As previously mentioned, I work in a “Cloud company” which typically means we claim we’re a “serverless” office. However sometimes I need a server-like machine to make a point. For this particular project we needed a machine that was, for all intents and purposes, a server… except I wanted to build it myself. It wasn’t so much to save money, but so I could customize the machine to get exactly what I wanted out of it (and because it was a fun diversion). The result of that was known as “Project Falcon”.
The final purpose of this not-server is actually to function as a router. After you read the specs for the machine, you will probably say “this is massive overkill”. You will also be 100% correct. Though it is more than just a simple packet pusher, rather a “Unified Security” appliance (think things like passive proxy, IDS/IPS, etc) that will be able to push at least 500 megabits per second (or at least that is the goal).
- iStarUSA D-400L-7 — 4U Rackmount case
- iStarUSA IS-550R8P — 550w Redundant Power Supply
- Qty 2 — Intel Xeon E5 2620 — 6 Core, 2.0 Ghz
- Qty 2 — Samsung 840 Pro — 256 GB SSD
- ASUS GT630-SL-2GD3-L — Graphics card
- Qty 2 — Corsair Vengeance Pro 16GB — RAM
- Intel X540T2 — Dual 10 Gigabit Ethernet Adapter
- ASUS Z9PE-D8 WS — LGA2011 Motherboard
- SABRENT 3.5-Inch to SSD / 2.5-Inch HDD Bay Drives Converter
- Qty 2 — Intel Thermal Solution Air
- StarTech EPS Power Adapter
Post hardware build, I installed PFSense 2.1 on the machine. It then served as the core router/firewall for our main office for about 6 months. The only issues we had were related to an Intel driver issue that was fixed in PFSense 2.2 and PEBKACs during administration. During testing I had an IPSec tunnel setup offsite that could saturate the entire internet connection at ~250mbps, during which the CPU hit ~8% utilization. It was, for all intents and purposes, a $4,500 (approximately, at time of build) router than could blow anything out of the water around it. Today it’s about $3,500 to build an identical unit.
This project was inspired and executed because our previous router vendor charged us ~$25,000 for a device that couldn’t handle our existing load without jitter. They claimed it was my network design/circuit/etc. For 20% of their price I made them eat their words (and eventually refund the entire price, far beyond the 30-day RMA window).
This “Falcon” design ended up serving 2 offices with a 3rd “Mini Falcon” (half RAM/CPU/SSD) serving at a test location. The units were all eventually decommissioned in favor of Palo Alto Network security appliances. I would, however, gladly build them again and would recommend PFSense for any location looking for good quality firewalls at Open Source prices.