3100 will reach "End of Life" in 5 days
-
Not surprised by this. The SG-3100 is an outlier now because it has a 32-bit ARM processor. The other active ARM platforms marketed by Netgate all have 64-bit CPUs.
A 32-bit ARM CPU is a very difficult platform to support these days as there are some popular FreeBSD ports that won't work anymore on 32-bit platforms (they won't compile using 32-bit tools).
-
@uzumaki said in 3100 will reach "End of Life" in 5 days:
Thanks! I'll take a look at the 2100.
I found this interesting as the eol 3100 is faster than the current 2100. There is no 3100 sweet spot anymore for a 1gbps connection.
3100: IMIX 1.98gbs
2100: IMIX 594mbpsInteresting. The 2100 does indeed appear to be a step down from the 3100 spec-wise. I'd be tempted to go with the 4100, but it's really expensive, and probably major overkill for my home setup.
-
What I'm unclear on is if this really means that security updates are really ceasing. Previous notifications from netgate I interpreted to say that updates weren't guaranteed but are likely. If we're really no longer receiving support then it's an immediate need to replace for me.
-
The 23.09 release will include support for the 3100 yet since it's based on FreeBSD 14 which still has 32-bit ARM support, but it may be the last release. Hard to predict if we may need a 23.09.x point release for example which could still target the 3100.
We do usually put out patches for PHP/shell script type issues via the system patches package for some previous releases but we don't have a set schedule for those types of fixes.
FreeBSD is dropping 32-bit ARM support upstream in FreeBSD 15 so not a lot we can do there, the 3100 is Netgate's last 32-bit ARM system.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
As @bmeeks implies, while FreeBSD is supporting 32-bit for the core of FreeBSD, getting some packages to build for 32-bit in increasingly difficult.
In particular, Suricata wants to leverage Rust and getting Rust supportable on 32-bit platforms is challenging.
In any case, the messaging was inadequately reviewed, and I can only offer my apology for same.
@uzumaki my son was running a 3100 on a Centurylink PPPoE encapsulated 1g/1g connection, and I could only get throughput to about 860mbps. I moved him to a 4100 (mostly because neither the 3100 or 2100 have available wall mount hardware) and now it's as fast as I can imagine wanting it to be.
Copy-pasta from an internal (so not marketing cleaned-up) benchmarking matrix. All figures are iperf3, single-stream, and in gbps.
Cut off at 4100 because I don't want to expose new products here.
FWD ACL NATSG-1100 0.86 0.82 0.78
SG-2100 0.95 0.90 0.80
SG-3100 0.92 0.88 0.84
NG-4100 2.37 2.37 1.73As you can see, except for NAT, the 2100 is slightly faster than the 3100.
I don't have time to go find the source of your numbers, but someone internally said that you're pulling the 3100 figure from one comparison chart, and the 2100 from a different version of the same documentation.
-
@jwt I’m sorry but there is something wrong with those numbers. To be able to push almost 900mbits on a 2100 will require a VERY VERY specific set of circustances - not anything I have ever seen. Real life single stream session tops out at about 640mbit on every 2100 I have tried. The 3100 is quite a lot faster in real life (close to 1 Gbit) in my experience.
-
@jwt Sorry if I am mistaken, the only place I could find 3100 numbers were on the netgate Amazon product page. The 2100 numbers are from netgate.com.
-
@keyser the circumstances are literally iperf3 through the box.
-
@uzumaki likely one of the two is "old" then. I'll have someone in marketing find it and clean it up. thanks.!
-
@jwt Those were IMIX numbers in case you’re mistaking them for iperf3.
-
@uzumaki for reference for that comparison/difference, per https://shop.netgate.com/products/2100-base-pfsense :
Firewall (10k ACLs)
IPERF3 Traffic: 964 Mbps
IMIX Traffic: 249 MbpsAlso just for reference the 3100 was around $50 more expensive than the 2100, MSRP, IIRC, with half the RAM.
I mean I get it, because we have one and have eight-ish clients with one. But, the world moved on from 32 bit a while ago. We just moved a client last week who went from cable to gigabit fiber and I suggested they get a 4100 for the new office...they did not and kept the 3100. Just have to eval each situation I'd say...the ones that use VPN and/or 500+ Mbps and/or Suricata may be a better fit for the 4100. At least the 3100s will not just stop working.
In general I'd say Netgate has done a pretty good job keeping up older hardware...the SG-1000 for instance was "EOL" in 2019 but had updates through v22.05.
-
How easy is it to transition from a 3100 to a 4100? I'm assuming you can just save your configuration and then use the .xml file to load the old settings onto the new device?
And one more question about the 4100. It looks like it has four 2.5 Gbps LAN ports, but the WAN port is only 1 Gbps. So even if I had a 2 Gbps feed coming from my ISP, the devices on my network would still only see about half that speed. Is this correct?
-
@gweempose said in 3100 will reach "End of Life" in 5 days:
How easy is it to transition from a 3100 to a 4100? I'm assuming you can just save your configuration and then use the .xml file to load the old settings onto the new device?
Since the 3100 has switched ports it can be a little trickier but TAC can convert the config for you, then all you'd have to do is import the adjusted config.
And one more question about the 4100. It looks like it has four 2.5 Gbps LAN ports, but the WAN port is only 1 Gbps. So even if I had a 2 Gbps feed coming from my ISP, the devices on my network would still only see about half that speed. Is this correct?
The labels on the ports are just labels reflecting the default assignments, you can reassign them any way you like. You can use any of the 2.5G "LAN" ports as WANs, you just need to change the interface assignments/config to match what you want.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@gweempose you can use any interface for wan. Just because port is "label" wan on the case doesn't mean you can't setup any other port as wan if you want.
I do believe there is some more too moving to 4100 from 3100.. The 3100 had switch ports, the 4100 has 6 discrete interfaces. So it would be a bit more than just import config - since the interfaces wouldn't be able to match up.
I do believe TAC would help you..
edit: hahah Jim beat me too it ;)
-
@johnpoz said in 3100 will reach "End of Life" in 5 days:
Until it actually dies, or they no longer provide updates too it, I have no plans on replacing it ;)
I've got a SG-2440 that is in the same boat. I do have it sitting as a spare right now, but it still runs strong.
-
-
@gweempose said in 3100 will reach "End of Life" in 5 days:
Forgive my ignorance, but what is TAC?
Netgate’s support. Go.netgate.com. To be clear if you’re moving to a Netgate appliance it’s a free support ticket for them to convert the config. Just have to say what interface goes where, VLANs, etc.
-
@jimp said in 3100 will reach "End of Life" in 5 days:
The labels on the ports are just labels reflecting the default assignments, you can reassign them any way you like. You can use any of the 2.5G "LAN" ports as WANs, you just need to change the interface assignments/config to match what you want.
Ah. That makes sense. I'm currently only using two ports on my 3100. My cable modem goes into the WAN port, and then one of the LAN ports goes to a 2.5 Gbps network switch. So I guess on the 4100 I would make one of the four 2.5 Gbps ports the WAN port, and make one of the other 2.5 Gbps ports the LAN port. I would then have a full 2.5 Gbps capable network. Is this correct?
-
@jimp said in 3100 will reach "End of Life" in 5 days:
The 23.09 release will include support for the 3100 yet since it's based on FreeBSD 14 which still has 32-bit ARM support, but it may be the last release. Hard to predict if we may need a 23.09.x point release for example which could still target the 3100.
We do usually put out patches for PHP/shell script type issues via the system patches package for some previous releases but we don't have a set schedule for those types of fixes.
FreeBSD is dropping 32-bit ARM support upstream in FreeBSD 15 so not a lot we can do there, the 3100 is Netgate's last 32-bit ARM system.
Thank you for the clarification. In recognition of this update, when is a realistic last responsible moment to target to retiring the 3100 with the understanding the security updates are critical for any device that remains in production? For personal deployments, the replacement is not inexpensive.
-
@gweempose said in 3100 will reach "End of Life" in 5 days:
I would then have a full 2.5 Gbps capable network. Is this correct
As far as the connections yes. The store shows for the 4100:
Firewall(10k ACLs)
IPERF3 Traffic: 4.09 Gbps
IMIX Traffic: 1.40 GbpsUsually I find speed tests are about halfway in between those numbers (speaking in general) so you should be OK but remember Suricata or other packages that interfere with or inspect packages will take CPU time and hence could slow things a bit once you get to the limit of your 2.5 Mbps Internet connection.
@netplumbers said in 3100 will reach "End of Life" in 5 days:
when is a realistic last responsible moment to target to retiring the 3100 with the understanding the security updates are critical
I'm not with Netgate but not every pfSense release has security fixes, so I don't know there is a direct answer to your question. Sometimes, they have backported PHP-code security patches via the System Patches packages, for instance I think they did that for 2.6 after 23.01 released but before 2.7 was out. You may just have to review release notes for future versions.
