On Fri, Dec 5, 2008 at 06:52, Tim Korves <[EMAIL PROTECTED]> wrote: > we're searching for a reliable hardware basis to use as a pfSense firewall > with a maximum concurrent throughput of 6 Gigabits / second.
Four questions to start: - If 6Gbps is the peak, what do you expect the sustained throughput to be? - Is 6Gbps unidirectional or duplex? - How many peak/sustained states do you expect? - What kind of functionality are you expecting to use (firewall only, captive portal, bridging, etc.) As long as you are "just" firewalling, your throughput will be more dependent on your bus speeds than anything; *BSD is pretty efficient at shuffling packets. > - 2x Intel Xeon QuadCore Processors Probably overkill if you aren't proxying, using the portal, or doing lots of load-balancing/multiwan. > - 4 or 8 GB of RAM Dependent on the number of concurrent states you expect. There's a good bit of historical traffic on the list explaining how to size your memory for the number of states you expect; future versions (2.0) will attempt to auto-tune that for you. > - QuadPort Intel Pro 1000 Ethernet NICs (PCIe x4) I've not found the Quads to be particularly cost-effective on port density: seeing ~$150 for dual-port and ~$400 for quads. Unless your PCI-E slots are at a premium, you're probably better off spreading your ports across more buses (lanes). That said, remember a single PCI-E lane can /theoretically/ handle 2Gbps duplex. If you intend to use LACP or EtherChannel, remember that 2.0-ALPHA is the only release that has a GUI configurator for that. > - RAID 1 of SAS or SATA HDDs via 3Ware RAID Controller HDD choice is going to be really insignificant unless you're doing enormous amounts of logging. Spend as little as you can while getting the highest reliability you can (high MTBF); I personally wouldn't spend over the RAID card that typically comes with server setups, even if it'll only do 0 & 1. My ideal pfSense system would have an externally-accessible CF slot for the base OS and use the drive buses only if I need logging. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
