OPNsense Forum

English Forums => Hardware and Performance => Topic started by: vigilian on February 15, 2018, 09:40:35 pm

Title: new to opnsens - need hardware advices
Post by: vigilian on February 15, 2018, 09:40:35 pm
Hi,

I'm new to the concept and use of pfsense - opnsense.
So I would like to be prepare for my futur e FFTH and not being bottleneck on my opnsense project.

I would like to build a box myself.
So I've read some documentation, maybe not enough but I'm trying,s o don't hesitate to point out to me some good ones.

I'm hesitating for the CPU for example, between a xeon E3 and a i7-6700k.
Don't know what's better. Is the ECC capabilities relevant in any kind of usecase in opnsense?
I've read here that the i7 were better than the xeon on the AES capabilities.  Is that still true? https://community.ubnt.com/t5/EdgeMAX/EdgeRouter-4-ER-4-now-available/m-p/2139533/highlight/true#M185779  (https://community.ubnt.com/t5/EdgeMAX/EdgeRouter-4-ER-4-now-available/m-p/2139533/highlight/true#M185779)
Plus, I've seen that most of the distributor of appliance for pfsense and opnsense were using i7 more than xeon. In counterpart, the video from LinusTechtips from 2 or 3 years ago, about building the pfsense box, they were using a xeon for that build log.... So what should I take? And based on which argument?

for the motherboard I was thinking about an industrial asrock mb with kvm support?
for the case, I really don't know which one to take. I've read the thread from the guy who was building his own with that : https://www.supermicro.com/products/chassis/1U/512/SC512F-441B . Is that any good? I need one from 1U or 2U but with the dimension to put it in a rack network cabinet which I have. So It's smaller in length than a server cabinet. any recommandation?

Is it possible also to have other things installed than opnsense? Like a hypervisor like kvm-qemu to do some virtualization at the same time or is it not recommanded?

Which addon card for AES maybe or other things? I know that I need top consider buying some good intel NIC but I'm sure there are some thing else?

Thanks in advance for all your answers.
Best regards.
Title: Re: new to opnsens - need hardware advices
Post by: vigilian on February 16, 2018, 08:14:39 pm
did I say something wrong that nobody have any advice since you've answered tothe post of nitro which was something similar?

EDIT: is Atom better now ? more cores more power? or is it the frequency by core which is best?
Title: Re: new to opnsens - need hardware advices
Post by: Newbiewifi on February 16, 2018, 10:56:23 pm
It depends on what kind of needs you have and what is your budget.

I would prefer ECC memory because it is better but again what are your needs.

Opnsense is great and if you have set up computers, worked with frebsd and routers, then you'll find it simple.
Obviously there are advance options if you want complex and custom routing options as well as others like DNS servers etc..

Title: Re: new to opnsens - need hardware advices
Post by: vigilian on February 17, 2018, 12:45:10 pm
So as I said, the purpose will be to, obviously, not be bottlenecked by the firewall and so have a 1Gbps connection throughput from FTTH and the LAN.
do some vlans, isolated vlans,vpns, ... thinks like that
And maybe some small virtualization platform but as I said, I don't know if on top of opnsense we have the possibility to install that?

So, I need to know which cpu would be the best and I need a clear answer on that, as I said every appliances provider of opnsense and pfsense are using i7-6700 or those kinds. Practically never a Xeon e3. And in the video of Linus tech tips is using a xeon e3. Those 2 kind of processors are basically same price so it's clearly not a budget matter. So it has to be related on performance. From what I've understand, the number of cores upper than 4 is irrelevant if you don't do more vpn link that it's number of virtual cores. So I guess it's related to the max frequency? And for what I've seen, as I said it already, the i7 are more powerfull on the AES decryption than the xeon counterpart. So is there anything else to consider? which kind of instructions sets or architecture point of view the xeon are better than the i7 in this case?

And okey, you prefer ECC than, but why? I guess you are not running a ZFS host on your opnsense box so you don't need for a verification of bit by bit of your storage? I don't know if modern routers or firewall boxes have ECC memory in it, and I would not see why they would have, they do need a fast access I/O memory no? Since the fatest the better in this case to treat the fatest possible every single packets? Or am I missing something?
Please enlight me because I'm really clueless in this case.

And for services like DNS and other things I would in any case have redundancies on the network, so yes i could at some point run some services on it but it would be a redundancies from somewhere else for sure.

Title: Re: new to opnsens - need hardware advices
Post by: vigilian on February 17, 2018, 01:14:10 pm
For the needs I don't know really what to answer to that. It will ultimately be a firewall box + a routing one behind my ubiquiti routers to isolate some parts of the network through isolated vlans, like one vlan for wifi AP link to it, some vlan for some servers and devbox who does need to be isolated from the LAN but not totally(like some precise ports to precise ip), things like that. It won't be something hybrid like a wifi ap in itself.
Tell me which other information do you need to help me.