this is my first question and I hope I do everything correct. Thanks for setting up serverfault – such a site was missing in the internet for a long time now.
In the next few weeks I will get my VDSL 25 connection (at best it's 25 Mbit Download and 5 Mbit Upload). So now I was thinking about setting up my own router for VDSL because i dont want to use the Speedport router I'm getting with VDSL 25.
I'm really into OpenBSD and I found a nice guide about Using OpenBSD with VDSL. In a german article about setting up the FreeBSD based pfSense for VDSL i read that the computer should have at least 1 GHz with 1024 MB RAM.
My machine will be a 800 MHz Pentium 3 with 512 MB RAM but I consider to buy a 30$ Intel Gigbit NIC with TCO (TCP Checksum Offloading). A co-worker suggested this to me because he ment that would heavily decrease the CPU load and my 800 MHz P3 could be more than enough then.
So do you have some experience about the "hardware requirements" for VDSL and if a NIC with TCO could help there?
Thanks in advance for all your answers!
Best Answer
The recommended specs for pfSense are way, way, way overkill. Your machine should handle that load quite handily. For a point of reference, I used a Soekris Net5501 in production for a little while and it fell over at about 45Mbps. It was spec'd out with a 500MHz Geode, 256MB RAM, and some of the worst NICs ever created (Via Rhinestone - vr driver).
In my experience, the most common big performance obstacle on a router like this is the context switching required by rapid-firing interrupts. Shitty NICs like the Rhinestones fire an interrupt for every single packet they receive. This becomes a major problem because each packet has to be processed, but oops! In the middle of processing it, another one comes in. So you pull that out, get interrupted, etc etc. Context switching is an expensive operation and quickly overwhelms a slow CPU.
Good NICs (Intel and Broadcom are both solid) have interrupt mitigation capabilities, which means they only bug the CPU when they have a certain number of packets accumulated, or when a timer hits 0. Operating in chunks like this is far, far more efficient than constant context switching.
Some operating systems attempt to mimic interrupt mitigation with polling - the kernel ignores the NIC's interrupts and just checks its buffers every so often. This can lead to much higher throughput and lower CPU utilization, but at the expense of latency, possibly losing packets if the NIC's buffers fill up, etc. OpenBSD has not implemented polling. In my experience interrupt mitigation is superior to polling, and the price of decent NICs is low enough that there's not much excuse.
Memory really should not be an issue. OpenBSD and PF are very efficient. On a pretty slow day (today), one of my production routers has about 17.5k states in memory. It's also running spamd, logging all blocked packets, and doing a tcpdump on its most active interface. Using 191MB of RAM.
So all that to say your specs are more than enough, TCO or no.