Well. Next version of pfsense (2.5) will not install into hardware that does not support AES-NI, so buying such hardware is not wise ?
Eero On Thu, Feb 15, 2018 at 7:01 PM, Kyle Marek <pspps...@gmail.com> wrote: > I have not had such an issue. Using 2.4.2 with System Information widget > saying "AES-NI CPU Crypto: No". > > On 02/15/2018 11:55 AM, Eero Volotinen wrote: > > Please note that next pfsense will not install hardware that is not > > supporting aes-ni? > > > > Eero > > > > On Thu, Feb 15, 2018 at 6:37 PM, Kyle Marek <pspps...@gmail.com> wrote: > > > >> This board does round-up gigabit (something like 976 Mb/s) in both > >> directions on all 4 interfaces: https://www.amazon.com/dp/B00XNR4HE2/ > >> > >> The key for me here was the interrupt coalescence of these particular > >> Intel NICs. A very similar board with Broadcom NICs that lacked this > >> feature maxed out the interrupt handler's CPU usage on Linux when > >> surpassing the forwarding of a single 1 Gb/s stream (1 Gb/s in on one > >> interface; 1 Gb/s out on another). > >> > >> A potential downside is no AES-NI, which will affect any AES-utilizing > >> VPNs that you need to operate at gigabit speeds. I have no benchmarks at > >> the moment but can measure if this is necessary for you. > >> > >> On 02/15/2018 09:14 AM, Michael Munger wrote: > >>> TL; DR. > >>> > >>> On 1Gbps downloads, our pfSense firewalls are performing poorly with > >>> speed tests of ~400Mbps. It's either pfSense configs (not likely) or > the > >>> hardware (more likely). I do not want to buy a commercial box. For our > >>> corporate network, we use HP DL360s, so zero problem there.I need > >>> something that is the size of a router, but can do 1Gbps with pfSense. > >>> > >>> Who's got working configs / hardware combos that do 1Gbps easily? > >>> > >>> Background. > >>> > >>> I've been using Alix boards (APU1D4 as of late). The problem is: these > >>> boards seem to top out at 400Mbps download. I have several clients who > >>> have gigabit fiber connections, and they have been complaining to the > >>> ISP that their service is slow. When they connect to the modem > directly, > >>> they get 1G download. When they go through the pfSense firewall we put > >>> together using these Alix boards from PC engines, it drops to ~400Mbps. > >>> > >>> There are several competing "router boards" (Microtik and the like), > but > >>> I have zero experience with them, I don't know if they will run pfSense > >>> or if they will do the speed. The Alix + pfSense combo has been GREAT > >>> for many years. If I change to something else, I don't want to go > >>> through growing pains since I figure this is a solved problem, and > >>> someone on this list knows / has a recommendation. > >> _______________________________________________ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold