2.5. Hardware Sizing

Determining the exact hardware sizing for your m0n0wall deployment can be difficult at best, because network environments differ dramatically. The following will provide some base guidelines on choosing what hardware is sufficient for your installation. Stated throughput numbers are very conservative for most environments, leaving some room for error and future expandability.

2.5.1. Embedded Devices

The following can be used as a rough guide to determining which embedded platform, if any, is suitable for your environment.

2.5.1.1. Soekris 45xx

The Soekris 45xx line is sufficient for any Internet connection under 10 Mbps. If IPsec VPN's will be used, a 45xx is sufficient up to around 3 Mbps of sustained IPsec throughput. Other features will not cause enough of a performance hit to make a substantial difference.

One thing to keep in mind is the maximum throughput between interfaces, if you plan on utilizing a DMZ segment or second LAN segment. A 45xx maxes out at around 17 Mbps. If you need more than 17 Mbps of throughput between your internal networks, you will need to go with a faster platform.

2.5.1.2. Soekris 48xx

The Soekris 48xx line is sufficient for most Internet connections less than 30 Mbps. If IPsec VPN's will be used, a 48xx is sufficient up to around

One thing to keep in mind is the maximum throughput between interfaces, if you plan on utilizing a DMZ segment or second LAN segment. A 48xx maxes out at around 40 Mbps. If you need more than 40 Mbps of throughput between your internal networks, you will need to go with a faster platform.

2.5.1.3. WRAP

WRAP boards are sufficient for most Internet connections less than 30 Mbps. If IPsec VPN's will be used, a WRAP is sufficient up to around

One thing to keep in mind is the maximum throughput between interfaces, if you plan on utilizing a DMZ segment or second LAN segment. A 48xx maxes out at around 40 Mbps. If you need more than 40 Mbps of throughput between your internal networks, you will need to go with a faster platform.

2.5.2. Network Cards

Note

This is only applicable to PC-based installations

Your selection of network cards (NIC's) is the single most important performance factor in your setup. Cheap NIC's will keep your CPU very busy with interrupt handling, causing your CPU to be the bottleneck in your configuration. A quality NIC can increase your maximum throughput as much as two to three fold, if not more.

FreeBSD refers to network cards by their driver name followed by the interface number. For example, if you have two Intel Pro/100 cards (fxp driver) and one 3Com 3C905 card (xl driver), you will have interfaces fxp0, fxp1, and xl0 respectively.

Intel Pro/100 and Pro/1000 cards tend to be the best performing and most reliable on m0n0wall. Cheap cards like those containing Realtek chipsets (FreeBSD rl driver) are very poor performers in comparison. If you are purchasing NIC's for your m0n0wall installation, we strongly recommend purchasing Intel cards. You can find them on ebay for less than $30 USD for 3-5 cards in a bulk lot.

For low throughput environments, like any typical broadband connection 6 Mbps or less, any NIC will suffice. If you require fast throughput (more than 30-40 Mbps) between interfaces for multiple LAN networks, or between a DMZ and your LAN, then using quality NIC's becomes much more important.

2.5.3. Processor

Your CPU will generally be the bottleneck in your system. Network throughput with cheap NIC's will max out your CPU long before it will get maxed out with quality NIC's, so the most important factor with CPU sizing is the quality of your NIC's.

If you are using good quality NIC's like Intel cards, as a general measure, a Pentium will suffice up to 30-40 Mbps, a Pentium III will do 100 Mb at wire speed, and for gigabit wire speeds you will need a 2.8+ GHz Pentium 4.

2.5.4. RAM

The stock m0n0wall images will not use more than 64 MB RAM under any circumstance. You can install as much memory as you like, but even with all features enabled and heavy loads, you will not exhaust 64 MB.

2.5.5. Storage Medium

m0n0wall will work fine on any hard drive or compact flash card at least 8 MB in size. At boot, m0n0wall is loaded into RAM and runs from RAM, so the speed and type of storage medium used is not a factor in system performance.

Slower storage mediums like compact flash will take slightly longer to boot than hard drives will, but boot time is the only performance factor in selecting your storage medium. Compact flash is suggested for maximum reliability since it is much less likely to fail than a hard drive.

2.5.6. High Throughput Environments

In environments where extremely high throughput through several interfaces is required, especially with gigabit interfaces, PCI bus speed must be taken into account. When using multiple interfaces in the same system, the bandwidth of the PCI bus can easily become a bottleneck. Most typical motherboards only have one or two PCI buses, and each can run an absolute maximum of 133 MBps, or 1064 Mbps. That's less than one gigabit interface can transfer. PCI-X can transfer up to 1056 MBps, or about 8.25 Gbps.

If you need sustained gigabit throughput at wire speed, you will want a server-class motherboard with PCI-X slots and PCI-X NIC's.