10gb home internet, nic question

Started by Vilmalith, January 25, 2023, 03:45:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 25, 2023, 03:45:55 PM Last Edit: January 25, 2023, 05:37:13 PM by Vilmalith
I've registered to get 10gb fiber at my house.  I don't yet have an install date.  Will OPNSense achieve line rate with an Intel X550-T2 and/or is there a better choice?  I will be running OPNSense + Zenarmor (no suricata).

Also, the various tuning guides out there, are they still relevant for OPNSense 22.x/23.x and FreeBSD 13.x?
January 25, 2023, 05:22:51 PM #1
That mostly depends on the CPU that you will employ. An Intel X550-T2 should be capable enough to achieve line rate - although that depends on packet size and more parameters.

Also, there must be enough PCIE lines and sufficient level to supprt 2x 10 GbE.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
February 07, 2023, 02:44:25 PM #2
ZA will cut your speed down a lot, Ive tuned and tuned and ended up disabling ZA as I went from 10Gb to like 5, even in passive monitoring mode. Which seems odd as their target market seems to be SMBs that will have at least 10Gb...All testing I was doing with this was done using iPerf, I verify 10Gb through the firewall, enable ZA, test to verify speed is about half, then I did a bunch of performance tuning but nothing really helped.
February 07, 2023, 06:20:04 PM #3
Well NIC is good but you have to consider other things as well.

First of all to have 10Gb internet on your computer, you need at least 2 10Gb ports on your firewall (1 for wan and 1 for LAN), if you only need that for 1 computer, then it's just that, but more than 1 device, it's always 10Gb port per each device which also means firewall needs more powerful hardware.

for example https://shop.opnsense.com/product/dec840-opnsense-desktop-security-appliance/ has 2 10 Gb ports and 4 Gigabit ports. It is designed so, that 10Gb ports are connected to internet where 4 gigabit ports are connected to switches and provide up to 1 gigabit simultaneous internet connection to for example up to 256 computers (you need Switches and create VLANs for that or bunch of wifi APs) without connections getting slowed down at all.

To provide 10 Gb/s to for example 10 computers, you need a switch with 100Gb port, firewall with 100Gb port and internet contract of at least 100Gb connection, and even then you would have to check the maximum throughput of your switch and firewall to make sure they can handle such traffics. Needless to say this, but you most likely won't be buying or building that type of firewall for your home anytime soon :P.

Anyway, theoretically you are fine with firewall I linked, but I would advice you to contact ZA and Opnsense support via e-mail, they are more than capable of giving advice to you about hardware specidics you need
February 08, 2023, 01:34:35 AM #4
Quote from: meyergru on January 25, 2023, 05:22:51 PM
That mostly depends on the CPU that you will employ. An Intel X550-T2 should be capable enough to achieve line rate - although that depends on packet size and more parameters.

Also, there must be enough PCIE lines and sufficient level to supprt 2x 10 GbE.

For those playing along at home. The X550-T2 has a target of 8GT, has a width of x4 and support upto v3.0
So in that case you'll need pcie1.0 x4, pcie2.0 x2 or pcie3.0 x1 to satisfy the target.

Relevant section from lspci:
Code Select
        Capabilities: [a0] Express (v2) Endpoint, MSI 00
                DevCap: MaxPayload 512 bytes, PhantFunc 0, Latency L0s <512ns, L1 <64us
                        ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
                DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
                        RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop- FLReset-
                        MaxPayload 256 bytes, MaxReadReq 512 bytes
                DevSta: CorrErr+ NonFatalErr- FatalErr- UnsupReq+ AuxPwr- TransPend-
                LnkCap: Port #0, Speed 8GT/s, Width x4, ASPM not supported
                        ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
                LnkCtl: ASPM Disabled; RCB 64 bytes, Disabled- CommClk+
                        ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
                LnkSta: Speed 8GT/s (ok), Width x4 (ok)
                        TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
                DevCap2: Completion Timeout: Range ABCD, TimeoutDis+ NROPrPrP- LTR+
                         10BitTagComp- 10BitTagReq- OBFF Not Supported, ExtFmt- EETLPPrefix-
                         EmergencyPowerReduction Not Supported, EmergencyPowerReductionInit-
                         FRS- TPHComp- ExtTPHComp-
                DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis- LTR- OBFF Disabled,
                         AtomicOpsCtl: ReqEn-
                LnkCap2: Supported Link Speeds: 2.5-8GT/s, Crosslink- Retimer- 2Retimers- DRS-
                LnkCtl2: Target Link Speed: 8GT/s, EnterCompliance- SpeedDis-
                         Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
                         Compliance De-emphasis: -6dB
                LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete+ EqualizationPhase1+
                         EqualizationPhase2+ EqualizationPhase3+ LinkEqualizationRequest-
                         Retimer- 2Retimers- CrosslinkRes: unsupported
Print
Go Up Pages1
User actions