1Gbps Internet for home use with IPS and VPN?

Hardware
1

1Gbps/1Gbps Internet for home use with IPS and VPN?

What hardware are people using successfully with this scenario?

I am running it through an older i3 (Intel® Core™ i3-3220 CPU @ 3.30GHz) with an Intel server quad port adapter and 4GB of ram but I don’t seem to ever hit a full 1Gbps using speedtest-cli from ipfire itself. It is an Dell OptiPlex 3010.

I see higher upload speeds. Like I might see mid 300 or mid 400’s on download and mid 600 and I think I hit 800 once on upload.

Just wondering if I should consider new hardware and if so, what? I haven’t added IPS yet to this fresh install of ipfire (switched from running opnsense on the same hardware for like 4 years or so). Just upgraded to 1Gbps Internet.

2

I have not seen any cheap device that can handle 1G in both directions with enabled IPS.

My Celeron U3205 (2x 1.5 Ghz) can handle 95Mbit. (Without IPS it can hande full GigaBit)
So i estimate 250mBit for your CPU…

So you need a 5 times faster CPU and i cannot say how it can split to multi cores.

3

So without IPS my cpu should handle 1Gbps in both directions?

4

Yes the cpu should have enough power, but only if the Nic’s have enough PCIe bus bandwich.

5

Would one of these preform well based on their specs?

Or something similar. I’d like to avoid spending more than 350-400 USD if I can.

Protectli Vault 4 Port, Firewall Micro Appliance/Mini PC - Intel Quad Core, AES-NI, 4GB RAM, 32GB mSATA SSD https://www.amazon.com/dp/B07FKMJGD6/ref=cm_sw_r_other_apa_i_9zlNEbG5BNMS5

Protectli Vault 4 Port, Firewall Micro Appliance/Mini PC - Intel Quad Core, AES-NI, 4GB RAM, 32GB mSATA SSD https://www.amazon.com/dp/B0742P83HY/ref=cm_sw_r_other_apa_i_qDlNEbQAWN79D

6

:rofl: :rofl: :rofl: http://cpuboss.com/cpus/Intel-J3160-vs-Intel-Core-i3-3220

:crazy_face: :crazy_face: :crazy_face: http://cpuboss.com/cpus/Intel-Core-i3-3220-vs-Intel-Atom-E3845

7

You better run a: https://cpu.userbenchmark.com/Compare/Intel-Core-i5-9600-vs-Intel-Core-i3-3220/m853186vsm272

or https://cpu.userbenchmark.com/Compare/AMD-Ryzen-7-3700X-vs-Intel-Core-i3-3220/4043vsm272

or better :smiley:

My old Ryzen 5 1600 can handle my 1Gb/s internet connection without any problems.

8

Some of those comparisons require more interpretation because they are between multi-threaded v single-threaded cores. mitigations=auto in IPFire will disable multi-threading.

9

So it sounds like my current cpu is sufficient with the exception of its age and missing AES-NI.

10

So ipfire chose mitigation and forced single thread? If I wanted to take advantage of multithread I can turn off mitigation and accept the risk? Or better yet, get a high clock speed cpu to handle it better? I would like to upgrade my existing hardware to something more modern with AES-NI etc… And something with Quad Intel nics handling 1Gbps internet (I’d like to enable IPS but not if it is going to really limit my throughput on the gigabit connection.)

11

A fairly long thread on cpu vulnerability is:

A Ryzen 5 or 7 would have less vulnerability than similar i5 or i7.

You are also considering a device having only 4GB RAM. What is your current maximum RAM utilisation ?

12

While I prefer not to spend close to 600 bucks. This supermicro server looks interesting.

MITXPC Intel Atom C2758 4 x LAN IPMI Fanless Mini Network Server w/ 8GB Memory https://www.amazon.com/dp/B01MUEGO0C/ref=cm_sw_r_other_apa_i_K7pNEb2H2ATXT

13

You have not confirmed that you need 4 LAN. Another posting referred to this mini PC, that has 2 LAN. The V1605 variant can have 16 GB RAM, that might be better with IPS:

https://www.aliexpress.com/wholesale?catId=0&initiative_id=SB_20200419180416&SearchText=maxtang

14

I prefer to have 4 gig ports. I am running a green red blue orange config.

15

If you use vLANS for less bandwidth consuming segments/zone you can use fewer ports.

16

:unamused: http://cpuboss.com/cpus/Intel-Core-i3-3220-vs-Intel-Atom-C2758

That’s why there are different charts :stuck_out_tongue:.

With Intel CPUs SMT will be disabled. That’s all. With AMD it stays active.

17

The second chart is “single-core” ie from a process not written to utilise multiple cores/CPU. That’s not the same as running single threads on a multi-core processor.

I’m not able to test that - don’t have IPFire running on any multi-threading CPU.

18

And this is mostly usefull.

I am and I checked it out.

19

Perhaps I just need to upgrade to an i5 or i7 with AES-NI and that’s it.

Should hyperthreading be enabled or disabled with ipfire?

20

If I had the choice right now, I would go on a ryzen

https://wiki.ipfire.org/hardware