Hardware purchase advice please

jimmybob

Hi,

I'm going to get hardware similar or the same as follows…

Jetway NF99FL-525 Dual Core Atom Mini-ITX Motherboard
http://www.jetway.com.tw/jw/ipcboard_view.asp?productid=832&proname=NF99FL-525
2x Intel 82574L 10/100/1000 Base-T Gigabit LAN

Jetway 3x Intel Gigabit LAN Motherboard Module
Chipset: 3 x Intel 82541PI Gigabit Ethernet.

Q1: What I wanted to ask was. Should this board and addon card be fully supported by pfsense?
Q2: How do I use the Compact Flash (CF) option with this board? Is there an add on I need to get for it?
Q3: Am I correct in thinking that the 1G, 2G, 4G pfsense downloads are in relation to the size of the Compact flash?

Thanks

stephenw10

1. It should. There are quite a few people using that board with the daughter board. Search the forum for peoples experiences.

2. There is no CF socket on that board so you would need an adapter of some type, probably a SATA to CF. I don't think there's IDE on board either which would be easier. Consider booting from USB instead.

3. Yes, those images uncompress to fit various card sizes.

You might also consider this board: http://forum.pfsense.org/index.php/topic,57031.0.html (Jetway NF9HQL-525). It has 4 on-board gigabit NICs so if you only need 4 that's a bit advantage. It has a CF card slot. It has DC power input which is significantly more efficient. On the down side those NICs are Realtek and they need newer drivers than are included in 2.0.X.

What are your priorities here? Power consumption? Noise?
I assume you have decided that ~60Mbps OpenVPN throughput will be sufficient?

Steve

Edit: typo

jimmybob

@stephenw10:

1. It should. There are quire a few people using that board with the daughter board. Search the forum for peoples experiences.

2. There is no CF socket on that board so you would need an adapter of some type, probably a SATA to CF. I don't think there's IDE on board either which would be easier. Consider booting from USB instead.

3. Yes, those images uncompress to fit various card sizes.

You might also consider this board: http://forum.pfsense.org/index.php/topic,57031.0.html (Jetway NF9HQL-525). It has 4 on-board gigabit NICs so if you only need 4 that's a bit advantage. It has a CF card slot. It has DC power input which is significantly more efficient. On the down side those NICs are Realtek and they need newer drivers than are included in 2.0.X.

What are your priorities here? Power consumption? Noise?
I assume you have decided that ~60Mbps OpenVPN throughput will be sufficient?

Steve

Hi Steve,

Whe you mention about the 60mbps throughput been sufficient.
Is this the max that the atoms will be able to cope with?
Or is there some other limiting factor?

Priorities are low noise mainly if possible.

robi

Jetway NF99FL-525 is perfectly reliable with SATA-to-CF adapter, and the 3xGigabit Intel Daughter board. pfSense runs from a 4GB CF card on it.
Has more than 500Mbit/sec throughput between the interfaces with standard routing.
We use OpenVPN only through WAN, which has a bottleneck of 30Mbit/sec, but I must say it is able to fill that up too (so I guess that it can easily to 60Mbit tunneled indeed).

jimmybob

Hi,
Thanks for your reply.

I have a few more Q's. I do think I will go larger on power so I can add on other things later.

Anyhow… the questions I have are...

Q1: Embedded install... am I correct in thinking that this is the CF version?
I've read that putting it into read only mode is best, as it will not wear out the flash card as quickly?
Can anyone please explain the brief on how this is done?
Is it applicable to only CF. Or is another optional method to do it by USB stick?

Q2: IS there any point dedicating a small SSD drive to it or small HDD?

Q3: http://www.ebuyer.com/238491-startech-3-5in-sata-to-compactflash-ssd-adapter-card-35baycf2sat
Will the above sata 2 CF adapter do the job?

Q4: http://www.ebuyer.com/229060-startech-com-4-port-pci-express-gigabit-ethernet-nic-network-adapter-card-st1000spex4
Would this NIC card work correctly?
On the compat list it states "RTL811xS"
This is shown on the star tech site...
http://eu.startech.com/Networking-IO/Adapter-Cards/4-Port-PCI-Express-Gigabit-Ethernet-NIC-Network-Adapter-Card~ST1000SPEX4
as "RTL8111C".

thanks

robi

Q1: read the docs. NanoBSD install means the system boots from disk, loads into RAM and runs from there. Nothing is written back to the disk, as the disk is mounted read-only anyway.
Usually this is done with CF cards, but USB-stick installs are also possible with the same approach. I've seen many articles in the wiki and these forums about how to do NanoBSD USB installs.

Q2. With SSD you could go full install. Don't know if BSD kernel supports trim commands. You need to read on further about this.
With a HDD there's no point to do NanoBSD, a full install is most suitable task for a HDD. But while a read-only CF card will never die (99%) a hard disk may die eventually, as it's a mechanical thing…

Q3. Most probably yes, 99%. I'm using one which looks similar.

Q4. Check the hardware compatibility list. But RealTek chipsets may cause problems. Why do you need this? You mentioned Jetway's 3x Intel Gigabit LAN Motherboard Module in your OP, that's 100% compatible with pfSense, tested!

jimmybob

@robi:

Q1: read the docs. NanoBSD install means the system boots from disk, loads into RAM and runs from there. Nothing is written back to the disk, as the disk is mounted read-only anyway.
Usually this is done with CF cards, but USB-stick installs are also possible with the same approach. I've seen many articles in the wiki and these forums about how to do NanoBSD USB installs.

Q2. With SSD you could go full install. Don't know if BSD kernel supports trim commands. You need to read on further about this.
With a HDD there's no point to do NanoBSD, a full install is most suitable task for a HDD. But while a read-only CF card will never die (99%) a hard disk may die eventually, as it's a mechanical thing…

Q3. Most probably yes, 99%. I'm using one which looks similar.

Q4. Check the hardware compatibility list. But RealTek chipsets may cause problems. Why do you need this? You mentioned Jetway's 3x Intel Gigabit LAN Motherboard Module in your OP, that's 100% compatible with pfSense, tested!

Hi

In relation to Q4, I have seen various views on if an Atom 1.8 dual core can cope with the throughput via OpenVPN.
I've been looking around at other alternatives. I did check the compatability list, which is where I mentioned about the compat list on my previous post.
I was not sure if the entry in the compatability list included that NIC card, because the letter on the end is an "C" and the one in the compatability list shows
a "S".

Also…. robi said....
We use OpenVPN only through WAN, which has a bottleneck of 30Mbit/sec, but I must say it is able to fill that up too (so I guess that it can easily to 60Mbit tunneled indeed).

Are we speaking about hardware bottleneck or pfsense bottleneck?

robi

@jimmybob:

Are we speaking about hardware bottleneck or pfsense bottleneck?

Nope! In our case, we have 30mbit/sec bottleneck from the internet provider side. Thats the max internet speed the provider offers by contract. OpenVPN on the Jetway pfSense box can do much more than that, but I was not able to test.

stephenw10

That card should be supported by pfSense 2.0.X (built on FreeBSD 8.1), see:
http://www.freebsd.org/cgi/man.cgi?query=re&apropos=0&sektion=0&manpath=FreeBSD+8.1-RELEASE&arch=default&format=html

However most multiport cards like that use an on board bridge chip that can cause problems. It may not be supported by FreeBSD at all or, more common, it may not be properly initialised by your motherboards bios. With PCI-e you would think a bridge chip is unecessary but that card has something on it under the heatsink.

Perhaps more importantly that seems like an expensive way get ports. How many ports do you need? What bandwidth between those ports?
It is usually much cheaper to use VLANs and a VLAN capable switch. A Netgear GS108T for example will give you up to 7 additional interfaces but you have to share a single 1Gbps connection between all of them.

Steve

jimmybob

@stephenw10:

That card should be supported by pfSense 2.0.X (built on FreeBSD 8.1), see:
http://www.freebsd.org/cgi/man.cgi?query=re&apropos=0&sektion=0&manpath=FreeBSD+8.1-RELEASE&arch=default&format=html

However most multiport cards like that use an on board bridge chip that can cause problems. It may not be supported by FreeBSD at all or, more common, it may not be properly initialised by your motherboards bios. With PCI-e you would think a bridge chip is unecessary but that card has something on it under the heatsink.

Perhaps more importantly that seems like an expensive way get ports. How many ports do you need? What bandwidth between those ports?
It is usually much cheaper to use VLANs and a VLAN capable switch. A Netgear GS108T for example will give you up to 7 additional interfaces but you have to share a single 1Gbps connection between all of them.

Steve

Hi,

There was some uncertainty around Atoms like I said. I was going to go down the route of a normal (non embedded CPU) and buy a cheap'ish intel chip.

I'd like to atleast have 4 lan ports as I have a NAS drive and wanted to keep the NAS bandwidth and the internet bandwidth seperate.
So I'd plug the NAS directly into a port on the pfsense box.

I have a switch. But I was going to get rid of that to eliminate clutter. I also plan to plug my Asus N16 router (DD-WRT) into the pfsense box for Wifi
and any other small LAN connectivity needs.

For internet bandwith we're talking 12-15MBs max (my net is 100mb soon to be 120mb).

Another question I have. If I was to also run Usenet through OpenVPN on pfsense, that used threads to connect (bots) and like anything from 20 - 30 (and sometimes more)
or them to gain better connection speeds. Would this effect the throughput capability of an Atom on OpenVPN?

thanks

stephenw10

@jimmybob:

I have a NAS drive and wanted to keep the NAS bandwidth and the internet bandwidth separate.
So I'd plug the NAS directly into a port on the pfsense box.

I'm not entirely sure what you mean by that. Usually your NAS traffic would all be internal and your internet traffic is… not. Does your NAS box host externally accessible services? I agree that connecting you NAS to a separate interface presents some advantages though. You can much better filter traffic to and from it. The same could be said for a wifi access point. That's still only 4 interfaces total though unless you have more than one 'LAN' style subnet. You can never have too many interfaces though.  ;)

Is your existing switch VLAN capable?

Your DD-WRT equiped access point is VLAN capable so you could use a separate VLAN interface for wifi which reduces your total by one. You could probably use it's internal switch to set separate VLANs on each of it's ports but that will get complex quickly. A challenge perhaps!

The question is what bandwidth do you need internally between your NAS and a client on your LAN? If the NAS is on a separate interface then that traffic will be going through pfSense. The Atom can manage ~500Mbps between two interfaces but that is without doing any VPN encrypting at the same time.

I don't think having multiple connections inside the VPN would make much difference. It's the cryptographic function that challenges the Atom.

Steve

jimmybob

Hi,

Jetway JNF99-525 Long Life Fanless Dual Core Atom Mini-ITX Board with Dual LAN, 6x SATA and Daughterboard Expansion
Extremely versatile Jetway JNF99-525-LF Dual Core 1.8GHz 64-bit Intel Atom D525 powered Mini-ITX motherboard with Fanless operation, Jetway Daughterboard Expansion, Intel ICH9R Chipset, Integrated Graphics and VIA VT1705 6-Channel Audio Codec. Supports up to 4GB of DDR3 1066/1333MHz SODIMM memory. Ports available include: 2x Intel 82574L 10/100/1000 Base-T Gigabit LAN, 6x SATA 3Gb/s (supporting RAID 0, 1, 5, 10 & JBOD), USB 3.0, PCI and Mini-PCI Express.

4GB DDR3 1333 SODIMM

3x Gigabit LAN Daughterboard Module (Intel 82541PI chipset)

M350 Universal Mini-ITX EnclosureThe M350 Universal Mini-ITX Enclosure measures just 62 x 192 x 210mm (2.5 litres) and is capable of housing both embedded and socket Mini-ITX boards. Fanless operation possible using natural air convection through hundreds of tiny holes for CPUs with TDP < 10W; CPU Fan only operation possible for CPUs with TDP <= 65W.

StarTech 3.5in SATA to CompactFlash SSD Adapter Card.

• For 3.5" SATA Hard Drives
• Able to connect a CompactFlash card through a Serial ATA data port
• Includes a 3.5" bracket
• 1 Year Manufacturer Warranty

Kingston 4GB 40x Compact Flash Card

• 4GB Capacity
• 40x Performance
• Limited Lifetime Manufacturer Warranty

picoPSU-120 12V Plug-in DC-DC ATX PSU
The picoPSU-120 plugs directly into a motherboard ATX connector and measures just 31x45x20mm - about the size of two AA batteries. The picoPSU-120 generates up to 120 Watts of power from a 12V DC supply, at over 96% efficiency. An attached cable harness provides:

20pin ATX Connector
   SATA Power Connector
   Molex (ATA) HDD Power
   Molex Floppy Power

Compatibility: The picoPSU-120 can power all our Mini-ITX boards with Geode, C3, C7, Atom and Fusion processors. Additionally most lower power consumption Mini-ITX boards with Intel and AMD processors up to around 65W TDP can be powered. More powerful picoPSUs offer more headroom for additional devices. If you are considering using with a board not on our site, please email us to check compatibility.

Q1: Will a 120 be over kill?
Q2: Did I make any wrong choices that could cause compatability issues or heat issues?

Thanks

@stephenw10:

@jimmybob:

I have a NAS drive and wanted to keep the NAS bandwidth and the internet bandwidth separate.
So I'd plug the NAS directly into a port on the pfsense box.

I'm not entirely sure what you mean by that. Usually your NAS traffic would all be internal and your internet traffic is… not. Does your NAS box host externally accessible services? I agree that connecting you NAS to a separate interface presents some advantages though. You can much better filter traffic to and from it. The same could be said for a wifi access point. That's still only 4 interfaces total though unless you have more than one 'LAN' style subnet. You can never have too many interfaces though.  ;)

Is your existing switch VLAN capable?

Your DD-WRT equiped access point is VLAN capable so you could use a separate VLAN interface for wifi which reduces your total by one. You could probably use it's internal switch to set separate VLANs on each of it's ports but that will get complex quickly. A challenge perhaps!

The question is what bandwidth do you need internally between your NAS and a client on your LAN? If the NAS is on a separate interface then that traffic will be going through pfSense. The Atom can manage ~500Mbps between two interfaces but that is without doing any VPN encrypting at the same time.

I don't think having multiple connections inside the VPN would make much difference. It's the cryptographic function that challenges the Atom.

Steve

stephenw10

I would think the 120W pico-psu will be over kill, I would not expect that box to use more than 30W at any time, mostly a lot less.

Steve

jimmybob

@stephenw10:

I would think the 120W pico-psu will be over kill, I would not expect that box to use more than 30W at any time, mostly a lot less.

Steve

Thanks Steve,

I might add in at some point a WiFi card.
Q1: I take it that once the initial set up is done I can make changes such as adding a Wifi card to the box?
Q2: Is there any advantages to doing this at the point of set up?

The plan is to get rid of as much clutter as possible in the way of extra routers and if possible switches.

Also a little head room for a few fans that might be needed if I do run into heat problems for any reason.
And maybe a SSD or HDD add. So I'm thinking about not buying twice later on. So if I have a little extra power
will probably be for the best.
But the power consumption you mentioned… that's very low :)

Is there anything else I've over looked?

stephenw10

You can add a wifi card at any time. I would recommend starting with the simplest system you can. Adding and testing more interfaces or packages in stages will result in fewer problems.

The biggest advantage of an Atom is that its peak power consumption is low. You can get a system that consumes a very small amount of power most of the time, my own Pentium-M setup is <25W, but because at peak load it consumes more you need much better cooling provision. The Atom can be passively cooled relatively easily for this reason.

If you think that 30W is low, check this out: http://ssj3gohan.tweakblogs.net/blog/8217/fluffy2-59-watt-high-end-desktop-computer.html  :)

Steve

robi

@stephenw10:

I would think the 120W pico-psu will be over kill, I would not expect that box to use more than 30W at any time, mostly a lot less.

Steve

Steve, I think 120W is not an overkill. That daughterboard with 3 Intel NICs is getting pretty warm.
We had originally set the box up with a 65W pico-psu - it died within 6 months of 24/7 usage. Switched to 120W, feels much better now. (can't state that the first psu died because of overload, it's just a guess, that peaks can occur).

Just look at some specs.
The Intel D 2700 MUD board eats about 35W when the more power-efficient cedar Atom runs at 100%.
Jetway JNF99-525 uses an older an less power efficient CPU, and has lots (literally several times) more features than the former. It's normal, that it eats more power…

stephenw10

Fair enough. Since you've actually used that board I'll definitely go by your judgement.  :)

I don't think they make the 65W model any more, the 80W should be sufficient don't you think?

Steve

robi

Yes, I guess.

jimmybob

@stephenw10:

You can add a wifi card at any time. I would recommend starting with the simplest system you can. Adding and testing more interfaces or packages in stages will result in fewer problems.

The biggest advantage of an Atom is that its peak power consumption is low. You can get a system that consumes a very small amount of power most of the time, my own Pentium-M setup is <25W, but because at peak load it consumes more you need much better cooling provision. The Atom can be passively cooled relatively easily for this reason.

If you think that 30W is low, check this out: http://ssj3gohan.tweakblogs.net/blog/8217/fluffy2-59-watt-high-end-desktop-computer.html  :)

Steve

Hi Steve,

Thanks for your advice.

I will not be adding the Wifi card right away but I'm curious to which would be the best for general connectivity and range coverage?
I do want the fastest speed possible for wifi.
So I'm looking for the "best" option on what is avail from the shop I will be using below…
Also taking into consideration pfsense support.

Here are what I was looking at. At this store....

http://www.mini-itx.com/store/?c=17

I was considering this since it seems to be the better one....
Intel Ultimate-N 633AN Half-Mini PCIe Wireless Card - up to 450 Mbps
I know you'd need all 3 antennas to achieve this.
Which is where perhaps I'd need to drill a few more holes in the case ;)

would it be of benefit and most of all is it fully supported by pfsense?

stephenw10

Wifi hardware support in pfSense is… limited.  ;) Especially under 2.0.X. It's built on FreeBSD 8.1 which was released in July 2010. Anything newer than that is unlikely to be supported. There is no support for 802.11N outside of the specific drivers so although some hardware will work it will only be at 'G' speeds.
There is better support in 2.1 since it's built on FreeBSD 8.3 and some drivers from 9 have been back ported. The best supported cards are those based on Atheros chips-sets.

The best source of information is JimP's spreadsheet:
https://spreadsheets.google.com/ccc?key=0AojFUXcbH0ROdHgwYkFHbkRUdV9hVWljVWl5SXkxbFE&hl=en

Steve