Re: [pfSense] PFSense for high-bandwith environments

2016-02-24 Thread Vick Khera
On Tue, Feb 23, 2016 at 9:01 PM, Jim Thompson wrote: > Fun fact, this ’Netflix’ success is using the AES-GCM code that Netgate > co-developed with the FreeBSD Foundation for use with IPsec. > > https://lists.freebsd.org/pipermail/freebsd-security/2014-November/008029.html > > >

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread Jim Thompson
> On Feb 23, 2016, at 9:43 PM, WebDawg wrote: > > Man I was looking at the price point on used 10Gbit nics and I think it is > time for a bit of an upgrade. 10Gbit Ethernet will be so common in three years, a 1Gbps interface will be only used for management interfaces.

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread Jim Thompson
-- Jim > On Feb 23, 2016, at 9:38 PM, David Burgess wrote: > >> On Feb 23, 2016 7:01 PM, "Jim Thompson" wrote: >> >> perhaps you have a different definition of ‘wire speed’. You have to > fill the link with min-sized packets for “wire speed”. >> (It’s

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread WebDawg
On Thu, Feb 18, 2016 at 11:29 AM, Rainer Duffner wrote: > >> Am 18.02.2016 um 19:13 schrieb Walter Parker : >> >> There is an optimization coming for pfsense. There is a new user space >> routing daemon. netmap I think, that can reach line rate on 10G

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread Jim Thompson
> On Feb 23, 2016, at 7:47 PM, Walter Parker wrote: > > On Tue, Feb 23, 2016 at 3:19 PM, Giles Davis wrote: > >> On 19/02/2016 17:12, David Burgess wrote: >>> I'm a little surprised at your experience. A few years ago I built a >>> PFSense unit with

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread Walter Parker
On Tue, Feb 23, 2016 at 3:19 PM, Giles Davis wrote: > On 19/02/2016 17:12, David Burgess wrote: > > I'm a little surprised at your experience. A few years ago I built a > > PFSense unit with an Intel motherboard, 1st gen Core i3 CPU, and a > > single onboard Intel (em) GBE

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread Giles Davis
On 19/02/2016 17:12, David Burgess wrote: > I'm a little surprised at your experience. A few years ago I built a > PFSense unit with an Intel motherboard, 1st gen Core i3 CPU, and a > single onboard Intel (em) GBE NIC. All routing was done through vlans > and it had no trouble reaching wire speed

Re: [pfSense] PFSense for high-bandwith environments

2016-02-19 Thread David Burgess
On Thu, Feb 18, 2016 at 10:26 AM, Giles Davis wrote: > > > Using Intel E3-1270s and Intel 10G NICs (forget the exact model, but > they use the BSD ix driver) we start seeing packet loss and a general > maximum throughput at around 1-1.2Gbit. Our 'solution' so far of just >

Re: [pfSense] PFSense for high-bandwith environments

2016-02-19 Thread ED Fochler
Don’t assume that this is upper bound, but I get 800 MB/s on my Myricom card and 600MB/s on my chelsio card, both on standard ethernet frame size, so dominantly 1500 byte packets. I’m using these for data transfer, so I’m measuring in MB not Mb. The switch you’re connecting to also matters.

Re: [pfSense] PFSense for high-bandwith environments

2016-02-19 Thread Giles Davis
On 19/02/2016 16:19, ED Fochler wrote: > My experience has been that intel nics are bad in the 10G space, especially > under BSD. I’ve had good luck with Myricom and Chelsio on BSD, though I > haven’t used either specifically on PFSense. > > >> >> Also, AFAIK, chelsio NICs are better in the 10G

Re: [pfSense] PFSense for high-bandwith environments

2016-02-19 Thread ED Fochler
My experience has been that intel nics are bad in the 10G space, especially under BSD. I’ve had good luck with Myricom and Chelsio on BSD, though I haven’t used either specifically on PFSense. > On 2016, Feb 18, at 1:29 PM, Rainer Duffner wrote: > > >> Am 18.02.2016

Re: [pfSense] PFSense for high-bandwith environments

2016-02-18 Thread Rainer Duffner
> Am 18.02.2016 um 19:13 schrieb Walter Parker : > > There is an optimization coming for pfsense. There is a new user space > routing daemon. netmap I think, that can reach line rate on 10G NICs (14.88 > Mpps). There was a BSDCon that talked about a future version of pfsense >

Re: [pfSense] PFSense for high-bandwith environments

2016-02-18 Thread Walter Parker
There is an optimization coming for pfsense. There is a new user space routing daemon. netmap I think, that can reach line rate on 10G NICs (14.88 Mpps). There was a BSDCon that talked about a future version of pfsense using this system. It uses ipfw, so there a bit a work to adapt it to pfsense.

Re: [pfSense] PFSense for high-bandwith environments

2016-02-18 Thread compdoc
> Using Intel E3-1270s and Intel 10G Nics I can't point to a specific setup, but something to look at... Your xeon is a sandy bridge with a max transfer rate of 5 GT/s, which is very nice but the new Skylake cpus are 8 GT/s. Also, there's always a possibility of equipment failure/setup

[pfSense] PFSense for high-bandwith environments

2016-02-18 Thread Giles Davis
Hello PFSense Collective, At the risk of sounding slightly 'cheap', does anyone (else) on this list have experience of 'good combinations' of hardware for PFSense appliances that will handle high-traffic levels and comments on reasonable max-levels of throughput to expect from it? We've been