Hello PFSense Collective, At the risk of sounding slightly 'cheap', does anyone (else) on this list have experience of 'good combinations' of hardware for PFSense appliances that will handle high-traffic levels and comments on reasonable max-levels of throughput to expect from it?
We've been using PFSense for quite some time for large events and these days are pushing up to 4Gbit/sec to the internet via our PFSense boxes, to 2-3k clients - with expectation of bigger events in the reasonably near future. Using Intel E3-1270s and Intel 10G NICs (forget the exact model, but they use the BSD ix driver) we start seeing packet loss and a general maximum throughput at around 1-1.2Gbit. Our 'solution' so far of just adding more appliances and splitting the load really won't scale forever, so if anyone has any suggestions of 'better hardware' or BSD optimizations that would let us push more through a single appliances, i'd love to hear it. We've got a reasonable set of BSD networking tweaks and optimizations that certainly help, but we still can't manage to push more than our little-over-a-gigabit maximum before things start wobbling. We're not asking a huge amount of traffic inspection from our envrironment (used to do a fair bit of traffic shaping, but have managed to provide sufficient bandwidth to meet natural demand for a while now) - but historically PFSense has been a great appliance to have in the network for firewalling and monitoring. Thanks in advance for any suggestions and thanks to the maintainers for such a great firewall implementation. :) Cheers, Giles. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
