Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
Hardware Recommendation for 1Gbps Throughput (WAN)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Hardware Recommendation for 1Gbps Throughput (WAN) (Read 7683 times)
rfeng33
Newbie
Posts: 12
Karma: 0
Hardware Recommendation for 1Gbps Throughput (WAN)
«
on:
September 19, 2020, 02:32:38 pm »
Hello,
I'm currently utilizing a Mikrotik CCR1009 and on small packets I only get about 450 - 500Mbps throughput, which hashes up with the specs they provide. I'm getting ready to upgrade from cable to FTTH on a 1Gbps/500Mbps plan. I'm looking to make the move to OPNSense. I currently utilize a VPN (L2TP w/IPSEC) to send some traffic through (my MKT acts as a client to connect to the VPN Provider). If I make the jump to OPNSense I'll likely switch to Wireguard. Here is my desired functionality and a bit about my current setup:
LAN -- 10Gbps connection to my aggregation switch (Juniper EX4200)
VLANS -- 4 VLANS currently, I could see 6 VLANS at most.
Some Policy Based routing
Firewall
To do this with OPNSense, what type of hardware on the processor should I be looking at? I want to be able to bounc at least 4 - 5Gbps through the LAN side and see full wire speed throughput on small packets from LAN to WAN out through the FTTH connection. I would like to run IPS/IDS as well, which is something I can't really do with my Mikrotik currently. The only other thing I'd be adding is a Wireguard Road Warrior setup for when I'm on the road. I plan to get 2 of the same machines and use CARP for redundancy between them. Ideally I'd like to spend no more than about 500 - 600 US on the hardware.
I was thinking/Looking at something like this (with an add-on PCI-E 10Gbps SFP+ card)
https://www.ebay.com/itm/SuperMicro-1U-customizable-Server-W-X9SCI-LN4F-E3-1270-V1-V2-8GB-32GB-DDR3/383421314359
I'd plan on 16GB of RAM and the E31270-V2.
Would this hardware meet my needs, or is it too underpowered?
TYIA!
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: Hardware Recommendation for 1Gbps Throughput (WAN)
«
Reply #1 on:
September 19, 2020, 04:56:02 pm »
Looks like a powerful machine.
Please search the forum for more details or alternatives, there are tons of recommendations made in similar threads lately.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: Hardware Recommendation for 1Gbps Throughput (WAN)
«
Reply #2 on:
September 19, 2020, 05:22:40 pm »
As mentioned by banym
System which you linked is most likely more than sufficent enough for what you want.
If possible, ask the seller to test if it runs OpnSense (some systems aren't compatible).
Basically any PC with Dual or Quad core CPU and at least 4gb RAM could suffice for your needs.
Throughput isn't same as internet speed, it is calculated amount of data which needs to be processed (in lame terms means how many different computers in different VLANs are downloading and uploading stuff at the same time)
Internet speed depends on your ISP, Network card, cable type and cable length on ethernet connections and signal strength, frequency and Radio channel used by wifi adapters on wireless connections.
Also VPN connections can be bit sluggish, that has nothing to do with your firewall or router, it's an issue on VPN providers end.
«
Last Edit: September 19, 2020, 05:31:21 pm by Vilhonator
»
Logged
rfeng33
Newbie
Posts: 12
Karma: 0
Re: Hardware Recommendation for 1Gbps Throughput (WAN)
«
Reply #3 on:
September 19, 2020, 08:46:59 pm »
Vihonator,
I agree with your assesment. I currently work for the ISP providing me the service and they have a speedtest server on the same network about 2ms away from me. With the CCR1009 I only get about 450 - 500Mbps on a speedtest due to the way the Tilera architecture works. My ONT is connected right now to my data rack with a 7' Cat6 cable and comes up at a full gig. My lan is where I have the 10G to my switch and it's a 3' fiber jumper directly from the Juniper into the Mikrotik currently. I know I won't see the 1GBPS on my wifi network (which is spread across 5 Ruckus AP's in my house), I'm wanting the wire speed primarily on my main PC which is cat 6 right back to the Juiper over Cat6 and about a 20' run. VPN I'm aware of, I don't need wire speed there.
Logged
Ricardo
Full Member
Posts: 233
Karma: 12
Re: Hardware Recommendation for 1Gbps Throughput (WAN)
«
Reply #4 on:
September 23, 2020, 11:35:43 am »
PPPoE protocoll and NAT is killing the performance, and "PF" is a serious bottleneck as well!
"Basically any PC with Dual or Quad core CPU and at least 4gb RAM could suffice for your needs."
--> basically this is untrue. Search for the 4-core Pcengines APU embedded router, it is quad core, but core clock is only 1Ghz, and it is very weak for NAT + PPPoE + PF, 1Gbit throughput is not achievable, many people have tried it and failed it.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
Hardware Recommendation for 1Gbps Throughput (WAN)