1
16.7 Legacy Series / Current x86 hardware and performance
« on: March 28, 2016, 12:43:10 pm »
Hello,
looking at current specification of OPNSense appliances the hardware is rather inexpensive.
e.g.: OPNsense Quad Core Gen3 10GB SSD (OPN19008R) has one Intel® Xeon™ E3-1275V3 3.5Ghz Quad Core, 8GB RAM and should handle up to 3 million sessions, 18 Gbit/s firewall throughput, 1.5 million PPS
(No Xeon E5 or E7, only 1 single CPU,...)
I currently have two 6 year old Fortigate firewalls (which reach 100% CPU each) with: uplink of ~800 Mbit/s, downlink 300Mbit/s, 120000 sessions, ~6000 connected clients, Intrusion Prevention enabled for incoming traffic towards our servers
Looking at the mentioned OPNSense appliance, that unit should have no problem for our situation? Well, for firewall only situation. But what about IPS (Snort/Surricata). What performance can I expect?
Also, we use HP server. And a similar hardware as the OPNSense appliance above would be the DL20 series which is rather new and uses updated chipsets:
So I´d buy:
2x HPE ProLiant DL20 Gen9 E3-1240v5 each with:
- Intel® C232 Chipset
- Intel Xeon E3-1240v5 3.5Ghz
- 2x 16GB RAM
- 1x HP Ethernet 1Gb 4-port 366T Adapter with Intel i350 chipset
- 1x HP Ethernet 10Gb 2-port 560SFP+ Adapter with Intel 82599 chipset
- 5 year 24x7x4 hours HPE carepack
Are those new chipsets already supported by FreeBSD / OPNSense? What about IPS throughput. What can I expect? Do you have any experience?
looking at current specification of OPNSense appliances the hardware is rather inexpensive.
e.g.: OPNsense Quad Core Gen3 10GB SSD (OPN19008R) has one Intel® Xeon™ E3-1275V3 3.5Ghz Quad Core, 8GB RAM and should handle up to 3 million sessions, 18 Gbit/s firewall throughput, 1.5 million PPS
(No Xeon E5 or E7, only 1 single CPU,...)
I currently have two 6 year old Fortigate firewalls (which reach 100% CPU each) with: uplink of ~800 Mbit/s, downlink 300Mbit/s, 120000 sessions, ~6000 connected clients, Intrusion Prevention enabled for incoming traffic towards our servers
Looking at the mentioned OPNSense appliance, that unit should have no problem for our situation? Well, for firewall only situation. But what about IPS (Snort/Surricata). What performance can I expect?
Also, we use HP server. And a similar hardware as the OPNSense appliance above would be the DL20 series which is rather new and uses updated chipsets:
So I´d buy:
2x HPE ProLiant DL20 Gen9 E3-1240v5 each with:
- Intel® C232 Chipset
- Intel Xeon E3-1240v5 3.5Ghz
- 2x 16GB RAM
- 1x HP Ethernet 1Gb 4-port 366T Adapter with Intel i350 chipset
- 1x HP Ethernet 10Gb 2-port 560SFP+ Adapter with Intel 82599 chipset
- 5 year 24x7x4 hours HPE carepack
Are those new chipsets already supported by FreeBSD / OPNSense? What about IPS throughput. What can I expect? Do you have any experience?