Pfsense Rangeley build

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
J

JSchuricht

Active Member
Apr 4, 2011
198
74
28
I am in need of upgrading my router. My current setup is a 1.266 P III s running Monowall and it's choking with a 300/20 connection. I was planning on repurposing an old Supermicro PDSME with a Pentium D 955 Presler then I made the mistake of looking up the power consumption. That lead me to think about the ancient 2u case that I originally bought to house dual P II 400's and I realized it's time to give up and retire the system completely. The redundant 350w PSU's and 1.5" tall drive sleds are not worth reusing and the power consumption of a newer system would pay for itself in a few years.

I have narrowed down the hardware somewhat. Either a Supermicro A1SRM-2558F or A1SRM-2758F and a SC512L-200B chassis. That is my biggest debate right now, 4 core vs 8 core. I love future proofing and overbuilding but I can't seem to convince myself that the extra $100 and 5w is worth it for 8 cores on a router.

Currently I have a 300/20 connection and a couple of low usage VPN's. The catch is Google fiber is coming which would mean enough upload speed to start some new projects over the VPN's. So is it worth it to have 8 cores in Pfsense 2.2?
 
Chuckleb

Chuckleb

Moderator
Mar 5, 2013
1,017
331
83
Minnesota
Some people like virtualizing the network, then you can run some other services on the spare compute power. In my case, I'd use it for my secondary AD, perhaps backup server on the same box. Since it is lower power, nice to get other tasks out of it. Of course that means adding in more RAM and whatnot as well.
 
J

JSchuricht

Active Member
Apr 4, 2011
198
74
28
Thanks, I already have two hyper v servers with virtualzed DC's and a pair of storage servers. but a router is something I will never virtualize. I also have a bunch of 4GB sticks of DDR3 laying around so there is no cost there, just the MB, chassis and a drive if I decide not to reuse an existing one. This would just be a dedicated router with a few VPN's.
 
Biren78

Biren78

Active Member
Jan 16, 2013
550
94
28
@JSchuricht I'm jealous of your speeds already, and that you're getting fiber!

I think the 4 core model will work, 8 cores if you want to run anything more sophisticated in the future. pfsense has a bunch of packages you may want to make use of.
 
EffrafaxOfWug

EffrafaxOfWug

Radioactive Member
Feb 12, 2015
1,394
511
113
I've been wondering about a similar project myself, but was looking at the Jetway JBC310/311 barebones to accomplish the same thing as they're absolutely minute and passively cooled yet with a similarly classed CPU. I'd like to do this mostly because for the router features I want I typically have to go for SMB models that cost more than something I can plonk a dedicated firewall distro on.

How does the number of CPUs affect distros like monowall and pfsense? Are they able to scale the packet load across all their CPUs or if you've got a single data stream maxing out one core, is that your functional limit for single connections?
 
J

JSchuricht

Active Member
Apr 4, 2011
198
74
28
Fiber may be a few years off, Google started their deployment at the opposite end of town. I have been going through the packages and I'm not sure I would use any of them which has me leaning towards a DOM for simplicity. I am thinking the 4 core version will be fine too. I found one post of a lower end atom handling nearly 1gbs with one core and with 2.2 taking advantage of multiple cores I think there will be plenty of headroom left.

EffrafaxOfWug, the big reason I am not even considering Monowall at this point is that it only uses one CPU.
 
N

NeverDie

Active Member
Jan 28, 2015
307
27
28
USA
I wonder what hardware the pfsense appliance uses such that the entire appliance draws only 10 or 11 watts at idle? Hardware Requirements and Appliances for pfSense

Not to dissuade you at all, but at $454, you're actually a bit more than the price on their SOHO appliance. I wonder how either Rangeley you're considering would compare to it both in terms of performance as well as upgradability to future pfsense releases.
 
J

JSchuricht

Active Member
Apr 4, 2011
198
74
28
The full featured C2758 system they have listed for $1400 is a Supermicro 8 core 2.4GHz Rangeley with a front mount case. That's basically the $454 system I specked out but with a 80GB SSD vs 16GB DOM and a pfsense logo. They claim 20w idle. The 10w midrange system is a Rangeley C2358 2 core 1.7 GHz. Their low end system is a 1 GHz Dual Core AMD G-T40E APU, 11w and Realtek NICs.
https://www.pfsense.org/hardware/pfsense-store.html#c2758
From what I have read, the Rangeley is what they have optimized 2.2 for. The MB I am looking at has a 8x PCIe2 slot which would require a $25 riser if I ever need it so a 10Gb NIC is an option if Google decides to get really crazy in the future or I find a need to route between my VLANs at 10Gb (not likely) which is one case the extra cores may be needed. I think I will order the 4 core version and worry about the future some other time.
 
  • Like
Reactions: NeverDie
Patrick

Patrick

Administrator
Staff member
Dec 21, 2010
12,514
5,805
113
cesmith9999 said:
It is hard to justify a new pc to be a router when a ubiquiti router is under $100 at newegg. if you had spare hardware, sure... if you are spending $60 on mb/proc. and $20 on ram. and $30 on a case/PS... let us not forget the disk...
Click to expand...
I had two ERL's. I now am using C2550/ C2558 based boxes for pfsense + some infrastructure bits. pfsense does have a much better interface and packages available than the ERL. The cost is most certainly more though.
 
JustinH

JustinH

Active Member
Jan 21, 2015
124
76
28
48
Singapore
I have a ERL on a 1G/500 line, and I can easily push it to over 950Mb. It's cheap and fast and really well supported. In fact my ISP is testing a 2Gb plan and the ERL with bonded interfaces and they say it's the only setup that can saturate the link. So it's cheap and future proof!
 
J

JSchuricht

Active Member
Apr 4, 2011
198
74
28
NeverDie said:
As I'm planning something similar, I'm curious why you didn't consider the SuperMicro A1SRM-LN7F-2358? Street price around $269.
Supermicro | Products | Motherboards | Atom Boards | A1SRM-LN7F-2358
Click to expand...
The S1SRM-LN7F-2358 is a 2 core 1.7GHz Rangeley. I did consider it's bigger brother A1SRM-LN7F-2758 for $400 but I don't see any need for 7 lan ports. I have about 130 ports now, most of which are open so i can always split it up with a VLAN. I can't foresee needing more than two WAN ports which leaves me with two LAN ports and I don't have anything I would want to fallover with bypass mode.
 
  • Like
Reactions: NeverDie
cesmith9999

cesmith9999

Well-Known Member
Mar 26, 2013
1,421
470
83
Patrick, are your ERL's for sale? is it just a config difference the reason why you stopped using them?
 
Mark

Mark

Member
Nov 6, 2014
39
15
8
I've currently got pfSense 2.2 running in ESXi 5.5 on the A1SRM-LN7F-2758 with 8GB of ram allocated to the VM. The setup has been flawless for roughly 3 months now. I replaced a Cisco ASA5505 with this setup. I've only got 85/85mbit FIOS but running Snort with a pretty full rule set I'm hard pressed to see the CPU usage spike above 10%. I've also got a couple of other VM's on the same box with no apparent impact in performance to pfSense. If you are considering doing virtualization I would definitely recommend going for the extra 4 cores. Just as an FYI pfSense 2.2 has the drivers for the VMX NET3 network adapter built-in so great performance numbers out of the box with ESXi.
 
  • Like
Reactions: Chuckleb, Patrick and NeverDie
Patrick

Patrick

Administrator
Staff member
Dec 21, 2010
12,514
5,805
113
cesmith9999 said:
Patrick, are your ERL's for sale? is it just a config difference the reason why you stopped using them?
Click to expand...
One was given to a forum member as a present. The other works but is very ugly at the moment (plastic case did not handle the electric screwdriver well.) Primarily the config, but the pfsense option gives much more functionality.
 
OBasel

OBasel

Active Member
Dec 28, 2010
494
62
28
JustinH said:
I have a ERL on a 1G/500 line, and I can easily push it to over 950Mb. It's cheap and fast and really well supported. In fact my ISP is testing a 2Gb plan and the ERL with bonded interfaces and they say it's the only setup that can saturate the link. So it's cheap and future proof!
Click to expand...
I'm jealous of your connection, but is this only a router at this point? Or are you running other services like firewalls, proxies and all that at 2gb on the ERL?
 
JustinH

JustinH

Active Member
Jan 21, 2015
124
76
28
48
Singapore
Gotta Love Singapore!

My config is firewall, NAT (for 2 LAN) and routing a small public IPv4 DMZ, DNS, DHCP. Oh. And IPv6 as well on all of that.

No Proxy because at this speed, It doesn't really improve things.

My connection is 1gb though.
The ERL does a lot of hardware assisted off-load, hence it doesn't even break 10% CPU even maxing out the bandwidth with torrent downloads!
 
J

JSchuricht

Active Member
Apr 4, 2011
198
74
28
Ended up ordering the 4 core version. The system is up on an extra Intel 120GB 530 vs the DOM I was originally thinking of buying. TRIM is enabled and LACP on the LAN just to use up an idle port. Overall it's a nice upgrade for ~$300 plus 8GB RAM and the 120GB SSD I had laying around.

Anyone have some suggestions on packages I should check out?
 
Mark

Mark

Member
Nov 6, 2014
39
15
8
Snort :)... That's the only thing I'm running. Interested to see what others chime in with.
 
You must log in or register to reply here.
Top Bottom