|
Post by jrronimo on Aug 20, 2015 18:33:06 GMT
Greetings everyone! I had previously set up a computer with OpnSense, but more recent versions of OpnSense no longer support my hardware. I've since discovered SmallWall and I think it will work. I had tried m0n0wall in the past, but ran into some problem that I don't remember, so I stopped using it, or maybe never started. I do remember having problems installing it, though. I was using an IDE to CompactFlash adapter, but the only CF card I had laying around was 8 GB. I think m0n0wall had problems with this. Here are the specs of the computer I wish to use: Pentium 4 560 (3.6 GHz, no 64-bit extensions I don't think) 2 GB RAM 2 x Intel Gigabit NICs -- 1 PCI, 1 PCIe Either 8 GB CF card via IDE to CF adapter or a 1 TB SATA Western Digital Green drive that is laying around. I realize both of these storage options are large for this purpose, but those are what I can use. I like the idea of using the CF card since it's less likely to die, but it's also much slower than the HDD. Amy I going to have trouble with having too large of a storage space? Is there some way to partition it and maybe use the other 999.5 GB as a Samba share or something? The biggest issue that I have is this, though: I want to push gigabit speeds. My WAN connection is 1 Gbit now, thanks to my city's fiber network. With OpnSense and this computer, I was able to push ~600-700 Mbit, and that level of performance is okay. If the CPU is the limiting factor in this situation (hopefully not with the Intel cards), then what sort of hardware *is* required for SmallWall to push gigabit? There's a lot of talk about minimum hardware specs, but I want to make sure to not have any trouble by installing SmallWall onto too powerful of a computer -- this is literally what I have laying around. My Netgear WNR3500Lv2 can only handle traffic at ~200-250 Mbit due to its weak CPU, unfortunately, and I don't really want to buy another router if I can avoid it.
|
|
|
Post by Lee Sharp on Aug 20, 2015 20:08:41 GMT
Greetings everyone! I had previously set up a computer with OpnSense, but more recent versions of OpnSense no longer support my hardware. This is why I started SmallWall! Here are the specs of the computer I wish to use: Pentium 4 560 (3.6 GHz, no 64-bit extensions I don't think) 2 GB RAM 2 x Intel Gigabit NICs -- 1 PCI, 1 PCIe Either 8 GB CF card via IDE to CF adapter or a 1 TB SATA Western Digital Green drive that is laying around. CPU is fine. RAM is plenty unless you have a few hundred users. For storage, you need at least 16meg that is recognized. Perhaps an old USB thumb drive. It is only used to boot, or to save config, or upgrade. All the rest of the time, SmallWall runs in ram. So if your CF card has trouble, get an old USB stick too small for anything else. Now the nic gets more interesting... See the next segment. The biggest issue that I have is this, though: I want to push gigabit speeds. My WAN connection is 1 Gbit now, thanks to my city's fiber network. With OpnSense and this computer, I was able to push ~600-700 Mbit, and that level of performance is okay. If the CPU is the limiting factor in this situation (hopefully not with the Intel cards), then what sort of hardware *is* required for SmallWall to push gigabit? You are right in that cheap nics can load the CPU and be CPU bound. This is not the case with "most" Intel. But, the buss is another matter. You have a PCI nic, and the PCI buss is slow. Also, how fast the chipset and backplane can shove the bits around makes a difference. This is why servers with 10Gig nics are so expensive. So, if you were getting 600-700 meg in OPNsense, you should get that or a tiny bit better with SmallWall. But if you need true gigabit wire speed, you need a full PCIE buss. The systems MITXPC sells can get close to 900 Mbs sustained. A software only image in VMware I was testing would get 9Gbs!
|
|
|
Post by jrronimo on Aug 21, 2015 5:04:33 GMT
Fantastic! It's really the perfect solution for my system. Thank you for your hard work! I hope to see it thrive. Haha, not that many users, just what happens to be in that computer. No reason not to use it, I guess. *shrug* I figured the PCI bus card would be limiting, but the computer that I had laying around only has two card slots, so I'm stuck with what I've got. One day I'll upgrade to 2xPCIe or one of those MITXPC systems or something -- I *love* the idea of taking this whole setup fanless, but that costs more than $0 at the moment. Knowing that SmallWall can hit 9 Gbps is pretty awesome, though! We do a little bit with 10 Gb at work, but nothing major just yet. Thanks for your help! This is fantastic -- I just got my CF card imaged and am configuring. So far so good! I'm really liking it!
|
|
|
Post by Lee Sharp on Aug 21, 2015 14:38:42 GMT
|
|
|
Post by jrronimo on Aug 21, 2015 19:48:00 GMT
ooOOooo, that's a great idea. Thanks!
|
|
|
Post by jrronimo on Oct 12, 2015 17:18:59 GMT
So! I did end up buying the dual-port NIC but didn't get a chance to swap it until a few days ago. Before, with the 1 x PCI & 1 x PCIe NICs, I was getting ~700Mbit in both directions. With the new Intel card, I'm pulling 950 Mbit up and down! It's awesome! I'm seeing a lot higher CPU usage with this card than with the two previous cards, though. With the old cards, I would see ~3% usage (as eyeballed from the CPU chart under Diagnostics) when doing things like Speedtest; now I'm seeing around 50%. Admittedly, I get more speed... but any ideas? Is this probably just a driver problem? In that line of questioning, Hyperthreading. The P4 that I'm using supports Hyperthreading... but does BSD support it well? I usually assume when I see CPU usage at 50%, it's the computer reporting two processors when one is a "sort-of" processor that isn't getting much use. Should I disable it for SmallWall? Thanks again for the recommendation! Loving the card and the router software.
|
|
|
Post by Lee Sharp on Oct 12, 2015 23:55:04 GMT
So! I did end up buying the dual-port NIC but didn't get a chance to swap it until a few days ago. Before, with the 1 x PCI & 1 x PCIe NICs, I was getting ~700Mbit in both directions. With the new Intel card, I'm pulling 950 Mbit up and down! It's awesome! WooHoo! Much better! And not totally unexpected. I'm seeing a lot higher CPU usage with this card than with the two previous cards, though. With the old cards, I would see ~3% usage (as eyeballed from the CPU chart under Diagnostics) when doing things like Speedtest; now I'm seeing around 50%. Admittedly, I get more speed... but any ideas? Is this probably just a driver problem? Actually, that is just the cost of pushing bits around. Think about it. The packet comes in the nic, goes over the buss to memory, the CPU evaluates it, and then sends it out another nic. That is actually some significant work! And all on an old P4 with slow ram! Most of your CPU load is not actually load, but wait states... Faster ram will make the biggest difference right now. (Note that the 10 gig systems all have very fast ram, and still load the heck out of the CPU!) In that line of questioning, Hyperthreading. The P4 that I'm using supports Hyperthreading... but does BSD support it well? I usually assume when I see CPU usage at 50%, it's the computer reporting two processors when one is a "sort-of" processor that isn't getting much use. Should I disable it for SmallWall? It looks like we will have to do this soon. But, on modern processors, we are not even touching the full load yet. We would be setting up SMP for old Pentium Ds... The point is that CPU is rarely the bottleneck, but nic and memory usually is... So a lot of work for a very niche case... That we will do anyway at some point. Thanks again for the recommendation! Loving the card and the router software. Glad to help! It sounds cheesy, but this is why I do this stuff! Being able to produce something useful and having other appreciate it! I wonder why that never happens at work?
|
|
|
Post by jrronimo on Oct 15, 2015 22:27:06 GMT
I'm seeing a lot higher CPU usage with this card than with the two previous cards, though. With the old cards, I would see ~3% usage (as eyeballed from the CPU chart under Diagnostics) when doing things like Speedtest; now I'm seeing around 50%. Admittedly, I get more speed... but any ideas? Is this probably just a driver problem? Actually, that is just the cost of pushing bits around. Think about it. The packet comes in the nic, goes over the buss to memory, the CPU evaluates it, and then sends it out another nic. That is actually some significant work! And all on an old P4 with slow ram! Most of your CPU load is not actually load, but wait states... Faster ram will make the biggest difference right now. (Note that the 10 gig systems all have very fast ram, and still load the heck out of the CPU!) It does make sense; I was just surprised at the order of magnitude jump in CPU required for 700 mbit vs. 900. I'm happy with the results either way! In that line of questioning, Hyperthreading. The P4 that I'm using supports Hyperthreading... but does BSD support it well? I usually assume when I see CPU usage at 50%, it's the computer reporting two processors when one is a "sort-of" processor that isn't getting much use. Should I disable it for SmallWall? It looks like we will have to do this soon. But, on modern processors, we are not even touching the full load yet. We would be setting up SMP for old Pentium Ds... The point is that CPU is rarely the bottleneck, but nic and memory usually is... So a lot of work for a very niche case... That we will do anyway at some point. Haha, well don't worry about it on my account -- That P4 is ripe for replacement with something that burns quite a bit less power. I recently used a Kill-a-Watt on it and saw it was using 150 W during Speedtesting. Power is cheap in my area though, so I'm still waiting for the right cheap device. For now I'll leave HyperThreading on, just in case it's helping. Thanks again for the recommendation! Loving the card and the router software. Glad to help! It sounds cheesy, but this is why I do this stuff! Being able to produce something useful and having other appreciate it! I wonder why that never happens at work? Hahaha, glad to hear it! It's always satisfying to work on something with direct application like this. I'm really glad you enjoy it!
|
|
|
Post by Lee Sharp on Oct 15, 2015 22:51:50 GMT
Actually, that is just the cost of pushing bits around. Think about it. The packet comes in the nic, goes over the buss to memory, the CPU evaluates it, and then sends it out another nic. That is actually some significant work! And all on an old P4 with slow ram! Most of your CPU load is not actually load, but wait states... Faster ram will make the biggest difference right now. (Note that the 10 gig systems all have very fast ram, and still load the heck out of the CPU!) It does make sense; I was just surprised at the order of magnitude jump in CPU required for 700 mbit vs. 900. I'm happy with the results either way! Think about it... 700 meg in, plus 700 meg out is 1.5 gig. At full duplex, that is 3 gig total. But now you have 900 meg in and 900 meg out, times 2, so 3.6 gig. Half a gig of additional bandwidth in that old P4D... But I have new Atom based systems with 5 gig-e nics, and they can handle full load on multiple interfaces! It looks like we will have to do this soon. But, on modern processors, we are not even touching the full load yet. We would be setting up SMP for old Pentium Ds... The point is that CPU is rarely the bottleneck, but nic and memory usually is... So a lot of work for a very niche case... That we will do anyway at some point. Haha, well don't worry about it on my account -- That P4 is ripe for replacement with something that burns quite a bit less power. I recently used a Kill-a-Watt on it and saw it was using 150 W during Speedtesting. Power is cheap in my area though, so I'm still waiting for the right cheap device. For now I'll leave HyperThreading on, just in case it's helping. It doesn't hurt. But I doubt it will help right now either.
|
|