Re: [pfSense] NIC support

[Jim Thompson]

Corrections inline. 

I blame beer. 

-- Jim

> On Oct 18, 2014, at 1:21 AM, Jim Thompson  wrote:
> 
> So,
> 
> The only people getting a google fiber connection *today* live in Provo, UT 
> or Kansas City. 
> 
> Google Funer

Fiber. 

> is being built out in Austin, but won't be available until early 2015.  My 
> neighborhood will get it in the second pass, but I have a Grande 1Gbps/1Gbps 
> connection to my house today, and Grande terminates in the data center next 
> to pfSense World HQ. (We have a 10Gbps fiber connection to our cabinet there.)
> 
> So I have a <10ms RTT 1Gbps path from home to work, today.  In the next 
> couple months, I'll have two. :-)
> 
> Neither pfSense or FreeBSD will forward at 1.488Mpps on a C2758 today, but 
> running the l3fwd app from DPDK on a 2

8

> core C2758 CPU fitted with a dual port 10Gbps card will run at 14.88Mpps. 

> 
> https://github.com/Pktgen/Pktgen-DPDK/tree/master/dpdk/examples/l3fwd
> 
> (And it's trivial to make 1.488 happen in the igb ports. Don't go there.)
> 
> A simple bridge over netmap will yield the same result. (With pkt-gen running 
> on either side.)
> 
> So the problem is not (as you assert) in the hardware, but rather, in the 
> FreeBSD (and, honestly Linux too) stack(s).
> 
> But I've already explained that we're working on it. 
> 
> -- Jim
> 
>> On Oct 17, 2014, at 5:54 PM, compdoc  wrote:
>> 
>> I wanted to add one more thing. Maybe this will help avoid future 
>> misunderstandings...
>>  
>> Ulrik Lunddahl asked:
>> > "Will A SMB without L3 capable switches, that needs routing between 3-4 
>> > local subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to 
>> > wirespeed as possible, be happy with a C2758. ?"
>>  
>> Now, I realize that the vast majority of users and businesses in the world 
>> don’t need a wirespeed router, and they have no idea what one is. Their 
>> internet connections just aren't fast enough to require one, and they don’t 
>> use them internally.
>>  
>> The fact that Ulrik was asking this question means that he not only knows 
>> what one is, but he has a specific requirement.
>>  
>> I've seen others asking this same question on IRC but with a different 
>> requirement: they were getting Google Fiber connections and they knew enough 
>> to want a server powerful enough to take full advantage of the connection. 
>> One guy I saw chose a system with fairly expensive dual Xeon cpus. I thought 
>> he was crazy.
>>  
>> Their questions made me curious, and I decided to see just which hardware I 
>> had on hand could reach gigabit line-rates. (pkt-gen measures this bandwidth 
>> as 714.23 Mbps (raw 999.92 Mbps), at 1.488Mpps)
>>  
>> I was surprised at the results. Nics connected to the PCI bus were dogs. 
>> Nics connected to the PCI-e bus were lots faster, and some could reach 
>> 1.488Mpps. Also, nics with 4 pci-e lanes were faster than nics with 1 pci-e 
>> lane.
>>  
>> Furthermore, I found that to forward packets at 1.488Mpps requires not only 
>> a fast NIC, but also a cpu that was capable of pushing traffic through that 
>> fast.
>>  
>> The only cpus I had on hand there were capable, was an Intel i5, and a newly 
>> released Amd Kaveri APU. (with Steamroller cores)
>>  
>> Anyway, Ulrik asked if he'd be happy with a C2758, and I had read on the 
>> BSD-RP site that the C2758 board they were testing wasn’t capable of 
>> 1.488Mpps. It was about half that, even though it had Intel based nics.
>>  
>> And while that’s still blazing fast, I felt it might not be fast enough for 
>> the knowledgeable people asking these questions.
>>  
>> It would be a shame for anyone to buy something so expensive and expecting 
>> certain results, and not getting them.
>>  
>> Even a cheap 5 port gigabit switch can forward traffic at 1.488Mpps, so if 
>> the devices sold by pfSense and elsewhere are capable of full wirespeed, 
>> then those devices would be an excellent buy.
>>  
>> More so, because of the tuned software and support they'd be getting along 
>> with it.
>>  
>> compdoc
>>  
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Jim Thompson]

So,

The only people getting a google fiber connection *today* live in Provo, UT or 
Kansas City. 

Google Funer is being built out in Austin, but won't be available until early 
2015.  My neighborhood will get it in the second pass, but I have a Grande 
1Gbps/1Gbps connection to my house today, and Grande terminates in the data 
center next to pfSense World HQ. (We have a 10Gbps fiber connection to our 
cabinet there.)

So I have a <10ms RTT 1Gbps path from home to work, today.  In the next couple 
months, I'll have two. :-)

Neither pfSense or FreeBSD will forward at 1.488Mpps on a C2758 today, but 
running the l3fwd app from DPDK on a 2 core C2758 CPU fitted with a dual port 
10Gbps card will run at 14.88Mpps. 

https://github.com/Pktgen/Pktgen-DPDK/tree/master/dpdk/examples/l3fwd

(And it's trivial to make 1.488 happen in the igb ports. Don't go there.)

A simple bridge over netmap will yield the same result. (With pkt-gen running 
on either side.)

So the problem is not (as you assert) in the hardware, but rather, in the 
FreeBSD (and, honestly Linux too) stack(s).

But I've already explained that we're working on it. 

-- Jim

> On Oct 17, 2014, at 5:54 PM, compdoc  wrote:
> 
> I wanted to add one more thing. Maybe this will help avoid future 
> misunderstandings...
>  
> Ulrik Lunddahl asked:
> > "Will A SMB without L3 capable switches, that needs routing between 3-4 
> > local subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to 
> > wirespeed as possible, be happy with a C2758. ?"
>  
> Now, I realize that the vast majority of users and businesses in the world 
> don’t need a wirespeed router, and they have no idea what one is. Their 
> internet connections just aren't fast enough to require one, and they don’t 
> use them internally.
>  
> The fact that Ulrik was asking this question means that he not only knows 
> what one is, but he has a specific requirement.
>  
> I've seen others asking this same question on IRC but with a different 
> requirement: they were getting Google Fiber connections and they knew enough 
> to want a server powerful enough to take full advantage of the connection. 
> One guy I saw chose a system with fairly expensive dual Xeon cpus. I thought 
> he was crazy.
>  
> Their questions made me curious, and I decided to see just which hardware I 
> had on hand could reach gigabit line-rates. (pkt-gen measures this bandwidth 
> as 714.23 Mbps (raw 999.92 Mbps), at 1.488Mpps)
>  
> I was surprised at the results. Nics connected to the PCI bus were dogs. Nics 
> connected to the PCI-e bus were lots faster, and some could reach 1.488Mpps. 
> Also, nics with 4 pci-e lanes were faster than nics with 1 pci-e lane.
>  
> Furthermore, I found that to forward packets at 1.488Mpps requires not only a 
> fast NIC, but also a cpu that was capable of pushing traffic through that 
> fast.
>  
> The only cpus I had on hand there were capable, was an Intel i5, and a newly 
> released Amd Kaveri APU. (with Steamroller cores)
>  
> Anyway, Ulrik asked if he'd be happy with a C2758, and I had read on the 
> BSD-RP site that the C2758 board they were testing wasn’t capable of 
> 1.488Mpps. It was about half that, even though it had Intel based nics.
>  
> And while that’s still blazing fast, I felt it might not be fast enough for 
> the knowledgeable people asking these questions.
>  
> It would be a shame for anyone to buy something so expensive and expecting 
> certain results, and not getting them.
>  
> Even a cheap 5 port gigabit switch can forward traffic at 1.488Mpps, so if 
> the devices sold by pfSense and elsewhere are capable of full wirespeed, then 
> those devices would be an excellent buy.
>  
> More so, because of the tuned software and support they'd be getting along 
> with it.
>  
> compdoc
>  
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[compdoc]

I wanted to add one more thing. Maybe this will help avoid future 
misunderstandings...

 

Ulrik Lunddahl asked:

> "Will A SMB without L3 capable switches, that needs routing between 3-4 local 
> subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to wirespeed as 
> possible, be happy with a C2758. ?"

 

Now, I realize that the vast majority of users and businesses in the world 
don’t need a wirespeed router, and they have no idea what one is. Their 
internet connections just aren't fast enough to require one, and they don’t use 
them internally.

 

The fact that Ulrik was asking this question means that he not only knows what 
one is, but he has a specific requirement. 

 

I've seen others asking this same question on IRC but with a different 
requirement: they were getting Google Fiber connections and they knew enough to 
want a server powerful enough to take full advantage of the connection. One guy 
I saw chose a system with fairly expensive dual Xeon cpus. I thought he was 
crazy.

 

Their questions made me curious, and I decided to see just which hardware I had 
on hand could reach gigabit line-rates. (pkt-gen measures this bandwidth as 
714.23 Mbps (raw 999.92 Mbps), at 1.488Mpps)

 

I was surprised at the results. Nics connected to the PCI bus were dogs. Nics 
connected to the PCI-e bus were lots faster, and some could reach 1.488Mpps. 
Also, nics with 4 pci-e lanes were faster than nics with 1 pci-e lane.

 

Furthermore, I found that to forward packets at 1.488Mpps requires not only a 
fast NIC, but also a cpu that was capable of pushing traffic through that fast. 

 

The only cpus I had on hand there were capable, was an Intel i5, and a newly 
released Amd Kaveri APU. (with Steamroller cores)

 

Anyway, Ulrik asked if he'd be happy with a C2758, and I had read on the BSD-RP 
site that the C2758 board they were testing wasn’t capable of 1.488Mpps. It was 
about half that, even though it had Intel based nics. 

 

And while that’s still blazing fast, I felt it might not be fast enough for the 
knowledgeable people asking these questions. 

 

It would be a shame for anyone to buy something so expensive and expecting 
certain results, and not getting them. 

 

Even a cheap 5 port gigabit switch can forward traffic at 1.488Mpps, so if the 
devices sold by pfSense and elsewhere are capable of full wirespeed, then those 
devices would be an excellent buy. 

 

More so, because of the tuned software and support they'd be getting along with 
it.

 

compdoc

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Jim Thompson]

> On Oct 16, 2014, at 12:45 PM, compdoc  wrote:
> 
> > do you realize who  you’re arguing with compdoc?  
>  
> Yeah, I'm arguing with a guy that not only attacked me for suggesting a 
> person be careful about buying certain hardware, he also attacked the work of 
> Olivier from BSDRP.
> 

I never attacked Olivier.  I have a ton of respect both for him and BSDRP.

Jim

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[compdoc]

> do you realize who  you’re arguing with compdoc?  

 

Yeah, I'm arguing with a guy that not only attacked me for suggesting a person 
be careful about buying certain hardware, he also attacked the work of Olivier 
from BSDRP.

 

 

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Jim Thompson]

> On Oct 16, 2014, at 11:14 AM, compdoc  wrote:
> 
> > The difference between Olivier's setup and ours (assuming pfsense 2.1.1+), 
> > is tuning
>  
> The only way to prove what you say is with numbers. Tuning pfSense won't fix 
> this hardware problem, *if* it exists in your boards.

Your assumption (that there is a hardware problem) is unwarranted.   The 
problem is that FreeBSD (especially FreeBSD 8.3, upon which the current 
“release” version
of pfSense software (v2.1.5) is based), is not well-tuned to multi-core 
hardware.   We took certain steps to fix the problem (as well as it can be 
fixed on 8.3) and are working
to improve the situation for both FreeBSD and pfSense.  (FreeBSD 10 is better 
than 8.3, but, as Olivier also discovered, imperfect.)

There is a lot of work to do in this area, including enabling RSS (for 
forwarding, there is recent work for reception in FreeBSD -HEAD), thread 
pinning,
additional work on a per-core copy of the state table, more work on flow-table, 
etc.

It’s all roughly planned, and the subject of some discussion while I have all 
the pfSense coreteam in Austin this week to discuss this, and what we’re going 
to do
after the 2.2 release of pfSense.
 
> >> As I said in my original post, I'm know the C2758 is capable according to 
> >> its specs, however buyer beware...
> > 
> >Again with the insult and denigration.  
>  
> Is it an insult that I think Intel's cpu is capable? Or is it that I suggest 
> a person be cautious when buying these products? 

Is your position that you are unaware of the meaning of “Caveat emptor”, and 
it’s history in both English common law and statutory law in all 50 United 
States?
(Apologies to readers outside the US, but OP is based in Denver, CO, so the 
point stands.)

You might wish to perform an Internet search for “buyer beware” and see the 
type of thing that comes up, and then reconsider my reaction in light of same.

You may also wish to review "Laidlaw v. Organ, 15 U.S. 178 (1817)” if you still 
don’t know what I’m talking about.
Your noisy attempts at persuasion of the consumer base actually require the 
vendor (that’s me) to respond.
(Never mind the whole “silence is assent” attitude that many hold.)

You gave some results of some tests you performed on an AMD A8-7600 and an 
i5-2400.   I asked for additional details, and you refused to provide any.

You asserted that pfSense crashes under load.  (You reported that this “was 
tested by someone else”)   I asked for details, and you refused to provide any.

You asserted that BSDRP is a “tool to test hardware”.   You stated that it “has 
very little overhead and runs on freebsd.”

The reality is that BSDRP is a slightly customized distribution of FreeBSD, it 
doesn’t “run on FreeBSD”, it *is* FreeBSD, as packaged by Olivier to suit his
purposes at Orange.   This is a good thing.   That you’ve repurposed it to 
“test your hardware” is also fine, but your assertion that BSDRP is “a tool to 
test hardware”
is still false.

Many people use screwdrivers as levers.  This doesn’t mean that their usage is 
correct, nor does it make “a screwdriver is a tool to open paint cans” true.

> > Do you own a C2758?
>  
> Have you actually bothered to read anything I've said in this conversation?
>  
> It's time to end this nonsense. Prove what you say, or shut up. 

Fair warning:  Being rude will eventually get you removed from the list.

Published numbers are forthcoming, as soon as we’re ready to make the results 
public.   I’ve already exposed the tools we’re using, and some of the 
improvements we’ve seen.
There  is a long history in the project of people making-up benchmark numbers 
to suit their agenda.  There is also a long history in the project of people 
posting ‘fixes’ for various 
issues, including performance issues, where these ‘fixes’ have nothing to do 
with the actual issue.

The number of times I’ve seen recommendations to "sysctl -w 
kern.ipc.maxsockbuf=” or to set the TCP/UDP default buffer sizes, 
or set window scaling in an attempt
to increase forwarding performance through ‘pf' makes me cringe.  (recent 
reference:  https://forum.pfsense.org/index.php?topic=71949.0)

There are a number of things currently in pfSense that do not lend to absolute 
performance.   mbuf tags and ALTQ are two examples.  ALTQ is about a 10% impact 
on PPS performance.
mbuf tags are the work of the devil.   FreeBSD’s penchant for looking up the 
ARP entry for every single packet (even though it just looked up the ARP entry 
for the last packet, which was to the same destination) is also a problem.   
There are some great results from Luigi Rizzo (actual author of the pkt-gen 
tool) on putting ipfw (the competing packet filter in FreeBSD) over netmap, 
reaching 7-10Mpps.   We will explore pf over netmap (again, after we get 
pfSense 2.2 released), and hope for similar results.

The point is, we’re focused on it (especially after we get pfSense 2.2 
released, such that work we do on pfSense can be ta

Re: [pfSense] NIC support

[Andy Holzrichter]

I mostly lurk on this mailing list for the informative discussions, and while 
this thead is amusing to follow, do you realize who  you’re arguing with 
compdoc?   Have you looked at the last part of his email address?   If Jim 
tells us his version of that hardware will do it, I’ll take his word for it 
barring someone having real proof otherwise.   Maybe you need to get one of his 
boards and run some real tests on it, then report back to the list with what 
you found.

From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of compdoc
Sent: Thursday, October 16, 2014 11:15 AM
To: 'pfSense Support and Discussion Mailing List'
Subject: Re: [pfSense] NIC support

> The difference between Olivier's setup and ours (assuming pfsense 2.1.1+), is 
> tuning

The only way to prove what you say is with numbers. Tuning pfSense won't fix 
this hardware problem, *if* it exists in your boards.


>> As I said in my original post, I'm know the C2758 is capable according to 
>> its specs, however buyer beware...
>
>Again with the insult and denigration.

Is it an insult that I think Intel's cpu is capable? Or is it that I suggest a 
person be cautious when buying these products?


>That you are "concerned" is understandable, but also immaterial,
>as it is clear from this thread that your understanding of the issues,
>tools(!), terms of art and resolutions is limited.
>...
> Here, you perform an act commonly known as "I read it on the Internet" (so it 
> must be true.)

This is a much better example of "insult and denigration". You don’t know me, 
my methods, or my thinking.


> Do you own a C2758?

Have you actually bothered to read anything I've said in this conversation?

It's time to end this nonsense. Prove what you say, or shut up.



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[compdoc]

> The difference between Olivier's setup and ours (assuming pfsense 2.1.1+), is 
> tuning

 

The only way to prove what you say is with numbers. Tuning pfSense won't fix 
this hardware problem, *if* it exists in your boards.

 

 

>> As I said in my original post, I'm know the C2758 is capable according to 
>> its specs, however buyer beware...

> 

>Again with the insult and denigration.  

 

Is it an insult that I think Intel's cpu is capable? Or is it that I suggest a 
person be cautious when buying these products? 

 

 

>That you are "concerned" is understandable, but also immaterial, 

>as it is clear from this thread that your understanding of the issues, 

>tools(!), terms of art and resolutions is limited.  

>...

> Here, you perform an act commonly known as "I read it on the Internet" (so it 
> must be true.)

 

This is a much better example of "insult and denigration". You don’t know me, 
my methods, or my thinking. 

 

 

> Do you own a C2758?

 

Have you actually bothered to read anything I've said in this conversation?

 

It's time to end this nonsense. Prove what you say, or shut up. 

 

 

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Jim Thompson]

> On Oct 16, 2014, at 2:06 AM, compdoc  wrote:
> 
> > I am well-aware of Olivier’s work in this area, as are many in the FreeBSD 
> > community.
> > There is no proof, except that which is documented and reproducible.  We're 
> > doing something like science here. 
>  
> Hmm, proof. Well, maybe a scientist like yourself can appreciate my concern 
> over this direct quote from the BSD Router Project, of which you are so 
> well-aware:
>  
> "Intel Rangeley: Atom C2758 (8 cores) at 2.4GHz"
> "Embedded Intel i354 4-port gigabit Ethernet"
> "8Gb of RAM"
> "Debugging slow throughput in progress…"
> "With the default value of igb(4) drivers that use all 8 cores, this system 
> is not able to received more than 585Kpps (far from the gigabit line-rate 
> 1.488Mpps) on one port ?!?!"
> "Last modified: 2014/03/13 20:16 by olivier"
> 

As I said before, I am aware of Olivier's work.  That you are "concerned" is 
understandable, but also immaterial, as it is clear from this thread that your 
understanding of the issues, tools(!), terms of art and resolutions is limited. 
 

The concern I have is not your lack of understanding. We all lack knowledge. 
It's what comes next that marks the difference between progress and the "crabs 
in a bucket" mentality that often impedes progress. 

Here, you perform an act commonly known as "I read it on the Internet" (so it 
must be true.)

The difference between Olivier's setup and ours (assuming pfsense 2.1.1+), is 
tuning.  It's well-understood that the default install isn't optimal.  We 
addressed this earlier in the year.

Since then we've been concentrating more on a proper test infrastructure, 
(Conductor), support for AES-GCM mode for IPSec, (with support for AES-NI 
acceleration), and measuring the performance of "pf" with the on-chip 
performance counters. 

The first result of the pf performance work is an improved (at least 9% faster 
with 95% confidence) hash function for pf. 

A second result (not yet available in pfSense as it requires work from FreeBSD 
-HEAD) yields another 25% improvement compared to the stock pf in 10.0/10.1. 

Work continues. 

> As I said in my original post, I'm know the C2758 is capable according to its 
> specs, however buyer beware...

Again with the insult and denigration.  Do you own a C2758?


Jim___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[compdoc]

> I am well-aware of Olivier’s work in this area, as are many in the FreeBSD 
> community.

> There is no proof, except that which is documented and reproducible.  We're 
> doing something like science here. 

 

Hmm, proof. Well, maybe a scientist like yourself can appreciate my concern 
over this direct quote from the BSD Router Project, of which you are so 
well-aware:

 

"Intel Rangeley: Atom C2758 (8 cores) at 2.4GHz"

"Embedded Intel i354 4-port gigabit Ethernet"

"8Gb of RAM"

"Debugging slow throughput in progress…"

"With the default value of igb(4) drivers that use all 8 cores, this system is 
not able to received more than 585Kpps (far from the gigabit line-rate 
1.488Mpps) on one port ?!?!"

"Last modified: 2014/03/13 20:16 by olivier"

 

 

As I said in my original post, I'm know the C2758 is capable according to its 
specs, however buyer beware...

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Jim Thompson]

> On Oct 15, 2014, at 5:01 PM, compdoc  wrote:
> 
> > I am well-aware of Olivier’s work in this area, as are many in the FreeBSD 
> > community.
>  
> You’ve failed to disprove anything I've said, even the part about tools.


I'm not going to argue with an individual who defines terms to suit his 
position. 
>  
> > You’re still assigning fault to pfSense
>  
> Not at all.

I see.  "It crashes!", but no detail forthcoming. 

> But it would be nice if any of this pleasant banter becomes useful by pushing 
> someone to actually try this type of testing, to find out why it happens. And 
> if not, oh well...

We're not quite ready to publish the results, (because we want people to be 
able to reproduce them, and maybe put an end to this "benchmarking as a 
sport"), but yes, the testing is certainly taking place. 

> By the way, does the C2758  hardware sold by pfSense include pps performance 
> information? Has anyone with this hardware tested it? (speaking to others who 
> might be reading this)
>  
> You suggest it can operate at near 'wirespeed', or at least that the OP will 
> be very happy with a C2758 , but you’ve not proven it.

There is no proof, except that which is documented and reproducible.  We're 
doing something like science here. 

Jim

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[compdoc]

> I am well-aware of Olivier’s work in this area, as are many in the FreeBSD 
> community.

 

You’ve failed to disprove anything I've said, even the part about tools. 

 

 

> You’re still assigning fault to pfSense

 

Not at all. But it would be nice if any of this pleasant banter becomes useful 
by pushing someone to actually try this type of testing, to find out why it 
happens. And if not, oh well...

 

By the way, does the C2758  hardware sold by pfSense include pps performance 
information? Has anyone with this hardware tested it? (speaking to others who 
might be reading this)

 

You suggest it can operate at near 'wirespeed', or at least that the OP will be 
very happy with a C2758 , but you’ve not proven it. 

 

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Jim Thompson]

> On Oct 15, 2014, at 4:06 PM, compdoc  wrote:
> 
> > There has been some testing using BSDRP, but it is not "a tool to test 
> > hardware".
>  
> I used it as a tool to benchmark my hardware. There are several examples on 
> their website of using it for just that purpose.

I am well-aware of Olivier’s work in this area, as are many in the FreeBSD 
community.
 
> >You were testing forwarding, by the look of it.   This is not all there is 
> >to routing.
>  
> The testing results I posted were pure packets per second without forwarding. 
> I also tested forwarding but did not post the results, and I mentioned that.

So this (“pure packets per second without forwarding”) reduces to just “testing 
netmap”.

> >>However, I will mention one thing: if you try to route 1.488M packets per 
> >>second through the 'generic' pfSense, it will crash after a minute or so.
> > 
> >That's an interesting result.  We've not seen it. 
>  
> These crashes happened during a forwarding test using pfSense. I disabled 
> packet filtering to try to lessen overhead, but it doesn’t seem that pfSense 
> is designed to push a great flood of very tiny packets for any length of 
> time, in one interface and out another. 
>  
> And I don’t fault it for that. For normal types of traffic, it’s a very 
> capable firewall. It would be interesting to know your results.

You’re still assigning fault to pfSense, haven’t properly documented what 
you’re seeing (thus your assertion that this is pfSense, rather than something 
in your hardware or in
the testing environment) is not well-supported) and haven’t even answered my 
questions asking for more detail.

I am also well-aware of the performance issues with pf.   We’re working on it.  
You may have missed the blog post yesterday (https://blog.pfsense.org/?p=1473 
).

Jim___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[compdoc]

> There has been some testing using BSDRP, but it is not "a tool to test 
> hardware".

 

I used it as a tool to benchmark my hardware. There are several examples on 
their website of using it for just that purpose.

 

It also a tool to build simple routers. It has very little overhead and runs on 
freebsd, which made it interesting. 

 

It is a tool.

 

 

>You were testing forwarding, by the look of it.   This is not all there is to 
>routing.

 

The testing results I posted were pure packets per second without forwarding. I 
also tested forwarding but did not post the results, and I mentioned that.

 

 

>>However, I will mention one thing: if you try to route 1.488M packets per 
>>second through the 'generic' pfSense, it will crash after a minute or so.

> 

>That's an interesting result.  We've not seen it. 

 

These crashes happened during a forwarding test using pfSense. I disabled 
packet filtering to try to lessen overhead, but it doesn’t seem that pfSense is 
designed to push a great flood of very tiny packets for any length of time, in 
one interface and out another. 

 

And I don’t fault it for that. For normal types of traffic, it’s a very capable 
firewall. It would be interesting to know your results.

 

 

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Jim Thompson]

-- Jim
> On Oct 15, 2014, at 10:06 AM, compdoc  wrote:
> 
> > When I speak of the C2758, I speak of the product sold at the pfSense store,
> > as sold by the pfSense store, not the generic pfsense release running on 
> > "some
> >brand of board@.
>  
> I was speaking of a C2758 board that was tested by someone else, and which 
> wasn’t able to reach Ethernet's maximum throughput. Clearly not all C2758 
> boards are the same. Buyer beware.
>  
> If you have tests results that prove the product you mentioned doesn’t have 
> this problem, feel free to post them. I'd love to see.
>  
>  
> > You seem confused. 
>  
> Not at all. You seem defensive.
>  
>  
> >- this list is about pfsense, not the BSDRP
>  
> Never said it was. BSDRP is a tool to test hardware.

Actually it's not.  Olivier uses it in his work at Orange. 
There has been some testing using BSDRP, but it is not "a tool to test 
hardware".

> If the hardware cannot achieve maximum throughput, then pfSense cannot 
> achieve maximum throughput.

This is a true statement but it ignores the reality that software also plays a 
part. 

> > Pkt-gen does not test routing.  What tests did you run?
>  
> Here's a clue:  BSD *Router* Project. I doubt you’ve done this sort of 
> testing, so I'm not going to spoil this learning opportunity for you...

You seem defensive.

You were testing forwarding, by the look of it.   This is not all there is to 
routing.  I will not further ecludiate because you are obviously an expert. 

While you "doubt" we "have done this sort of testing" you should look at: 
https://github.com/gvnn3/conductor

Quoting README

   [...]
A common use for Conductor is to test a network devices, such as a router or 
firewall, that is connected to multiple senders and receivers.  Each of the 
senders, receivers, and the device under test
(DUT) are a Player, and another system is designated as the Conductor.

[...]
 
This work supported by: Rubicon Communications, LLC (Netgate)
Conductor uses pkt-gen or iperf, though our preference going forward is 
pit-gen. Recent additions to pkt-gen include playback of pcap files, for more 
repeatable testing.  It's also important to be able to test multiple senders 
and receivers.  I will not further ecludiate because you are an expert. 

> However, I will mention one thing: if you try to route 1.488M packets per 
> second through the 'generic' pfSense, it will crash after a minute or so. 
> (and that's not a criticism of pfSense)

That's an interesting result.  We've not seen it. 
Which particular hardware were you using?
Which version of pfsense?
Any tunables?
What switches to pkt-gen?

>  
> >I don't see where a C2758 is tested. 
>  
> I clearly stated what I was testing and how. You seem confused. The OP was 
> asking what hardware might serve his purpose. I offered suggestions.
>  
> You're welcome to prove anything I've said was wrong - but with actual test 
> results, and without the misplaced rancor.
>  
> Also, it's better to reply to the list, and not send emails directly to me.
>  
>  
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[compdoc]

> When I speak of the C2758, I speak of the product sold at the pfSense store, 

> as sold by the pfSense store, not the generic pfsense release running on 
> "some 

>brand of board@.

 

I was speaking of a C2758 board that was tested by someone else, and which 
wasn’t able to reach Ethernet's maximum throughput. Clearly not all C2758 
boards are the same. Buyer beware. 

 

If you have tests results that prove the product you mentioned doesn’t have 
this problem, feel free to post them. I'd love to see.

 

 

> You seem confused. 

 

Not at all. You seem defensive.

 

 

>- this list is about pfsense, not the BSDRP

 

Never said it was. BSDRP is a tool to test hardware. If the hardware cannot 
achieve maximum throughput, then pfSense cannot achieve maximum throughput.

 

 

> Pkt-gen does not test routing.  What tests did you run?

 

Here's a clue:  BSD *Router* Project. I doubt you’ve done this sort of testing, 
so I'm not going to spoil this learning opportunity for you...

 

However, I will mention one thing: if you try to route 1.488M packets per 
second through the 'generic' pfSense, it will crash after a minute or so. (and 
that's not a criticism of pfSense)

 

 

>I don't see where a C2758 is tested. 

 

I clearly stated what I was testing and how. You seem confused. The OP was 
asking what hardware might serve his purpose. I offered suggestions. 

 

You're welcome to prove anything I've said was wrong - but with actual test 
results, and without the misplaced rancor. 

 

Also, it's better to reply to the list, and not send emails directly to me.

 

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Jim Thompson]

> On Oct 14, 2014, at 5:15 PM, compdoc  wrote:
> 
> >as close to wirespeed as possible, be happy with a C2758. ?
> > 
> >Very
>  
>  
> That C2758 has nice specs and should be able to keep up, however there seems 
> to be a throughput problem on at least one brand of board running the C2758.

When I speak of the C2758, I speak of the product sold at the pfSense store, as 
sold by the pfSense store, not the generic pfsense release running on "some 
brand of board@.

> (I think it’s more a problem with the nics than the cpu)

You seem confused. 

> I recently tested various nics and cpus to see if the systems I was building 
> could reach Gigabit Ethernet's max throughput of  1.488Mpps on one port

Please show your work.  Which pkt-gen switches are in use?

> Tests were run on AMD FM1+ and AM1 APUs, an FX-4100, and an Intel i5-2400 
> Sandy Bridge.
None of these is the system in question.  They don't even run the same cpu. 

> Tests used the BSD Router Project (BSDRP) OS, and a program named 'pkt-gen'.

- I am quite familiar with pkt-gen.  

- this list is about pfsense, not the BSDRP

> During routing tests, I found that an AMD A8-7600 Kaveri was the only cpu I 
> had that was equal in performance to the Intel i5-2400. (the routing tests 
> involved a 3rd test machine, and aren't covered in the scores below)

Pkt-gen does not test routing.  What tests did you run?

> Anyway, I hope you find this helpful...

I don't see where a C2758 is tested. 

> In these tests, I used the two fastest test machines connected to each other. 
> One sends, and one receives:
>  
> Realtek  8169sc 32-bit PCI card
> 266935 pps (283752 pkts in 1063001 usec)
> Speed: 267.19 Kpps Bandwidth: 128.25 Mbps (raw 179.55 Mbps)
>  
> Realtek RTL8111DL, Onboard
> 405708 pps (406113 pkts in 1000998 usec)
> Speed: 404.78 Kpps Bandwidth: 194.29 Mbps (raw 272.01 Mbps)
>  
> Intel pro 1000 32-bit PCI card
> 307102 pps (307586 pkts in 1001577 usec)
> Speed: 276.49 Kpps Bandwidth: 132.72 Mbps (raw 185.80 Mbps)
>  
> Intel Pro 1000, x1 PCI-e card (no heatsink)
> 1367299 pps (1453440 pkts in 1063001 usec)
> Speed: 1.36 Mpps Bandwidth: 654.85 Mbps (raw 916.79 Mbps)
>  
> Intel Pro 1000, x1 PCI-e card, server version (with heatsink)
> 1488012 pps (1490981 pkts in 1001995 usec)
> Speed: 1.49 Mpps Bandwidth: 714.23 Mbps (raw 999.92 Mbps)
>  
> Intel PRO/1000 PT, Dual Port, 4x PCI-e, Server Adapter  (with heatsink)
> 1488012 pps (1490981 pkts in 1001995 usec)
> Speed: 1.49 Mpps Bandwidth: 714.23 Mbps (raw 999.92 Mbps)
>  
>  
> ***
>  
> These tests were using the lowest TDP(watt) APUs I had.

APUs?   I thought we were talking C2758. 

> The Intel server nics were the fastest nics tested, and used the least cpu 
> time, so I used those in these tests:
>  
> AMD 5150 quad core APU @ 1.6GHz
> Intel PRO/1000 PT, Dual Port, 4x PCI-e, Server Adapter  (with heatsink)
> 1179367 pps (1180530 pkts in 1000986 usec)
> Speed: 1.17 Mpps Bandwidth: 562.85 Mbps (raw 787.99 Mbps)

AMD CPU.  NON-identified NIC. 

> AMD 5350 quad core APU @ 2GHz
> Intel PRO/1000 PT, Dual Port, 4x PCI-e, Server Adapter  (with heatsink)
> 1488106 pps (1489615 pkts in 1001014 usec)
> Speed: 1.48 Mpps Bandwidth: 709.33 Mbps (raw 993.07 Mbps)

AMD CPU.  NON-identified NIC.

> AMD 5350 quad APU @ 2GHz
> Onboard RTL8111/8168B PCI Express Gigabit Ethernet controller
> 560938 pps (561565 pkts in 1001117 usec)
> Speed: 558.35 Kpps Bandwidth: 268.01 Mbps (raw 375.21 Mbps)

AMD CPU.  NON-identified NIC.

> AMD A4-6300 dual core APU @ 3.7GHz
> Intel PRO/1000 PT, Dual Port, 4x PCI-e, Server Adapter  (with heatsink)
> 1129784 pps (1130961 pkts in 1001042 usec)
> Speed: 1.09 Mpps Bandwidth: 521.00 Mbps (raw 729.39 Mbps

AMD CPU.  NON-identified NIC. 

Now the track has been completely lost. 

Jim

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Chris L]

On Oct 15, 2014, at 12:59 AM, Ulrik Lunddahl  wrote:

> Will A SMB without L3 capable switches, that needs routing between 3-4 local 
> subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to wirespeed as 
> possible, be happy with a C2758. ?
>  
> Very.  
>  
> Is a dual socket Xeon a bit faster? Yes.  
> Does your application need that speed? Unlikely. 
> 
> Really depends on what you mean by "wirespeed". 
>  
> The case I always seem to run into is Clients on the LAN, moving a bulk 
> amount of data to/from NAS devices on the SERVER or DMZ subnet, that is 
> typically backup data or data that are somewhat being replicated.
>  
> I work a lot with companies dealing in media, and RAW images and/or video is 
> very huge, and devices to store it on is dead cheap.
>  
> I also work a lot with virtual environments; backup and replication of 
> virtual machines also generate huge files, which need to be transferred as 
> fast as possible.
>  
> So having a hardware router that can both handle internet access from the 
> many LAN clients, and hours of forwarding at interface speed between a few 
> other interfaces is what I would like.
>  
> Let’s say that we have a Intel Rangeley Atom 8-core C2758 box with 5 
> interfaces. (WAN, LAN, SERVERS, OPT1, OPT2)
>  
> Will it be able to handle forwarding the packets generated from copying 
> approx. 1 TB of files from LAN to SERVERS and OPT1 to OPT2, and services 50 
> computers + 50 phones with heavy internet usage.
>  
> NAT only, very few rules. ?
>  
> I ask because I have no idea how powerful the new Atom’s is.
> 

My first thoughts are:

What is the threat profile you are facing in your organization?  Why do you 
need a firewall between your users and your NAS?

I, personally, would not put pfSense in that duty.  If firewalling was not 
necessary, I’d use a layer 3 switch.  And with only 100 devices plus a few 
servers, I’d wonder why layer 2 wouldn’t suffice.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Ulrik Lunddahl]

Will A SMB without L3 capable switches, that needs routing between 3-4 local 
subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to wirespeed as 
possible, be happy with a C2758. ?

Very.

Is a dual socket Xeon a bit faster? Yes.
Does your application need that speed? Unlikely.

Really depends on what you mean by "wirespeed".

The case I always seem to run into is Clients on the LAN, moving a bulk amount 
of data to/from NAS devices on the SERVER or DMZ subnet, that is typically 
backup data or data that are somewhat being replicated.

I work a lot with companies dealing in media, and RAW images and/or video is 
very huge, and devices to store it on is dead cheap.

I also work a lot with virtual environments; backup and replication of virtual 
machines also generate huge files, which need to be transferred as fast as 
possible.

So having a hardware router that can both handle internet access from the many 
LAN clients, and hours of forwarding at interface speed between a few other 
interfaces is what I would like.

Let’s say that we have a Intel Rangeley Atom 8-core C2758 box with 5 
interfaces. (WAN, LAN, SERVERS, OPT1, OPT2)

Will it be able to handle forwarding the packets generated from copying approx. 
1 TB of files from LAN to SERVERS and OPT1 to OPT2, and services 50 computers + 
50 phones with heavy internet usage.

NAT only, very few rules. ?

I ask because I have no idea how powerful the new Atom’s is.


- Ulrik Lunddahl




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[compdoc]

>as close to wirespeed as possible, be happy with a C2758. ?

> 

>Very

 

 

That C2758 has nice specs and should be able to keep up, however there seems to 
be a throughput problem on at least one brand of board running the C2758. (I 
think it’s more a problem with the nics than the cpu) 

 

I recently tested various nics and cpus to see if the systems I was building 
could reach Gigabit Ethernet's max throughput of  1.488Mpps on one port.

 

Tests were run on AMD FM1+ and AM1 APUs, an FX-4100, and an Intel i5-2400 Sandy 
Bridge. Tests used the BSD Router Project (BSDRP) OS, and a program named 
'pkt-gen'.

 

During routing tests, I found that an AMD A8-7600 Kaveri was the only cpu I had 
that was equal in performance to the Intel i5-2400. (the routing tests involved 
a 3rd test machine, and aren't covered in the scores below)

 

Anyway, I hope you find this helpful...

 

 

In these tests, I used the two fastest test machines connected to each other. 
One sends, and one receives: 

 

Realtek  8169sc 32-bit PCI card

266935 pps (283752 pkts in 1063001 usec)

Speed: 267.19 Kpps Bandwidth: 128.25 Mbps (raw 179.55 Mbps)

 

Realtek RTL8111DL, Onboard

405708 pps (406113 pkts in 1000998 usec)

Speed: 404.78 Kpps Bandwidth: 194.29 Mbps (raw 272.01 Mbps)

 

Intel pro 1000 32-bit PCI card

307102 pps (307586 pkts in 1001577 usec)

Speed: 276.49 Kpps Bandwidth: 132.72 Mbps (raw 185.80 Mbps)

 

Intel Pro 1000, x1 PCI-e card (no heatsink)

1367299 pps (1453440 pkts in 1063001 usec)

Speed: 1.36 Mpps Bandwidth: 654.85 Mbps (raw 916.79 Mbps)

 

Intel Pro 1000, x1 PCI-e card, server version (with heatsink)

1488012 pps (1490981 pkts in 1001995 usec)

Speed: 1.49 Mpps Bandwidth: 714.23 Mbps (raw 999.92 Mbps)

 

Intel PRO/1000 PT, Dual Port, 4x PCI-e, Server Adapter  (with heatsink)

1488012 pps (1490981 pkts in 1001995 usec)

Speed: 1.49 Mpps Bandwidth: 714.23 Mbps (raw 999.92 Mbps)

 

 

***

 

These tests were using the lowest TDP(watt) APUs I had.

The Intel server nics were the fastest nics tested, and used the least cpu 
time, so I used those in these tests:

 

AMD 5150 quad core APU @ 1.6GHz

Intel PRO/1000 PT, Dual Port, 4x PCI-e, Server Adapter  (with heatsink)

1179367 pps (1180530 pkts in 1000986 usec)

Speed: 1.17 Mpps Bandwidth: 562.85 Mbps (raw 787.99 Mbps)

 

AMD 5350 quad core APU @ 2GHz 

Intel PRO/1000 PT, Dual Port, 4x PCI-e, Server Adapter  (with heatsink)

1488106 pps (1489615 pkts in 1001014 usec)

Speed: 1.48 Mpps Bandwidth: 709.33 Mbps (raw 993.07 Mbps)

 

AMD 5350 quad APU @ 2GHz 

Onboard RTL8111/8168B PCI Express Gigabit Ethernet controller

560938 pps (561565 pkts in 1001117 usec)

Speed: 558.35 Kpps Bandwidth: 268.01 Mbps (raw 375.21 Mbps)

 

AMD A4-6300 dual core APU @ 3.7GHz

Intel PRO/1000 PT, Dual Port, 4x PCI-e, Server Adapter  (with heatsink)

1129784 pps (1130961 pkts in 1001042 usec)

Speed: 1.09 Mpps Bandwidth: 521.00 Mbps (raw 729.39 Mbps)

 

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Jim Thompson]

> Will A SMB without L3 capable switches, that needs routing between 3-4 local 
> subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to wirespeed as 
> possible, be happy with a C2758. ?


Very.  

Is a dual socket Xeon a bit faster? Yes.  
Does your application need that speed? Unlikely. 

Really depends on what you mean by "wirespeed". 

-- Jim

On Oct 14, 2014, at 2:48 AM, Ulrik Lunddahl  wrote:

>> In general HP servers work really well with FreeBSD.
> 
>> When you say "looking" are you in possession of one and need to make it 
>> work, or are you about to buy one?  Is there some specific requirement about 
>> that hardware that makes you want to get it over anything else?
> 
>> I personally have found that the C2758 sold by both netgate and pfsense 
>> directly to be a spectacularly capable device and it is fairly priced and 
>> includes support. I would recommend that based on what you've described 
>> above unless there's some other special need you have.
> 
> I know that:
> 
> "- Blistering fast Intel® AtomT Rangeley C2758 8 core SoC   This is not your 
> father's Atom!"
> 
> Probably is a beast compared to what we normally expect form the Atom range, 
> but to compare it with an up to date Dual Xeon Platform is just not going to 
> make a lot of sense.
> 
> Hardware quality on the two boxes is also almost incomparable, both are 
> general-purpose platforms, but from different ends of the scale.
> 
> Will A SMB without L3 capable switches, that needs routing between 3-4 local 
> subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to wirespeed as 
> possible, be happy with a C2758. ?
> 
> 
> Med venlig hilsen, Best regards
> Ulrik Lunddahl
> 
> Sales Manager - Salgschef
> PROconsult Data A/S - Landbrugsvej 2 - 5260  Odense S
> Tel: +45 6311 - Tel dir: +45 63113341 - Mobil: +45 26363341
> E-mail: u...@proconsult.dk - Web site: www.proconsult.dk
> 
> 
> 
> VSP - Infrastructure Optimization Solutions + VSP - Business Continuity
> VTSP - VMware Infrastructure Virtualization + vExpert - 2009, 2010, 2012
> VMSP - Veeam Sales Professional + VMTSP - Veeam Technical Sales Professional
> 
> 
> 
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Ulrik Lunddahl]

> In general HP servers work really well with FreeBSD.

> When you say "looking" are you in possession of one and need to make it work, 
> or are you about to buy one?  Is there some specific requirement about that 
> hardware that makes you want to get it over anything else?

> I personally have found that the C2758 sold by both netgate and pfsense 
> directly to be a spectacularly capable device and it is fairly priced and 
> includes support. I would recommend that based on what you've described above 
> unless there's some other special need you have.

I know that:

"- Blistering fast Intel® AtomT Rangeley C2758 8 core SoC   This is not your 
father's Atom!"

Probably is a beast compared to what we normally expect form the Atom range, 
but to compare it with an up to date Dual Xeon Platform is just not going to 
make a lot of sense.

Hardware quality on the two boxes is also almost incomparable, both are 
general-purpose platforms, but from different ends of the scale.

Will A SMB without L3 capable switches, that needs routing between 3-4 local 
subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to wirespeed as 
possible, be happy with a C2758. ?


Med venlig hilsen, Best regards
Ulrik Lunddahl

Sales Manager - Salgschef
PROconsult Data A/S - Landbrugsvej 2 - 5260  Odense S
Tel: +45 6311 - Tel dir: +45 63113341 - Mobil: +45 26363341
E-mail: u...@proconsult.dk - Web site: www.proconsult.dk

    

VSP - Infrastructure Optimization Solutions + VSP - Business Continuity
VTSP - VMware Infrastructure Virtualization + vExpert - 2009, 2010, 2012
VMSP - Veeam Sales Professional + VMTSP - Veeam Technical Sales Professional




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Vick Khera]

On Mon, Oct 13, 2014 at 1:50 PM, Ryan Clough  wrote:
> Thanks for your quick reply, Vick. By "looking", I mean I have not yet
> purchased one but have a quote from our supplier. I have looked at the C2758
> but one of my requirements is RAID1. Also, I am not comfortable deploying an
> SSD that will be running Squid. This router needs to have the capability to
> run for years with minimal maintenance. We are planning to deploy this as
> part of one of our products. Thanks again for your help.

Based on this page
http://blog.hostileadmin.com/2012/06/14/freebsd-on-hp-proliant-dl360p-g8-servers/
I'd say look for something else, unless the two Intel NICs are
sufficient. Further investigation
 shows
BCM5720 is not supported until 8.4 and 9.2. Given pfSense is 8.3 you
will have two NICs that are unusable.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Ryan Clough]

Thanks for your quick reply, Vick. By "looking", I mean I have not yet
purchased one but have a quote from our supplier. I have looked at the
C2758 but one of my requirements is RAID1. Also, I am not comfortable
deploying an SSD that will be running Squid. This router needs to have the
capability to run for years with minimal maintenance. We are planning to
deploy this as part of one of our products. Thanks again for your help.

Ryan Clough
Information Systems
Decision Sciences International Corporation



On Mon, Oct 13, 2014 at 10:39 AM, Vick Khera  wrote:

> On Mon, Oct 13, 2014 at 1:17 PM, Ryan Clough  wrote:
> > I am looking at the HP ProLiant DL320e Gen8 v2 and having trouble
> > determining whether or not the hardware is supported by pfSense
> > 2.1.5-RELEASE. I found this
> > thread(https://forum.pfsense.org/index.php?topic=71523.0
> >
> > ) and it seems like I am going to have trouble with drivers. Here are the
> > three hardware components that concern me:
>
> In general HP servers work really well with FreeBSD.
>
> When you say "looking" are you in possession of one and need to make
> it work, or are you about to buy one?  Is there some specific
> requirement about that hardware that makes you want to get it over
> anything else?
>
> I personally have found that the C2758 sold by both netgate and
> pfsense directly to be a spectacularly capable device and it is fairly
> priced and includes support. I would recommend that based on what
> you've described above unless there's some other special need you
> have.
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>

-- 
This email and its contents are confidential. If you are not the intended 
recipient, please do not disclose or use the information within this email 
or its attachments. If you have received this email in error, please report 
the error to the sender by return email and delete this communication from 
your records.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NIC support

[Vick Khera]

On Mon, Oct 13, 2014 at 1:17 PM, Ryan Clough  wrote:
> I am looking at the HP ProLiant DL320e Gen8 v2 and having trouble
> determining whether or not the hardware is supported by pfSense
> 2.1.5-RELEASE. I found this
> thread(https://forum.pfsense.org/index.php?topic=71523.0
>
> ) and it seems like I am going to have trouble with drivers. Here are the
> three hardware components that concern me:

In general HP servers work really well with FreeBSD.

When you say "looking" are you in possession of one and need to make
it work, or are you about to buy one?  Is there some specific
requirement about that hardware that makes you want to get it over
anything else?

I personally have found that the C2758 sold by both netgate and
pfsense directly to be a spectacularly capable device and it is fairly
priced and includes support. I would recommend that based on what
you've described above unless there's some other special need you
have.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] NIC support

[Ryan Clough]

I am looking at the HP ProLiant DL320e Gen8 v2 and having trouble
determining whether or not the hardware is supported by pfSense
2.1.5-RELEASE. I found this thread(
https://forum.pfsense.org/index.php?topic=71523.0) and it seems like I am
going to have trouble with drivers. Here are the three hardware components
that concern me:

HP B120i on-board SATA controller
HP 332i on-board 2-port NIC (Broadcom BCM5720 chipset)
HP 361T PCIe 2-port NIC (Intel I350 chipset)

Can anyone confirm or deny this hardware's compatibility? Anyone out there
running on a Gen8 v2? I do not have the option to run pfSense in a virtual
environment.

Thanks,
Ryan

-- 
This email and its contents are confidential. If you are not the intended 
recipient, please do not disclose or use the information within this email 
or its attachments. If you have received this email in error, please report 
the error to the sender by return email and delete this communication from 
your records.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list