Please note that next pfsense will not install hardware that is not supporting aes-ni?
Eero On Thu, Feb 15, 2018 at 6:37 PM, Kyle Marek <pspps...@gmail.com> wrote: > This board does round-up gigabit (something like 976 Mb/s) in both > directions on all 4 interfaces: https://www.amazon.com/dp/B00XNR4HE2/ > > The key for me here was the interrupt coalescence of these particular > Intel NICs. A very similar board with Broadcom NICs that lacked this > feature maxed out the interrupt handler's CPU usage on Linux when > surpassing the forwarding of a single 1 Gb/s stream (1 Gb/s in on one > interface; 1 Gb/s out on another). > > A potential downside is no AES-NI, which will affect any AES-utilizing > VPNs that you need to operate at gigabit speeds. I have no benchmarks at > the moment but can measure if this is necessary for you. > > On 02/15/2018 09:14 AM, Michael Munger wrote: > > TL; DR. > > > > On 1Gbps downloads, our pfSense firewalls are performing poorly with > > speed tests of ~400Mbps. It's either pfSense configs (not likely) or the > > hardware (more likely). I do not want to buy a commercial box. For our > > corporate network, we use HP DL360s, so zero problem there.I need > > something that is the size of a router, but can do 1Gbps with pfSense. > > > > Who's got working configs / hardware combos that do 1Gbps easily? > > > > Background. > > > > I've been using Alix boards (APU1D4 as of late). The problem is: these > > boards seem to top out at 400Mbps download. I have several clients who > > have gigabit fiber connections, and they have been complaining to the > > ISP that their service is slow. When they connect to the modem directly, > > they get 1G download. When they go through the pfSense firewall we put > > together using these Alix boards from PC engines, it drops to ~400Mbps. > > > > There are several competing "router boards" (Microtik and the like), but > > I have zero experience with them, I don't know if they will run pfSense > > or if they will do the speed. The Alix + pfSense combo has been GREAT > > for many years. If I change to something else, I don't want to go > > through growing pains since I figure this is a solved problem, and > > someone on this list knows / has a recommendation. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
