Hello all,
since 2002 I had a FreeBSD 3.x installation, in the role of firewall and proxy, with URL filtering. Not fancy hardware, just a Pentium 4 system with a 2Gb and a hdd to serve the needs of 130 (at the time again) users.
The WAN link was a 1Mbps ADSL line. In 2008 the system got a WAN upgrade to a 4Mbps SDSL line. That's where I observed the first "issues": the only way I could make the squid/squidguard combo utilize fully the bandwidth was with single large file downloads. Throwing a couple of LAN google map / earth users in would make the system crawl to its knees, while not even 1Mbps was used from the line.
Our bandwidth is now 100Mbps at the WAN side, whereas our users are around 150, but even though the speed has been increased by more than an order of mangitude, throughput from WAN is still poor (unless single large tranfers take place). FreeBSD was source-updated up to 8.1. The binary upgrade-only option made me stop system updates. Obviously, the system is rather old (even though FreeBSD's stability during this 10+ years was exemplary), so it is time for an upgrade.
A Core i5 4th-gen is available for use, along with 3x Intel high quality PCIex NICs and a WD 500Gb black series disk. 8Gb of memory will be available. These were given to me. Yes, I know things could be much better if these low-power cheap Intel-based server cpus were available to me, yet even getting my grabs on this hardware required some epic battles...
Role of the system will be exactly the same. My problem will be mainly to replicate the EOL FreeBSD 8.1 settings of my old box, to the new 10.3 (most likely) box I'm building. Role will be firewalling and squid/squidguard filtering (Shalla-blocklists with some custom ones). My questions are the following:
1) Should I go for 32- or 64-bit considering main use is to URL filter web access, while maintaining a good throughput on the WAN line?
2) Any hints on what I should go for in order to maximize this througput?
Being a newbie, I am not used to FreeBSD utilities/methods to debug such a situation, if it arises on the new platform (which, I am afraid, will). Any help / solid advice will be appreaciated.
since 2002 I had a FreeBSD 3.x installation, in the role of firewall and proxy, with URL filtering. Not fancy hardware, just a Pentium 4 system with a 2Gb and a hdd to serve the needs of 130 (at the time again) users.
The WAN link was a 1Mbps ADSL line. In 2008 the system got a WAN upgrade to a 4Mbps SDSL line. That's where I observed the first "issues": the only way I could make the squid/squidguard combo utilize fully the bandwidth was with single large file downloads. Throwing a couple of LAN google map / earth users in would make the system crawl to its knees, while not even 1Mbps was used from the line.
Our bandwidth is now 100Mbps at the WAN side, whereas our users are around 150, but even though the speed has been increased by more than an order of mangitude, throughput from WAN is still poor (unless single large tranfers take place). FreeBSD was source-updated up to 8.1. The binary upgrade-only option made me stop system updates. Obviously, the system is rather old (even though FreeBSD's stability during this 10+ years was exemplary), so it is time for an upgrade.
A Core i5 4th-gen is available for use, along with 3x Intel high quality PCIex NICs and a WD 500Gb black series disk. 8Gb of memory will be available. These were given to me. Yes, I know things could be much better if these low-power cheap Intel-based server cpus were available to me, yet even getting my grabs on this hardware required some epic battles...
Role of the system will be exactly the same. My problem will be mainly to replicate the EOL FreeBSD 8.1 settings of my old box, to the new 10.3 (most likely) box I'm building. Role will be firewalling and squid/squidguard filtering (Shalla-blocklists with some custom ones). My questions are the following:
1) Should I go for 32- or 64-bit considering main use is to URL filter web access, while maintaining a good throughput on the WAN line?
2) Any hints on what I should go for in order to maximize this througput?
Being a newbie, I am not used to FreeBSD utilities/methods to debug such a situation, if it arises on the new platform (which, I am afraid, will). Any help / solid advice will be appreaciated.