DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th September 2017
marcusp marcusp is offline
Port Guard
 
Join Date: May 2017
Posts: 17
Default OpenBSD firewall hardware

Hi all!
I am NOT a hardware guy, so this is were I need some help.
I am planning to setup a OpenBSD firewall for our distributed filesystem, size about (70TB).
I have read somewere (can not remember where) that to make a OpenBSD firewall you should look for the "fastest" single cpu as it just uses one core, is this true?
So, as I am not a hardware guy, how powerful machine do I need to make this a good firewall?
I have looked a Xeon E3/E5 servers with 32GB RAM and double 10GB network cards, is this the type of machines or am I looking at totally wrong things?

Thanks in advance!

Best regards
Marcus
Reply With Quote
  #2   (View Single Post)  
Old 29th September 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

The size of your distributed storage is not important; its the number of packets per second and bits per second that each node will need to support which matters when delivering your solution.

The specific NICs you select will make a difference. The "NIC speed" is the network attachment bit rate, it is not the throughput capability of the NIC hardware.

I saw a post on the misc@ mailing list this week (link) from an OpenBSD that noted that the more popular 10Gb NICs may be those that use the ix(4) driver. Issuing $ apropos 10gb produced a slightly longer list:
Code:
$ apropos 10gb
ix(4) - Intel 82598/82599/X540/X550 PCI Express 10Gb Ethernet device
ixgb(4) - Intel PRO/10GbE 10Gb Ethernet device
myx(4) - Myricom Myri-10G PCI Express 10Gb Ethernet device
nep(4) - Sun Neptune 10Gb Ethernet device
oce(4) - Emulex OneConnect 10Gb Ethernet device
tht, thtc(4) - Tehuti Networks 10Gb Ethernet device
xge(4) - Neterion Xframe/Xframe II 10Gb Ethernet device
The network stack has been historically single threaded through CPU 0. Work to improve this has been ongoing in recent years, but much of the stack is still single-threaded and that advice for faster/fewer CPUs is still valid.

Routers do not use much memory, so most of your 32 GB of RAM in each router is likely to sit idle.

For more specific hardware advice, you might review the misc@ archives.
Reply With Quote
  #3   (View Single Post)  
Old 3rd October 2017
marcusp marcusp is offline
Port Guard
 
Join Date: May 2017
Posts: 17
Default

Thanks for the answer!
I have been looking at some hardware and found a supermicro motherboard:
https://www.supermicro.nl/products/m...X11SSH-CTF.cfm
I was thinking a i3-7300 4.0GHz cpu and 8GB RAM.
I have tried to do research on it and found some old info about problems, but that is it.
Is this a good choice?

I hope that someone can help me out with this!

Many thanks!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Your OpenBSD Hardware mfaridi OpenBSD General 145 17th December 2023 02:57 AM
Smallest, cheapest hardware for OpenBSD router + firewall beiroot OpenBSD General 22 12th April 2018 09:37 AM
Hardware recommendation: what hardware to buy for my new FreeBSD desktop? Broodjegehaktmetmayo General Hardware 92 11th February 2009 10:43 PM
Is there a purpose for using pf if you have a hardware router/firewall? guitarscn OpenBSD Security 9 23rd January 2009 12:22 AM
Firewall Hardware Questions gunderwood OpenBSD General 3 15th May 2008 03:50 AM


All times are GMT. The time now is 01:46 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick