Co-lo + 5 (or more) sites....connect 'em all
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
My question for them would be: what hardware & encryption levels are needed to achieve 500+ Mbps?
I doubt that pfSense provides that kind of consulting if you aren't buying their stuff.
-
I'd use VyOS before pfSense for this.
-
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:
VyOS
Ok, will check it out!
Linux based router OS. Built from the same original code that EdgeOS comes from.
-
@FATeknollogee
I did a test. I get 840 Mbps IPsec between two servers running xcp-ng and one pfSense in each. 4 vCPU 2.5GHz Xeon E5.
This was over 1GbE and with NAT, packet filtering, I/O overhead of Xen etc.I expected more but was too lazy to try on bare metal. But I would assume it's faster, also a newer CPU with higher clock frequencies would likely give it another boost.
If you want a lot more speed you can add an accelerator card. Intel has their Quick Assist Technology and a card that can do up to 50 Gbps is priced around $650.
-
@Pete-S pfSense? What did you test with?
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@Pete-S pfSense? What did you test with?
I would guess from his wording - two xcp-ng hosts, each with a PFSense VM, directly connected to each other, this would take the ISP out of the equation and show max throughput for his given setup (4 vCPU, no RAM listed).
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@Pete-S pfSense? What did you test with?
iperfis the standard tool for this. -
@Dashrender said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@Pete-S pfSense? What did you test with?
I would guess from his wording - two xcp-ng hosts, each with a PFSense VM, directly connected to each other, this would take the ISP out of the equation and show max throughput for his given setup (4 vCPU, no RAM listed).
Yes. And it was 2GB RAM.
@JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@Pete-S pfSense? What did you test with?
iperfis the standard tool for this.Correct. iperf (v3.6) with a couple of parallel streams.
-
@Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee
I did a test. I get 840 Mbps IPsec between two servers running xcp-ng and one pfSense in each. 4 vCPU 2.5GHz Xeon E5.
This was over 1GbE and with NAT, packet filtering, I/O overhead of Xen etc.I expected more but was too lazy to try on bare metal. But I would assume it's faster, also a newer CPU with higher clock frequencies would likely give it another boost.
If you want a lot more speed you can add an accelerator card. Intel has their Quick Assist Technology and a card that can do up to 50 Gbps is priced around $650.
How much RAM?
Did you check CPU usage? -
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee
I did a test. I get 840 Mbps IPsec between two servers running xcp-ng and one pfSense in each. 4 vCPU 2.5GHz Xeon E5.
This was over 1GbE and with NAT, packet filtering, I/O overhead of Xen etc.I expected more but was too lazy to try on bare metal. But I would assume it's faster, also a newer CPU with higher clock frequencies would likely give it another boost.
If you want a lot more speed you can add an accelerator card. Intel has their Quick Assist Technology and a card that can do up to 50 Gbps is priced around $650.
How much RAM?
Did you check CPU usage?I think that he said 2GB.
-
Update: this is what I ended up with.
Route based VPN using this guide as a template.Master site: 1x ER 12 + 1x ER 4
Sites A, B, C & D :1x ER4 each location
Colo: 1x ER4 & 1x pfSense (SM x10SDV-TLN4F+)
