News: This forum is now permanently frozen.
Pages: [1]
Topic: Hardware suggestions for 100MBit up and down WAN  (Read 5057 times)
« on: June 10, 2008, 16:05:21 »
BlueC *
Posts: 5

Hi all,

We're about to ditch our old firebox for a m0n0wall firewall. We will soon be moving to a 100MBit (up and down) internet connection and I want to make sure we spec our machine accordingly.

We were looking at the ALIX 2C3 and the Soekris net5501-70 but I am concerned that they only have 500MHz CPU and that this could limit our throughput. Any any experience of this?

Our basic use of the firewall will be:
 - Standard packet filtering
 - Some traffic shaping
 - NAT
 - VPN but probably just using pass-through and having the VPN handled by an internal server although we may want to use the firewall for VPN in the future (add-on card?)

What would you folks suggest as a minimum spec? Would the 500MHz CPU be enough, and if not, can we easily upgrade the CPU in either the ALIX or Soekris boxes?

Thanks for your help
Chris
« Reply #1 on: June 10, 2008, 16:32:33 »
Fred Grayson *****
Posts: 994

 If you haven't already, look thru the m0nowall handbook, specifically section 2.5.

http://doc.m0n0.ch/handbook-single/

--
Google is your friend and Bob's your uncle.
« Reply #2 on: June 10, 2008, 16:37:09 »
BlueC *
Posts: 5

Thanks, that is useful in that it tells me that the Soekris 4xxx would be no good but I wasn't looking at those anyway. It doesn't mention the Soekris 55xx or the ALIX 2C3 which are both more powerful than the hardware that it does mention.

Anyone any idea what throughput I could expect with the 55xx or Alix 2C3. Or suggestions for a platform (preferably cheap, preferably embedded) that I could used for the full 100MBit?
« Reply #3 on: June 10, 2008, 21:51:53 »
ChainSaw
Guest

I don't think a net5501 will give you the performance you need.  I would look for something in the 1.8 mHz or better range.  Would also suggest you go with Intel NICs.

CS...
« Last Edit: June 10, 2008, 21:53:58 by ChainSaw »
« Reply #4 on: June 10, 2008, 22:19:27 »
BlueC *
Posts: 5

Thanks ChainSaw, from what I'm reading it looks like at very least a 1GHz chip is required and 1GB of RAM.

Think I'm gonna go for a bog standard dell poweredge r200 which has a 2.33GHz chip and throw 2GB of RAM at it.

As for NIC, that server comes with two onboard Broadcom chips which I guess could be troublesome. Think I may use the optional Intel® PRO 1000PT Dual Port PCIe... anyone know how well supported these are?

Thanks again
Chris
« Reply #5 on: June 10, 2008, 22:26:40 »
Fred Grayson *****
Posts: 994

Read up again on hardware requirements. You're wasting RAM.

--
Google is your friend and Bob's your uncle.
« Reply #6 on: June 10, 2008, 22:35:51 »
BlueC *
Posts: 5

Ahh thanks. My bad, I hadn't seen this:

"The stock m0n0wall images will not use more than 64 MB RAM under any circumstance. You can install as much memory as you like, but even with all features enabled and heavy loads, you will not exhaust 64 MB."
« Reply #7 on: June 10, 2008, 22:41:34 »
ChainSaw
Guest

not true.  I would go with 512 myself.

CS...
« Reply #8 on: June 10, 2008, 22:50:52 »
Fred Grayson *****
Posts: 994

If it's not true then the documentation should be fixed.



--
Google is your friend and Bob's your uncle.
« Reply #9 on: June 11, 2008, 10:19:27 »
ChainSaw
Guest

I could be wrong but I thought 1.3 required more than 64mb to run and upgrade properly.  I'm sure someone will be glad to correct me if I'm mistaken.  Smiley  Anyway, any Dell Poweredge server will already have at least 512 MB installed.  All of my 30+ embedded hardware m0n0walls are running either 128 or 256 MB and I'm not having any problems with performance or lockups.

CS...
« Reply #10 on: June 11, 2008, 13:44:04 »
BlueC *
Posts: 5

Thanks ChainsSaw.

I ended up buying the PowerEdge R200 - it is on offer at the moment for less than £300 so it compares favourably price-per-power wise to an embedded system.

As I don't trust the broadcom NICs I also bought the Intel 1000PT PCIe dual port NIC card which I believe will work with m0n0wall 1.3b but not with 1.2.

Looking forward to getting the kit and having a good play with m0n0 and pfsense... anything has got to be better than the damn firebox!

Cheers
Chris
« Last Edit: June 11, 2008, 13:46:04 by BlueC »
« Reply #11 on: June 15, 2008, 08:40:42 »
cmb *****
Posts: 851

What was quoted above re: 64 MB is absolutely true. You probably don't want to deploy anything new today with less than 128 MB just to make sure you have some room for future growth.

I wouldn't go with something as small as an ALIX or 5501 for an environment where you need sustained throughput > 50 Mbps for long periods of time. I would stick with a 1 GHz minimum.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines