Articles in this section

Hardware Requirements

Matt
  • Updated
Follow
Due to the nature of deep packet analysis and detailed drill-down reporting functionality, Sensei requires more hardware resources than a standard L3-L4 firewall.

Starting from Sensei 1.5 release, you can offload your reporting database to an external system. This allows you to be able to run Sensei on systems with a constrained amount of RAM. 

It is recommended that you check if your Ethernet adapter functions well with netmap

CPU & Memory

Because the analytics module relies on Elasticsearch to process large amounts of data, the amount of the memory available in the system is crucial for the overall performance of Sensei.

If the number of active devices are more than 250 and the sustained WAN bandwidth is higher than 100 Mbps, we do not recommend deploying Sensei as a virtual guest since resources in virtual environments are generally shared between guest systems. 

Below is the recommended minimum hardware requirements for Sensei based on the number of devices and the amount of sustained bandwidth.

We recommend at least dual core (preferable 4 core if you also host database on the firewall) cpu system. Single core cpu score is more important than having lots of cpu cores; for that, a Quad Core i7 PC system is more likely to perform better than a 12-core intel xeon server system. 

 

# Active Devices

Maximum WAN Bandwidth

Minimum Memory 

Minimum CPU

0 - 25

200 Mbps

4 GB

A Dual-Core CPU (x86_64 compatible, single core PassMark score of 200)

Note: Deciso A10s and AMD G-SERIES SOC GX Series, Protectli/Qotom Celeron J Series are compatible

25-100

500 Mbps
 10 Kpps

4 GB

Intel Dual-Core i3 2.0 GHz (2 Cores, 4 Threads) or equivalent

100-250

1 Gbps
20 Kpps

8 GB

Intel Dual-Core i5 2.2 GHz (2 Cores, 4 Threads) or equivalent

250-1000

1-2 Gbps
40 Kpps

16 GB

Intel Dual-Core i5 3.20 GHz (2 Cores, 4 Threads) or equivalent

1000-2000

1-2 Gbps

32 GB

Intel Quad-Core i7 3.40 GHz (4 Cores, 8 Threads) or equivalent

2000+

1-2 Gbps

64GB

Intel Quad-Core i7 3.40 GHz (4 Cores, 8 Threads) or equivalent
 
Sensei requires at least 2 GB of memory. Installer will not continue if you have less than 2 GB of RAM. We recommend 4 GB memory to have an improved experience.
 

Ethernet Adapter

Sensei uses a FreeBSD subsystem called netmap(4) to access raw Ethernet frames. With FreeBSD 11 (OPNsense version <= 20.1) this software can be very particular in terms of proper driver compatibility. 

Intel based adapters, particularly em(4) and igb(4), are observed to perform well in terms of stability and performance. 

Sunny Valley Networks is sponsoring developments on this project so you can expect netmap(4) will better support a wide range of Ethernet drivers. 

 

Reporting & Disk Space 

Sensei uses Elasticsearch or MongoDB as its backend to store large data sets. Please allow at least 5 MB of disk space per hour per megabit/second throughput.
 
If you're running a 100 Mbps link (about 100 devices) which is quite active during the daytime and idle rest of the day, you may calculate the space needed as follows:
  • 5 MB x 12 hours x 100 Mbps = 6 GB per day.
  • 6 GB x 7 days a week = 42 GB per week.
  • 2 x 4 weeks a month = 164 GB per month

TIP: According to the reports we receive from Sensei users; Elasticsearch seems to be a better alternative as the backend database. If you're using Mongodb backend and experiencing problems, it might be wise to switch to the Elasticsearch backend. You'll need at least 8GB of RAM to be able run ES along with Sensei. 

Related articles