[Soekris] soekris 4801 and pfsense 2.x

Christopher Hilton chris at vindaloo.com
Tue Sep 10 22:17:47 CEST 2013


On Sep 10, 2013, at 1:17 PM, Nikola Gyurov <ngyurov at gmail.com> wrote:

> Hi,
> 
> If you don't reqiure custom modifications all the time, no different
> user access to the interface etc. you could just create the pf.conf
> and use it on an OpenBSD installation (this is what I use, other BSDs
> may be fine too). It wouldn't need as much RAM as pfSense.
> 
> However, this wouldn't help with the throughput limits.
> 

OpenBSD may or may not be a big help here. The OpenBSD team has done a lot of work on pf since the version that's in pfsense was released. Some of the work was performances based and that may be enough to get the job done on net4801 hardware for you. More on that later. One big change was a pf.conf syntax change regarding how NAT is handled which happened with OpenBSD 4.5. If you are using NAT, I would _not_ count on a pfsense generated configuration to work in OpenBSD 4.5+ 

Otherwise, the news if very good. If my research is correct the OpenBSD team has gained big performance increases in both their network stack and pf many of which aren't reflected in pfsense. According to this talk:

     youtube.com/watch?v=VNyBAcO2pIg [20:15] 

they roughly doubled the throughput of pf and their network stack from 28Mbit / sec to 56Mbit / sec on "low end Soekris" hardware. They don't specify the hardware beyond "low end Soekris" but when they say low end I assume that they mean a 45xx or a 48xx. I myself have tested 55xx and 65xx hardware and find that you can achieve 80 ~ 90 Mbit/sec with OpenBSD on the net5501 with the standard 100Mbit/s vr interfaces. To go faster you'll need to install a good Gigabit NIC in the net5501's PCI slot. The net5501 will keep up with the traffic but in this configuration, with a dual intel em PCI NICs I get lot's of heat. If the high heat bothers you, save yourself some time and opt for the net6501 or go for a rack mount chassis and plan on adding a fan.

     $ sysctl -a | grep deg
     hw.sensors.nsclpcsio0.temp0=92.00 degC (Remote)
     hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote)
     hw.sensors.nsclpcsio0.temp2=70.00 degC (Local)

Hope this helps,

-- Chris

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.soekris.com/pipermail/soekris-tech/attachments/20130910/c0063fe8/attachment-0001.bin>


More information about the Soekris-tech mailing list