2018-01-30 10:40:13 +00:00
|
|
|
|
=======================
|
|
|
|
|
Hardware sizing & setup
|
|
|
|
|
=======================
|
|
|
|
|
|
2018-11-05 16:42:32 +00:00
|
|
|
|
The **hardware setup** requires a careful preparation and selection of
|
2018-01-30 10:40:13 +00:00
|
|
|
|
the standard PC hardware components for the intended installation of
|
|
|
|
|
OPNsense.
|
|
|
|
|
|
|
|
|
|
⚠ Computer hardware with the open source security software OPNsense®
|
|
|
|
|
pre-installed can be purchased directly from various (online) stores.
|
|
|
|
|
|
|
|
|
|
.. TIP::
|
|
|
|
|
The OPNsense development team encourage everyone looking for a turn-key solution
|
|
|
|
|
to buy from `Deciso <https://www.deciso.com>`__ or one of the other partners listed at our partner page.
|
2018-11-05 16:42:32 +00:00
|
|
|
|
**Listed partners make significant contributions back to the project.**
|
2018-01-30 10:40:13 +00:00
|
|
|
|
|
|
|
|
|
--------------------------------
|
|
|
|
|
Supported hardware architectures
|
|
|
|
|
--------------------------------
|
|
|
|
|
|
|
|
|
|
OPNsense® is available for
|
|
|
|
|
`x86-32 <https://en.wikipedia.org/wiki/X86-32>`__ (i386) and
|
|
|
|
|
`x86-64 <https://en.wikipedia.org/wiki/X86-64>`__ (amd64) bit
|
|
|
|
|
microprocessor architectures. Full installs on `SD memory
|
|
|
|
|
cards <https://en.wikipedia.org/wiki/Secure_Digital>`__, `solid-state
|
|
|
|
|
disks (SSD) <https://en.wikipedia.org/wiki/Solid-state_drive>`__ or
|
|
|
|
|
`hard disk drives
|
|
|
|
|
(HDD) <https://en.wikipedia.org/wiki/Hard_disk_drive>`__ are intended
|
|
|
|
|
for OPNsense.
|
|
|
|
|
|
|
|
|
|
While the range of supported devices are from embedded systems to rack
|
|
|
|
|
mounted servers, we recommend to use a 64-bit versions of OPNsense, if
|
|
|
|
|
the hardware is capable of running 64-bit `operating
|
|
|
|
|
systems <https://en.wikipedia.org/wiki/operating_system>`__. It is
|
|
|
|
|
possible to install and run 32-bit (x86-32, i386) versions of OPNsense®
|
|
|
|
|
on 64-bit (x86-64, amd64) PC hardware, but we do not recommend it,
|
|
|
|
|
especially not for new deployments.
|
|
|
|
|
|
|
|
|
|
---------------------
|
|
|
|
|
Hardware requirements
|
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
|
|
For substantially narrowed OPNsense® functionality there is the basic
|
|
|
|
|
specification. For full functionality there are minimum, reasonable and
|
|
|
|
|
recommended specifications.
|
|
|
|
|
|
|
|
|
|
.. rubric:: Minimum
|
|
|
|
|
:name: minimum
|
|
|
|
|
|
|
|
|
|
The minimum specification to run all OPNsense standard features that do
|
|
|
|
|
not need disk writes, means you can run all standard features, expect
|
|
|
|
|
for the ones that require disk writes, e.g. a caching proxy (cache) or intrusion detection
|
|
|
|
|
and prevention (alert database).
|
|
|
|
|
|
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
2018-11-07 16:45:54 +00:00
|
|
|
|
| Processor | 500 MHz single core cpu |
|
2018-01-30 10:40:13 +00:00
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
|
|
|
|
| RAM | 512 MB |
|
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
|
|
|
|
| Install method | Serial console or video (vga) |
|
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
2018-11-07 16:45:54 +00:00
|
|
|
|
| Install target | SD or CF card with a minimum of 4 GB, use nano images for installation. |
|
2018-01-30 10:40:13 +00:00
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
|
|
|
|
|
|
|
|
|
Table: *Minimum hardware requirements*
|
|
|
|
|
|
|
|
|
|
.. rubric:: Reasonable
|
|
|
|
|
:name: reasonable
|
|
|
|
|
|
|
|
|
|
The reasonable specification to run all OPNsense standard features,
|
|
|
|
|
means every feature is functional, but perhaps not with a lot of users
|
|
|
|
|
or high loads.
|
|
|
|
|
|
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
|
|
|
|
| Processor | 1 GHz dual core cpu |
|
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
|
|
|
|
| RAM | 1 GB |
|
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
|
|
|
|
| Install method | Serial console or video (vga) |
|
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
2018-11-07 16:45:54 +00:00
|
|
|
|
| Install target | 40 GB SSD, a minimum of 1 GB memory is needed for the installer to run. |
|
2018-01-30 10:40:13 +00:00
|
|
|
|
+------------------+--------------------------------------------------------------------------+
|
|
|
|
|
|
|
|
|
|
Table: *Reasonable hardware requirements*
|
|
|
|
|
|
|
|
|
|
.. rubric:: Recommended
|
|
|
|
|
:name: recommended
|
|
|
|
|
|
|
|
|
|
The recommended specification to run all OPNsense standard features,
|
|
|
|
|
means every feature is functional and fits most use cases.
|
|
|
|
|
|
|
|
|
|
+------------------+---------------------------------+
|
|
|
|
|
| Processor | 1.5 GHz multi core cpu |
|
|
|
|
|
+------------------+---------------------------------+
|
|
|
|
|
| RAM | 4 GB |
|
|
|
|
|
+------------------+---------------------------------+
|
|
|
|
|
| Install method | Serial console or video (vga) |
|
|
|
|
|
+------------------+---------------------------------+
|
|
|
|
|
| Install target | 120 GB SSD |
|
|
|
|
|
+------------------+---------------------------------+
|
|
|
|
|
|
|
|
|
|
Table: *Recommended hardware requirements*
|
|
|
|
|
|
|
|
|
|
.. rubric:: Hardware guide
|
|
|
|
|
:name: hardware-guide
|
|
|
|
|
|
|
|
|
|
The hardware required for your local OPNsense, will be determined by the
|
|
|
|
|
intended minimum `throughput <https://en.wikipedia.org/wiki/>`__ and the
|
|
|
|
|
feature set.
|
|
|
|
|
|
|
|
|
|
---------------------
|
|
|
|
|
Impact of Feature set
|
|
|
|
|
---------------------
|
|
|
|
|
|
2018-11-05 16:42:32 +00:00
|
|
|
|
While most features do not affect hardware dimensioning, a few features
|
2018-01-30 10:40:13 +00:00
|
|
|
|
have massive impact on it. The candidates are:
|
|
|
|
|
|
|
|
|
|
`Squid <https://en.wikipedia.org/wiki/Squid_(software)>`__
|
|
|
|
|
a caching web proxy which can be used for web-content control,
|
|
|
|
|
respectively. These packages rely strongly on CPU load and
|
|
|
|
|
disk-cache writes.
|
|
|
|
|
|
|
|
|
|
`Captive portal <https://en.wikipedia.org/wiki/Captive_portal>`__
|
|
|
|
|
settings with hundreds of simultaneously served captive portal users
|
|
|
|
|
will require more CPU power in all the hardware specifications
|
|
|
|
|
displayed below.
|
|
|
|
|
|
|
|
|
|
`State transition tables <https://en.wikipedia.org/wiki/State_transition_table>`__
|
2018-11-07 16:45:54 +00:00
|
|
|
|
it is a known fact, that each state table entry requires about 1 kB
|
|
|
|
|
(kilobytes) of RAM. The average state table, filled with 1000
|
|
|
|
|
entries will occupy about ~10 MB (megabytes) of
|
2018-01-30 10:40:13 +00:00
|
|
|
|
`RAM <https://en.wikipedia.org/wiki/Random-access_memory>`__.
|
|
|
|
|
OPNsense usage settings with hundred of thousands of connections
|
|
|
|
|
will require memory accordingly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
----------
|
|
|
|
|
Throughput
|
|
|
|
|
----------
|
|
|
|
|
|
|
|
|
|
The main hardware-factors of the OPNsense setup involved are CPU, RAM,
|
|
|
|
|
mass storage (disc), the number and quality of network interfaces.
|
|
|
|
|
|
|
|
|
|
+-------------------+-----------------------+-------------+------------------------+
|
|
|
|
|
| Throughput (Mbps) | Hardware requirements | Feature set | Users / Networks |
|
|
|
|
|
+===================+=======================+=============+========================+
|
|
|
|
|
| 1-10 | Basic spec. | narrowed | few (1-10) |
|
|
|
|
|
+-------------------+-----------------------+-------------+------------------------+
|
|
|
|
|
| 11-150 | Minimum spec. | reduced | adjusted (10-30) |
|
|
|
|
|
+-------------------+-----------------------+-------------+------------------------+
|
|
|
|
|
| 151-350 | Reasonable spec. | all | substantial (30-50) |
|
|
|
|
|
+-------------------+-----------------------+-------------+------------------------+
|
|
|
|
|
| 350-750+ | Recommended spec. | all | substantial+ (50-150+) |
|
|
|
|
|
+-------------------+-----------------------+-------------+------------------------+
|
|
|
|
|
| Mbps (Mbit/s or Mb/s) - Megabit per second - 1,000,000 bits per second |
|
|
|
|
|
+----------------------------------------------------------------------------------+
|
|
|
|
|
|
|
|
|
|
Network interface cards
|
|
|
|
|
As the FreeBSD hardware-lists and -recommendations
|
|
|
|
|
say, Intel® network interface cards (NIC) for
|
|
|
|
|
`LAN <https://en.wikipedia.org/wiki/Local_area_network>`__
|
|
|
|
|
connections are reliable, fast and not error-prone. Intel chipset
|
|
|
|
|
NICs deliver higher throughput at a reduced `CPU
|
|
|
|
|
load <https://en.wikipedia.org/wiki/Load_(computing)>`__.
|
|
|
|
|
|
|
|
|
|
.. rubric:: Supported hardware
|
|
|
|
|
:name: supported-hardware
|
|
|
|
|
|
2019-02-01 13:51:43 +00:00
|
|
|
|
The HardenedBSD 11.2-RELEASE is the base of OPNsense. All HardenedBSD drivers
|
2018-01-30 10:40:13 +00:00
|
|
|
|
are included in the OPNsense kernel, and the hardware compatibility is
|
|
|
|
|
the same.
|
|
|
|
|
|
|
|
|
|
.. Tip::
|
|
|
|
|
If you are looking to buy new hardware then take a look at our `partner page <https://opnsense.org/partners>`__
|
|
|
|
|
as these partners contribute back to OPNsense and sell hardware that is know to work well.
|
|
|
|
|
|
|
|
|
|
For further help and support, see
|
|
|
|
|
|
2019-02-01 13:51:43 +00:00
|
|
|
|
- `FreeBSD 11.2-RELEASE Hardware Compatibility
|
|
|
|
|
List <https://www.freebsd.org/releases/11.2R/hardware.html>`__
|
2018-01-30 10:40:13 +00:00
|
|
|
|
- `OPNsense Forum <https://forum.opnsense.org/>`__
|
|
|
|
|
|
|
|
|
|
.. rubric:: List of references
|
|
|
|
|
:name: list-of-references
|
|
|
|
|
|
|
|
|
|
- Schellevis, Jos; *Hardware requirements*; `OPNsense > Get
|
|
|
|
|
started <https://opnsense.org/users/get-started/>`__ (2015)
|
|
|
|
|
- McKusick, Marshall; Neville-Neil, George V; Warson, Robert NM; *The
|
|
|
|
|
Design and Implementation of the FreeBSD Operating System* (2015);
|
|
|
|
|
Addison-Wesley, New Jersey; ISBN 978-0321968975
|