Inet atom based processors for something like this? They have made a few ITX boards for a pretty cheap price. They even have intel chipsets. http://www.malabs.com/product.asp?product_sku=76171item_no=MB-945GCLFshow= bpass=shopid= looks interesting. Thant and a good intel quad nic may be the way too go. Too bad it has a realtek nic onboard. An intel would have made this unit much better IMO. I have an Atom 230 based system I've just put together, unfortunately it's not one I'm planning to install BSD nevermind pfSense on, I'll actually be using it for VMWare (one of the guests will be pfSense, but this is only for a small home network, I'm trying to combine old low powered systems) -- Simon Dick [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Review New Hardware Setup
Simon Dick wrote: I have an Atom 230 based system I've just put together, unfortunately it's not one I'm planning to install BSD nevermind pfSense on, I'll actually be using it for VMWare (one of the guests will be pfSense, but this is only for a small home network, I'm trying to combine old low powered systems) would you be able to do at least a minimal network performance test, eg, boot linux and use netcat to test raw throughput? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Review New Hardware Setup
On Fri, 13 Jun 2008 10:55:51 +0100, Paul Mansfield [EMAIL PROTECTED] said: Simon Dick wrote: I have an Atom 230 based system I've just put together, unfortunately it's not one I'm planning to install BSD nevermind pfSense on, I'll actually be using it for VMWare (one of the guests will be pfSense, but this is only for a small home network, I'm trying to combine old low powered systems) would you be able to do at least a minimal network performance test, eg, boot linux and use netcat to test raw throughput? It's running centos 5 anyway, so I'll do that shortly, bear in mind I'm using a quad port 100Mb fxp type pci card, not the onboard Realtek one though (centos doesn't come with a driver to support it for some strange reason) -- Simon Dick [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Review New Hardware Setup
I have a board on order and will let you know how well it works with pfsense. -Original Message- From: Simon Dick [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 6:02 AM To: support@pfsense.com; support@pfsense.com Subject: Re: [pfSense Support] Review New Hardware Setup On Fri, 13 Jun 2008 10:55:51 +0100, Paul Mansfield [EMAIL PROTECTED] said: Simon Dick wrote: I have an Atom 230 based system I've just put together, unfortunately it's not one I'm planning to install BSD nevermind pfSense on, I'll actually be using it for VMWare (one of the guests will be pfSense, but this is only for a small home network, I'm trying to combine old low powered systems) would you be able to do at least a minimal network performance test, eg, boot linux and use netcat to test raw throughput? It's running centos 5 anyway, so I'll do that shortly, bear in mind I'm using a quad port 100Mb fxp type pci card, not the onboard Realtek one though (centos doesn't come with a driver to support it for some strange reason) -- Simon Dick [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ NOD32 3184 (20080613) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Review New Hardware Setup
I have one of the ones from http://www.tranquilpc-shop.co.uk/acatalog/Motherboards.html Using iperf: Client connecting to 192.168.50.189, TCP port 5001 TCP window size: 32.5 KByte (default) [ 3] local 192.168.50.50 port 56194 connected with 192.168.50.189 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-30.0 sec335 MBytes 93.7 Mbits/sec This is with the Atom server acting as the iperf server via linux fxp equivalent driver, and a FreeBSD 7.0/amd64 via vge0 over a 100Mb switch This is with the Atom as the client: Client connecting to 192.168.50.50, TCP port 5001 TCP window size: 16.0 KByte (default) [ 3] local 192.168.50.189 port 41113 connected with 192.168.50.50 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-30.0 sec337 MBytes 94.2 Mbits/sec Hope that helps somewhat, doesn't seem too bad to me! As a note, CentOS is actually the x86-64 version On Fri, 13 Jun 2008 08:51:12 -0500, Ryan Rodrigue [EMAIL PROTECTED] said: I have a board on order and will let you know how well it works with pfsense. -Original Message- From: Simon Dick [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 6:02 AM To: support@pfsense.com; support@pfsense.com Subject: Re: [pfSense Support] Review New Hardware Setup On Fri, 13 Jun 2008 10:55:51 +0100, Paul Mansfield [EMAIL PROTECTED] said: Simon Dick wrote: I have an Atom 230 based system I've just put together, unfortunately it's not one I'm planning to install BSD nevermind pfSense on, I'll actually be using it for VMWare (one of the guests will be pfSense, but this is only for a small home network, I'm trying to combine old low powered systems) would you be able to do at least a minimal network performance test, eg, boot linux and use netcat to test raw throughput? It's running centos 5 anyway, so I'll do that shortly, bear in mind I'm using a quad port 100Mb fxp type pci card, not the onboard Realtek one though (centos doesn't come with a driver to support it for some strange reason) -- Simon Dick [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ NOD32 3184 (20080613) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Simon Dick [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Review New Hardware Setup
Are main CPU hog is the Captive Portal, with 50-100+ people trying to login at the same time, it can eat up the CPU big time. If i turn captiveportal off, are 5501s barely peak over 30% cpu, with it on, I'm seeing 100% spikes all the time. I can't see me ever having a pipe bigger then 50mb/s or a DS3. So I'm pretty sure the box will be able to handle that throughput without a problem. Thanks for the input! Adam Chris Buechler wrote: On Thu, Jun 12, 2008 at 1:40 PM, Paul Mansfield [EMAIL PROTECTED] wrote: from a previous discussion, Opteron processors are best. Not necessarily at this time. The biggest factor in pps throughput is L1 cache size. AMD procs used to have significantly more L1 cache than Intels and hence were much more scalable in pps throughput, but I believe there isn't much if any difference now. Depends on which ones you're comparing. But we're discussing multi-Gbps and 500+ Kpps capable hardware when a relatively puny 5501 is almost adequate now, and only looking to accommodate a 5* increase in load. Any new system you buy today is going to push 20 times what a 5501 will, and have power to spare. Make sure you get Intel PRO/1000 PCI-e cards, even if you just have a 100 Mb network at this time. It's not much more money and gives you significantly more scalability. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Review New Hardware Setup
On Fri, Jun 13, 2008 at 3:59 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Are main CPU hog is the Captive Portal, with 50-100+ people trying to login at the same time, it can eat up the CPU big time. If i turn captiveportal off, are 5501s barely peak over 30% cpu, with it on, I'm seeing 100% spikes all the time. Yeah I don't think it's on the hardware sizing page on the website yet, but in the coming book on pfSense I have included some info on hardware sizing for captive portal. Here is an excerpt that needs some touching up still, and will be on the website when finished. Large and Busy Captive Portal Deployments Captive portal deployments with thousands of users and/or frequent simultaneous log on and log off activity will require more CPU than is required under normal NAT or routing operation. The processing of user log on and log off events, as well as maintenance of the user database increase CPU usage to some extent. How much depends on the total number of users, and most importantly the number of users logging in simultaneously. We know of several universities, schools and businesses around the world that have thousands of captive portal users on a single server. The deployments we are familiar with use moderately recent server hardware with dual Xeon 3+ GHz processors, and have plenty of CPU capacity to spare. I can't see me ever having a pipe bigger then 50mb/s or a DS3. So I'm pretty sure the box will be able to handle that throughput without a problem. Never say never. :) The hardware you specified is more than adequate for a few thousand users with a couple hundred frequently logging in simultaneously and still providing 100 Mb of throughput, so even if you do have a bigger pipe eventually you should be able to scale nicely. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Review New Hardware Setup
Sorry to butt in to this question, but i think it kinda goes along. Has anybody tried the new Inet atom based processors for something like this? They have made a few ITX boards for a pretty cheap price. They even have intel chipsets. http://www.malabs.com/product.asp?product_sku=76171item_no=MB-945GCLFshow= bpass=shopid= looks interesting. Thant and a good intel quad nic may be the way too go. Too bad it has a realtek nic onboard. An intel would have made this unit much better IMO. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2008 9:59 AM To: support@pfsense.com Subject: [pfSense Support] Review New Hardware Setup We are currently using Sokrisis 5501 with the embedded version of PFsense, they work great, but we are noticing that around 150-200 users the CPU starts maxing out. So we need to build a stronger box, here are the specs an employee came up with. With this box we want to have up to 1,000 users. Using captive portal, and traffic shaper. I have already recommend we use a Intel pro 10/100 nic, and not a SMC nic. Anything else that is not supported, or known to be flaky? Also have people had better luck with Intel or AMD based boards? Thanks Adam pfSense High Scalability Platform Dual-Core 1.8GHz Athlon x64 CPUs 1 GB RAM SATA II Hard Disk @ 160GB HARDWARE: - 1 $ 94.99 ARK IPC-4806 Black Steel 4U Server http://www.newegg.com/Product/Product.aspx?item=N82E16811128015 1 $216.99 TYAN S3970G2N-U-RS 1207(F) ServerWorks HT1000 ATX Server Motherboard http://www.newegg.com/Product/Product.aspx?item=N82E16813151071 1 $174.00 AMD Opteron 2210 Santa Rosa 1.8GHz Socket F 95W Dual-Core Processor Model OSA2210GAA6CQ http://www.newegg.com/Product/Product.aspx?item=N82E16819105030 1 $ 34.99 Dynatron F558 77mm 2 Ball CPU Cooler http://www.newegg.com/Product/Product.aspx?item=N82E16835114068 1 $ 59.99 Kingston 1GB (2 x 512MB) 240-Pin DDR2 FB-DIMM DDR2 667 (PC2 5300) ECC Fully Buffered Dual Channel Kit Server Memory Model KVR667D2S8F5K2/1G http://www.newegg.com/Product/Product.aspx?item=N82E16820134340 1 $ 13.99 LITE-ON Black IDE CD-ROM Drive Model DH-52N2P-04 http://www.newegg.com/Product/Product.aspx?item=N82E16827106086 1 $ 7.49 SAMSUNG Black Internal Floppy Drive Model SFD321B/LBL1 http://www.newegg.com/Product/Product.aspx?item=N82E16821103203 2 $ 37.98 SMC SMC9452TX-1 10/ 100/ 1000Mbps PCI EZ Card Copper Gigabit Card http://www.newegg.com/Product/Product.aspx?item=N82E16833129144 1 $ 10.99 ICY DOCK MB449SK-B 5.25 internal Hard drive mobile rack http://www.newegg.com/Product/Product.aspx?item=N82E16817994047 1 $ 41.99 HITACHI Deskstar 7K160 HDS721616PLA380 (0Y30006) 160GB 7200 RPM SATA 3.0Gb/s Hard Drive http://www.newegg.com/Product/Product.aspx?item=N82E16822145162 1 $ 59.99 COOLMAX CP-500T 500W EPS12V Power Supply http://www.newegg.com/Product/Product.aspx?item=N82E16817159040 SOFTWARE: - 1 $ 0.00 FreeBSD/pfSense Free with self-support TOTAL: $753.39 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ NOD32 3181 (20080612) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Review New Hardware Setup
I would try one of these. http://www.ironsystems.com/items.asp?Cc=ACLASS 1U's are nice. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense Support] Review New Hardware Setup
On Thu, Jun 12, 2008 at 1:40 PM, Paul Mansfield [EMAIL PROTECTED] wrote: from a previous discussion, Opteron processors are best. Not necessarily at this time. The biggest factor in pps throughput is L1 cache size. AMD procs used to have significantly more L1 cache than Intels and hence were much more scalable in pps throughput, but I believe there isn't much if any difference now. Depends on which ones you're comparing. But we're discussing multi-Gbps and 500+ Kpps capable hardware when a relatively puny 5501 is almost adequate now, and only looking to accommodate a 5* increase in load. Any new system you buy today is going to push 20 times what a 5501 will, and have power to spare. Make sure you get Intel PRO/1000 PCI-e cards, even if you just have a 100 Mb network at this time. It's not much more money and gives you significantly more scalability. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
