pfSense RAM and CPU

Discussion in 'FreeBSD and FreeNAS' started by brianmc, Jun 25, 2018.

  1. brianmc

    brianmc New Member

    Joined:
    Jun 25, 2018
    Messages:
    29
    Likes Received:
    7
    What's the going assumption on RAM for pfSense.

    I am not doing IDS, just as a VPN and NAT gateway. I'm upgrading to Xeon D1508 and Xeon D-1518

    Do I need dual channel RAM or can I get away with single channel?

    8GB x 1 or 8GB x 2 enough or should I use 16GB DIMMs?
     
    #1
  2. PigLover

    PigLover Moderator

    Joined:
    Jan 26, 2011
    Messages:
    2,675
    Likes Received:
    1,049
    Your question really needs more context - some info on how may links and what data rates or packet-per-second rates you expect would help a lot getting you a good answer.

    That said, in its basic form as a simple firewall/NAT and VPN endpoint, pfSense is not memory hungry at all. Even 8GB would be overkill for that, though in a Xeon D you probably want to use 2x4GB to get there just to keep the memory channels populated (it probably won't make much difference in performance though).

    If you start to add a bunch of add-ins like Suricata or other things then memory usage might climb. But probably not much.
     
    #2
  3. brianmc

    brianmc New Member

    Joined:
    Jun 25, 2018
    Messages:
    29
    Likes Received:
    7
    Thanks. I'm not sure what they'll be for pps. Bandwidth no more than 100mbps which is why I'm staying low in the Xeon D range. That's really helpful and I appreciate you taking the time to answer.
     
    #3
  4. mstone

    mstone Active Member

    Joined:
    Mar 11, 2015
    Messages:
    473
    Likes Received:
    109
    you can't buy a new computer slow enough that firewalling 100mpbs would be a problem, nor can you buy a new computer with a small enough RAM configuration to find the lower limit. a xeon d is tremendous overkill, but if it's what you want it will work fine.
     
    #4
  5. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    876
    Likes Received:
    638
    Insane overkill - my largest pfsense instance has 2GB of ram, and I've never seen it use more than 700MB. using an ancient i3 and it has no problem routing and firewalling 1gbps. xeon is crazy fammmm
     
    #5
  6. brianmc

    brianmc New Member

    Joined:
    Jun 25, 2018
    Messages:
    29
    Likes Received:
    7
    My reason for Xeon D is that I'm going to have it on my 10G network LAN side. WAN is no more than 100mb but LAN might be more.

    I'd also pay to avoid having to upgrade soon.
     
    #6
  7. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    876
    Likes Received:
    638
    The lan traffic will never touch your router assuming it's on the same subnet
     
    #7
  8. Nizmo

    Nizmo Member

    Joined:
    Jan 24, 2018
    Messages:
    101
    Likes Received:
    17
    I use 8GB DDR4 and 8 Cores (E5-2699 V4) on a Virtual Machine for PfSense for 10Gb connections bonded to 20Gb.

    I see up to 75% CPU loads and 30-50% mem loads.

    Although I am using IDS (Snort, VPN, Multi-WAN)
     
    #8
  9. Biznatch

    Biznatch New Member

    Joined:
    Mar 20, 2017
    Messages:
    10
    Likes Received:
    1
    Enable pfblockerng and ntopng and that will no longer be the case. My VM has 4GB and is using like 90% at all times. Well worth it, for pfblocker at least. Gets rid of almost all ads/malware through community DNS block lists at the firewall. Hell even the video ads on the Roku app don't queue up anymore, it's great.
     
    #9
  10. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    876
    Likes Received:
    638
    Sure, you can load up plenty of different packages that drastically alter spec requirements, however OP clearly stated he would be doing none of that. As far as DNS and ntop, I prefer handling those outside of pfsense for various reasons, but I understand the ease of use having them bundled

    also, nice thread necro :)
     
    #10
    CreoleLakerFan and dswartz like this.
  11. dswartz

    dswartz Active Member

    Joined:
    Jul 14, 2011
    Messages:
    342
    Likes Received:
    26
    That's nothing, bro! Earlier this year, in a different forum, I saw a necro of a 7-yr old thread!
     
    #11
    Sleyk and fohdeesha like this.
  12. Sleyk

    Sleyk Active Member

    Joined:
    Mar 25, 2016
    Messages:
    671
    Likes Received:
    142
    7 years! damn! That's not necromancy, thats Egyptian mummy type resurrection! Lol!

    I agree with my man Fodeesh, overkill with crossbows and machine guns :cool:

    I'm actually running an old supermicro x8sil board with x 2 chelsio 10gb cards and a 4 port intel 1Gb ethernet card for gigabit networking and a old 1156 xeon (x3440) in a simple 2u case and it runs great. I can transfer internally at 9.8Gbits no prob. (Tested with iperf and real world with 2 x ssd's in raid0)

    I use 4 ddr3 2GB sticks for a total of 8GB and I have several packages installed (snort, squid, squidguard, etc) and I never go past 2GB, and that's with normal usage + with dedicated ram space set for squid cache.

    8GB is all you need my peep! :.)
     
    #12
    dswartz likes this.
Similar Threads: pfSense
Forum Title Date
FreeBSD and FreeNAS pfSense2.4.3(FreeBSD11.1) support the intel 82599EB 10-Gigabit ? Sep 21, 2018
FreeBSD and FreeNAS FreeBSD/pfSense guest 10GbE SR-IOV VF successes? Aug 30, 2018
FreeBSD and FreeNAS Small pfSense compatible box w/ wifi Dec 31, 2017
FreeBSD and FreeNAS Pfsense VM Sep 28, 2017
FreeBSD and FreeNAS How does PfSense number the network interfaces? May 26, 2017

Share This Page