"
Hello OPNsense community,
I am in the planning stages for a new, powerful router/firewall build intended for a lab environment that will eventually handle significant traffic, including multiple site-to-site IPsec tunnels, IDS/IPS (Suricata), and potentially a high number of concurrent states.
I have the opportunity to use a decommissioned server board with a Xeon 36 Core 2.4GHz processor. While I understand this is extreme overkill for a typical home setup, I'm interested in the technical considerations for OPNsense and FreeBSD.
My specific questions are:
Core Utilization & Affinity: With a CPU of this scale (36 cores / 72 threads), how effectively can OPNsense/FreeBSD distribute workloads like Suricata inspection, IPsec encryption/decryption, and the kernel's packet forwarding across so many cores? Is manual tuning with sysctl and setting process affinity for services like Suricata absolutely essential to avoid thread contention and cache misses, or will the scheduler handle it reasonably well?
Power Efficiency vs. Idle States: I'm concerned about power consumption. A CPU with this many cores likely doesn't idle as efficiently as a modern, low-core-count Xeon E or Intel Core series. Has anyone run OPNsense on similar high-core-count server hardware and found success with aggressive C-state configuration in the BIOS to manage power draw during low-traffic periods?
Hardware Compatibility: Are there any known issues or special driver requirements for the integrated NICs or other components commonly found on server boards (e.g., from Supermicro or Dell) that I should verify before committing to this hardware? I plan to use a dedicated, supported Intel NIC.
Performance Ceiling: In practical terms, at what point (e.g., number of gigabit tunnels, Suricata ruleset size, or states per second) would a CPU with this core count but a moderate 2.4GHz clock speed actually begin to show a significant advantage over a modern 8-core CPU with a much higher clock speed for a router's primary duties?
Thank you for sharing your expertise and any experience with similarly oversized hardware for OPNsense.
I am in the planning stages for a new, powerful router/firewall build intended for a lab environment that will eventually handle significant traffic, including multiple site-to-site IPsec tunnels, IDS/IPS (Suricata), and potentially a high number of concurrent states.
I have the opportunity to use a decommissioned server board with a Xeon 36 Core 2.4GHz processor. While I understand this is extreme overkill for a typical home setup, I'm interested in the technical considerations for OPNsense and FreeBSD.
My specific questions are:
Core Utilization & Affinity: With a CPU of this scale (36 cores / 72 threads), how effectively can OPNsense/FreeBSD distribute workloads like Suricata inspection, IPsec encryption/decryption, and the kernel's packet forwarding across so many cores? Is manual tuning with sysctl and setting process affinity for services like Suricata absolutely essential to avoid thread contention and cache misses, or will the scheduler handle it reasonably well?
Power Efficiency vs. Idle States: I'm concerned about power consumption. A CPU with this many cores likely doesn't idle as efficiently as a modern, low-core-count Xeon E or Intel Core series. Has anyone run OPNsense on similar high-core-count server hardware and found success with aggressive C-state configuration in the BIOS to manage power draw during low-traffic periods?
Hardware Compatibility: Are there any known issues or special driver requirements for the integrated NICs or other components commonly found on server boards (e.g., from Supermicro or Dell) that I should verify before committing to this hardware? I plan to use a dedicated, supported Intel NIC.
Performance Ceiling: In practical terms, at what point (e.g., number of gigabit tunnels, Suricata ruleset size, or states per second) would a CPU with this core count but a moderate 2.4GHz clock speed actually begin to show a significant advantage over a modern 8-core CPU with a much higher clock speed for a router's primary duties?
Thank you for sharing your expertise and any experience with similarly oversized hardware for OPNsense.
