On Tue, Mar 28, 2017 at 11:50 AM, Matthew Hall <[email protected]> wrote:
> On Tue, Mar 28, 2017 at 09:59:05AM +0300, Eero Volotinen wrote: > > Hi List, > > > > Looking for pfsense hardware that can handle 1000M/1000M internet > > connection with NAT. > > > > Any recommendations? It must be silent.. > > > > -- > > Eero > > This model can do gigabit with line-rate 64-byte packets: > > https://store.pfsense.org/SG-2440/ > > If you don't need line-rate it's possible with some other units. > > Can you provide more specifics on the traffic mix? > Can you run line-rate 1gbps (1.488Mpps, 64 byte packets) using kernel-bypass networking, (DPDK, netmap, etc) sure. It's even easy. Can you do this using kernel networking (freebsd, linux, whatever)? No. No f-ing way. You can do 1gbps the easy way (1500 byte frames at around 88,000 fps) on a 2C Rangeley, but not the hard way. This is why "3.0" has support for kernel-bypass networking. It's a whole new architecture, designed to take advantage of the types of acceleration that are possible if you get away from the packet-at-a-time forwarding inherent in the kernel-based stacks in both FreeBSD and linux. To directly answer the question: I run a 4860 at home on a 1g/1g connection. I happen to live in the right neighborhood in Austin that FTTH at 1gbps is $65/mo. They didn't offer anything faster than 300Mbps (for $199/mo) before Google came to town. (Thanks, Google Fiber.) When Google Fiber does the buildout in my neighborhood, I'll probably have both. Technically a 2440 or even 2220 will handle 1gbps traffic, but I run a constant on IPsec connection to work, and the increased clockrate (2.4GHz .vs 1.7GHz) of the 4860 .vs the 2440/2220 is worth it for IPsec. If your timeframe is later this year, we tweeted this last week: https://twitter.com/NetgateUSA/status/840225916550807552 https://twitter.com/NetgateUSA/status/841331131270221825 A few more details here: https://www.reddit.com/r/PFSENSE/comments/61ging/why_is_the_sg2220_hardware_so_expensive/dfeox4c/ As I stated in that Reddit thread, the unit in that tweet is 2C C3338, I'll likely spec it as a 4C when it ships. With pfSense 2.x on it, it will more than do the job. With 3.0, it won't even get warm. And yes, perfectly silent. We have other (ARM-based) hardware coming that will likely meet the same performance as a C3338. Dual WAN, 4 port switch on LAN, optional POE support, and a bunch of other goodies (multiple m.2 sockets for LTE/802.11/SSD, miniPCIe, on-board antennas, etc.) There is a roadmap beyond these, but I'm not going to expose it here. Jim _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
