New PF system for home (atom/zacate vs low power sandy bridge)
-
Hi,
I'm looking to build a new PF firewall for home. I may actually run OpenBSD instead of PFSense, but this forum seems to be the only one specialized in PF related hardware expertise. I was curious about your opinions on this build.
CPU: Intel G620T
Motherboard: Intel S1200KP
PSU: PicoPSU 80W
Case: M-350-
Why I didn't chose Atom (Intel Atom D525) or Zacate (AMD E-350)
I'm well aware that a low end Atom or Zacate processor can handle the basic load of firewalling and a couple of VPNs. I'm concerned that I may want to add functionality to this system in the future, and that is where this gets tricky. I can't upgrade those motherboards. However the low price ($90) of the ASRock E-350 was tempting, but it only has one NIC. I need a 2nd NIC, so I'd have to get a bigger case that allows expansion cards. I'd like to avoid that. Supermicro makes a dual NIC Atom D525 board (Supermicro X7SPA-HF-D525) but at $240 USD, I'm not really saving much here. The Atom/E-350 route seems overpowered for firewalling, but underpowered for adding anything else. -
Why I chose a Sandy Bridge CPU
From everything I've read lately, the low power Sandy Bridge CPUs like the Pentium G620T and i3-2100t all seem to have similar power consumption to an Atom or E-350. The added bonus is that I can always upgrade to an i5 (such as i5-2390T) if I feel I need AES-NI to speed up VPNs. In addition, I can even upgrade to a Xeon E3-2130 if I want all of the i5 plus more cache and more threads for an ESXi server that can run my PF firewall along with other things. So I feel like I have lots of room for growth. The new Intel S1200KP board has 2x builtin Intel NICs and will support all of the Sandy Bridge CPUs. I've seen really low power consumption rates on this CPU and the D67/H67/H61 chipsets.
My estimates for the SuperMicro D525 system come out to $335 for the motherboard, 2gb RAM, m-350 case and pico-psu. For $40 more, I can get the S1200KP mini-itx server board and low end Sandy Bridge CPU G620T, 8GB RAM, m-350 case and pico-psu at approx $375.
Any comments about my conclusions here?
PS. By the way, the DH61AG is a nice board, but I'd like to have the 2nd NIC builtin to keep the footprint small. Thus the S1200KP.
-
-
My point exactly. Why waste money on under powered CPU when you can have 10 times more powerful for $50 more plus it's close to low-end CPU's in power consumption. Plus you can convert it to a full blown desktop later if required without changing motherboards.
-
I agree completely. I want to build a pfsense box with either a Celeron G530 or Pentium G620 (just don't get the G440 no EIST for power savings on idle). I don't see the point in the "T" version for the extra cost, since you can always undervolt/underclock yourself and the wattage difference is very small. For me it would be either the G530 or G620, but I don't see the extra $20 being worth it for the G620 either. The performance gain also looks minimal.
I would also axe the MITX build and just go Micro ATX for the extra slots. You can grab an Intel board so you get an intel NIC included and grab another for $30. This will allow for more expandability while keeping the box small.
Intel Pentium G530 - http://www.newegg.com/Product/Product.aspx?Item=N82E16819116409
Intel Micro ATX - http://www.newegg.com/Product/Product.aspx?Item=N82E16813121504
Intel PCIe NIC - http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033
120w 19v Adapter (for more efficiency) - http://www.ebay.com/itm/New-19V-AC-Adapter-Power-Supply-Cord-FSP-FSP120-AAB-/120684505747?pt=Laptop_Adapters_Chargers&hash=item1c195b6a93
Wide Input Pico PSU - http://www.ebay.com/itm/PicoPSU-120-WI-25-/250884190302?pt=PCA_UPS&hash=item3a69dcf05eSee this review for why I chose the 19v power adapter.
http://www.jonnyguru.com/modules.php?name=NDReviews&op=Story&reid=207You also need to decide if that extra cost for efficiency is really worth it when you can use a CX430 for $25 shipped or a Pico for $65-83 depending on the adapter used. The 12v models have even less efficiency advantage over ATX power supplies. Idling at 20-30 watts, is going to make those efficiency numbers almost meaningless.
http://www.newegg.com/Product/Product.aspx?Item=N82E16817139026
The whole thing could be built for under $300 especially if you have a case/memory/HD-SSD for it.
-
This peaked my interest more and I also found these 2 ATX power supplies that will be similar in power effiency to the Pico if not better for nearly the same price.
FSP Group AURUM GOLD 400W
http://www.newegg.com/Product/Product.aspx?Item=N82E16817104096or
SeaSonic X series SS-400FL 400W Modular and Fanless
http://www.newegg.com/Product/Product.aspx?Item=N82E16817151097The second is $12 more after rebate for fully modular design. I think if you can find either of these for a low price it would be the best option so far for all out efficiency. :D
-
There is an 82579 NIC on the S1200KP which might not work in pfSense 2.0 unless the drivers have already been backported from FreeBSD 8.2 to the current release. Aside from that, the Sandy Bridge is a good idea if you're willing to shell out the extra dough for the setup.
-
I would also axe the MITX build and just go Micro ATX for the extra slots. You can grab an Intel board so you get an intel NIC included and grab another for $30. This will allow for more expandability while keeping the box small.
I'm trying to keep this box small and compact, thus the Mini-ITX case. I don't have any use for the extra slots when I have dual Intel NICs. I'm curious what Micro-ATX case you are looking at. All the cases I've looked at seemed like they were designed for NAS boxes and so I stayed away from those and focused my search on Mini-ITX.
-
There is an 82579 NIC on the S1200KP which might not work in pfSense 2.0 unless the drivers have already been backported from FreeBSD 8.2 to the current release. Aside from that, the Sandy Bridge is a good idea if you're willing to shell out the extra dough for the setup.
Thanks for the reminder. I do have a confession. I'm going to run OpenBSD 5.0 on this box, not PFSense. In OpenBSD 5.0 those NICs are supported
Why am I posting in the PFSense forums? Well, PF comes from OpenBSD and this is the only forum focused on PF(sense) with a hardware section. With the exception of specific driver issues, everything else is relevant. I found the hardware forums useful, so I figured I'd post some info once I built my firewall. Most other forums that talk about mini-itx and low power CPUs are focused on HTPC's and talk about SATA ports and expansion. It's hard to find reviews and comments on boards with multiple NICs, firewall throughput, etc.
-
atleast you got bsd part right ;)
-
I'm trying to keep this box small and compact, thus the Mini-ITX case. I don't have any use for the extra slots when I have dual Intel NICs. I'm curious what Micro-ATX case you are looking at. All the cases I've looked at seemed like they were designed for NAS boxes and so I stayed away from those and focused my search on Mini-ITX.
Why not a case like this design if you are against tower cases.
http://www.newegg.com/Product/Product.aspx?Item=N82E16811163112
-
That is still too big.
Thermaltake Element Q
http://www.newegg.com/Product/Product.aspx?Item=N82E16811133093This one is the smallest you can use for a i3/i5 mini-ITX and still keeping a sanity on the temperatures inside.
-
What about these….
http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&N=100008308%2050008550%20600043624&IsNodeId=1&name=NMEDIAPC&ShowDeactivatedMark=False&Order=PRICE&Pagesize=50
http://www.newegg.com/Product/Product.aspx?Item=N82E16811163174
-
You can try the In-win BM639, which can be used in both tower and desktop configuration:
http://www.newegg.com/Product/Product.aspx?Item=N82E16811108225It's pretty decent and comes with a 160W PSU (OEMed from FSP). It will also take a 3.5" hdd and/ or 2.5" hdd in addition to a 5.25" bay device (you can mount an LCD here).
I've an older model (BM638) which is identical save for a 120W PSU and being non-glossy silver finish running my current pfSense box (undervolted D201GLY2A). I do know that the current 160W models will handle most mini-ITX Sandy Bridge rigs since the local distributor is my personal supplier and have seen many SB rigs deployed in the BM series cases.
-
How about this board with the G530: http://www.newegg.com/Product/Product.aspx?Item=N82E16813128522
It has 3 PCIe x1 slots and onboard gigabit lan, also a pretty affordable price tag. (no chipset expert so let me know if theres a reason this would be a bad choice.)
-
After anyone builds this, I'd love to see the power consumption figures with a Kill-a-watt.
So..because this motherboard is so new, are you sure the C206 chipset is supported by pfSense?
-
How about this board with the G530: http://www.newegg.com/Product/Product.aspx?Item=N82E16813128522
It has 3 PCIe x1 slots and onboard gigabit lan, also a pretty affordable price tag. (no chipset expert so let me know if theres a reason this would be a bad choice.)
The Atheros AR8151 NIC isn't supported in the FreeBSD 8.1R drivers so you either need to backport from a FreeBSD 8.2 system or forgo the onboard NIC until the devs port the driver over or until pfSense moves to FreeBSD 8.2.
-
Hm, I have my asterisk box running on via eden 1 ghz with the same kind of enclosure (M-350).
It should be possible to add an additional nic to this box using a pci riser card (provided your pci card is low profile). -
The m-350 is a beautiful and tiny case. None of the other cases linked in this thread so far come close in size, ventilation or sturdiness.
As for an ATX PSU, besides not fitting inside the m-350 (I think the m-350 actually has less volume than a standard PSU), check the efficiency curves on those things. 80+ Gold means a minimum of 87% efficiency between 20 and 100% load. On a 400W PSU, 20% load is 80W. Hint: I have an mITX board with a quad-core 2500, two sticks of RAM, an SSD and an Antec DC-DC PSU. Four concurrent threads of cpuburn bring the system's power consumption to 88W at the wall. Unless the OP's firewall is running at 90-100% load most of the time (and it won't, or he wouldn't be comparing it to an Atom), he's going to get less than 87% efficiency from an 80+ Gold PSU. You can argue that a few extra watts don't matter a lot, but the fact that the PicoPSU is both smaller and more efficient (96%, with a flatter curve) than ATX alternatives, besides being at least as affordable, is indisputable.
I have to agree with the OP here. My pfsense runs on a Supermicro D510 board, but having since played with the LGA1156 and 1155 and seeing their incredibly low power requirement, I wish I had gone that way. I don't even need the increased routing capacity, but the snappier interface by itself warrants the marginal price premium.
-
Not meaning to hijack this thread.
I have been looking at the M350 way before I opted to Thermaltake enclosure (found it for a discounted price at Micro-Center)
Can an i3/i5 CPU fit in the M350 with the stock cooler? I believe the online pic at mini-box.com shows a similar CPU. My concern is which PicoPSU would be suitable if an i3/i5 CPU is at all able to fit in that enclosure.The CPU needs the additional 4-pin power from the PSU. I just have a laptop drive and 2x4GB RAM on the mini-ITX board.
-
I put an i3 550 in the m350 with the stock cooler and it did fit. I could not tell if the fan guard touched the top of the case or not, but I'm sure it was within a millimeter. I ended up needing to put a hard drive in though and went with a low-pro cooler instead.
The m350 has mount for 4 top fans and a front fan. Only the latter will fit in this case if you use the stock cooler; or that was the situation with the Intel DH57JG, and I suspect with any board you might fit in that case.
As for the PSU, mini-box.com states that the PicoPSU "Fits any motherboard equipped with a 20 or 24pin ATX connector". I know I have powered 24-pin Atom boards with it, but I don't know what would happen if you plugged it into something beefier. mini-box does list a 4-pin connector for the PicoPSU 80, which would apparently be necessary. The 540 drew around 60 watts at the wall while routing 950 mbps, but the CPU was somewhere around half load. I know my current quad-core desktop (i5 2500) can pull at least 85 watts.
A safer bet might be the 150xt or 160xt, both of which should fit into the m350. Obviously the AC/DC power supply would also have to be sufficiently specced.
-
Just a thought for some other very small form factor cases.
http://www.travla.com/product.php?c1=0000000004&c2=0000000002
I have a C292, and like the build and quality.