Intel NUC (4x4 motherboard)
-
I might also add that the whole setup uses less that 30 Watts as measured by the UPS and is
totallynear silent.Technically, the NUC has a fan, so it's making some noise. Not a lot, but a little bit.
-
I have managed to get pfSense up and running on a new Haswell i5 NUC (D54250WYK).
I installed Ubuntu 13.10 (had to disable UEFI to get Ubuntu install to be recognized on boot).
I used VLAN's in Ubuntu and used a Netgear GS108E to trunk WAN/LAN/GUEST to the NUC.
I installed VirtualBox and bound the virtual NIC's (3 total) to each respective VLAN interface.
I installed pfSense with 2 processors, 4GB of space, and 1GB of RAM.I'm pushing something pretty close to the limit of the WAN for simple routing. Speedtest showed around 360 mbit/sec down and 460 mbit/sec up. Faster than I've ever seen on my connection so I'm pretty happy with that.
I only seem to be pushing about 100 mbit/sec of IPSec VPN traffic … I feel like it should be able to push more, but I'm not sure what bottleneck I'm running into. Could use some advice on that. Was not successful in establishing a local IPSec connection to the WAN side to do further testing.
-
I installed Ubuntu 13.10 (had to disable UEFI to get Ubuntu install to be recognized on boot).
I used VLAN's in Ubuntu and used a Netgear GS108E to trunk WAN/LAN/GUEST to the NUC.
I installed VirtualBox and bound the virtual NIC's (3 total) to each respective VLAN interface.
I installed pfSense with 2 processors, 4GB of space, and 1GB of RAM.curious, why not just install pfSense directly? why did you have to install Ubuntu first? VM purposes?
-
I might also add that the whole setup uses less that 30 Watts as measured by the UPS and is
totallynear silent.This is what is on the UPS:
1xNUC (120GB mSate, 16GB 1333 MHz DDR3)
1xGS116E Switch
1xGS108PEv2 POE Switch (load: 2xPolycom IP 335 VOIP phones, 1xAXIS M3007 Camera, 1xEnGenius EAP350 WiFI AP)
1xLinksys PAP2-T VOIP ATA.what kind of throughput are you getting? thinking of doing that for my home setup but not sure how it will handle torrenting
-
Nice to see others attempting to use these intel nucs as pfsense boxes :)
I always liked the nucs with their low energy, it is good to hear the core i5 nucs with AES pushing up to 100meg on VPNs also.
AES makes a nice difference and less energy being used.
Only factor I hate is having to add a vlan to the mix and even more cables/power requirements.
Surprised no one really tried an mini pcie network card to add dual networks…
Those core i3 or celerons should do well enough for most connections but I feel with guys with 100meg+ on VPNs an AES enabled cpu should do much better energy use wise and help increase speed.
Many of these core i3 haswell and low energy core i5s with 35 watts seem to have poor performance, seems a core i5 full desktop cpu with aes should do the trick, may need to stick with a regular desktop pfsense build.
I rechecked these new baytrail atoms, and could have sworn one or 2 had AES but checked again and cant see any otherwise they may have been ideal, another option I was toying with was mobile core i3/core i5 cpus however as I have noticed the lower energy cpus have often poorer performance in general compared to desktop cpus....
-
I used Ubuntu both because the VM made it easy to port over and backup for later reconfiguration, plus the latest release of pfSense 2.1 apparently does not support the onboard Intel NIC.
I tried an ASIX 88179 USB 3.0 to Ethernet adapter, but it kept resetting every few minutes or dying on the host OS. No good. So VLAN's it is.
I do not think AES is supported well either in pfSense or thru VirtualBox. I get around 160MB/sec of throughput in the VM. I get about 3.5x that with the evp option on the host … dropping back to similar speeds as the VM with the evp option off.
-
I know someone who has tried a celeron (without AES instructions) he showed under pfsense cpu utilization that it hit 90% cpu load but when he changed it for a Xeon v2 1220 cpu, under pfsense cpu utilization it went to 20% cpu usage.
I think its the cpu that does the AES work load, not pfsense. Of course the VPN provider needs to be using AES encryption.
He noted improved speeds also….
I still wish we had a router on the market with dual core 3ghz with AES just to make sure everyone maxxed out there VPN/OpenVPN speeds or connections in general, but guess until openVPN do not release there 3.x software and untill pfsense upgrades to it then it will never use multiple cores.
Regarding the usb adaptors, many on here have suggested they perform badly and are unreliable only intel network chipsets work well and are reliable. I am looking at hp intel 364T quad nic cards or the dual nic versions for reliability.
I think ill stick with a 3ghz(v2 1220 cpu) xeon quad workstation with a decent intel nic card for 100% good speeds/reliability if stability and speed is your thing I guess it can't be beat but its tad excessive I admit !
-
Surprised no one really tried an mini pcie network card to add dual networks…
I thought about doing that, but the only available case I could see that can be modified was kind of pricey
http://www.logicsupply.com/components/cases/fanless/ml320/
But, even more limiting for me was that I wanted to use the mini PCIe slot for mSATA. The other mini PCIe slot is only half-height and I don't see any NIC solutions for half-hight PCIe, only full height like this one:
http://www.logicsupply.com/components/expansion-cards/8111me-d/
-
Quite true regarding the half size slot, some of these nucs do have a sata port but still tricky.
These nucs are great I admit and the cpus seem powerful enough but they are energy efficient design so performance will be down compared to a normal desktop cpu, but again as you said the case/expansion option and overall cost factor are major.
They would need an intel nuc with 2 intel nics and the newer haswell core i3/i5s with AES to boot for it to be a solid option.
A few SFF systems do exist with 2 nics and similar options but I find something always missing or wrong like no AES support or the nics are realtek… realtek just seems evil since its always default option ;)
I think give it a year or 2 and maybe a 20-30watt intel nuc or other sff system like with aes and hopefully the right expansion options or dual intel nics arrives, either that or a decent router with the right options!
-
Whilst the low power processors are less capable than the desktop versions they are still very capable. I'd be amazed if any if them couldn't do 100Mbps OpenVPN. Also I'd hope to see power consumption drop lower than 20W given what's already possible:
http://ssj3gohan.tweakblogs.net/blog/8217/fluffy2-59-watt-high-end-desktop-computer.htmlSteve
-
I might also add that the whole setup uses less that 30 Watts as measured by the UPS and is
totallynear silent.This is what is on the UPS:
1xNUC (120GB mSate, 16GB 1333 MHz DDR3)
1xGS116E Switch
1xGS108PEv2 POE Switch (load: 2xPolycom IP 335 VOIP phones, 1xAXIS M3007 Camera, 1xEnGenius EAP350 WiFI AP)
1xLinksys PAP2-T VOIP ATA.what kind of throughput are you getting? thinking of doing that for my home setup but not sure how it will handle torrenting
I did it more as a hobby and security than for heavy load, speed tests show 84Mbs down 39Mbs up. FIOS on demand TV is probably the heaviest load (it uses IP and not QAM) and in our home we can have 2 HD streams without any noticeable affect.
-
In an amusing turn of events, I set the VirtualBox VM for pfSense to 1 core instead of 2 cores. And got an ipsec throughput improvement from 100mbit to 200mbit. Shouldn't that work in reverse? :)
Anyway, clearly VirtualBox is not the best at this. Would be nice to see this running on the native NUC hardware when the support is available.
-
Whilst the low power processors are less capable than the desktop versions they are still very capable. I'd be amazed if any if them couldn't do 100Mbps OpenVPN. Also I'd hope to see power consumption drop lower than 20W given what's already possible:
http://ssj3gohan.tweakblogs.net/blog/8217/fluffy2-59-watt-high-end-desktop-computer.htmlSteve
Yeah I agree, I was looking into mobile cpus even….
But I quickly find always hardware issues like realtek nics and less expansion slots or options.
I would love one day for someone to run some full test on a 20-30watt pfsense box under AES/VPN speeds and output.
I still feel for overall reliability if you got a pfsense box running 24/7 a xeon/server base pc will be better with its ECC server ram and an SSD and intel nics to boot and in some ways you kinda loose power efficiency but gain reliability. Cost wise you can get servers cheap off ebay usually just as cheap if not cheaper then a power efficiency setup.
-
I still feel for overall reliability if you got a pfsense box running 24/7 a xeon/server base pc will be better with its ECC server ram and an SSD and intel nics to boot and in some ways you kinda loose power efficiency but gain reliability.
Sure, until you add so many NICs and CPU cores that you start hitting bugs in the igb driver and your system panics. :)
-
I still feel for overall reliability if you got a pfsense box running 24/7 a xeon/server base pc will be better with its ECC server ram and an SSD and intel nics to boot and in some ways you kinda loose power efficiency but gain reliability.
Sure, until you add so many NICs and CPU cores that you start hitting bugs in the igb driver and your system panics. :)
Does this really happen with pfsense ?
I had no idea… was considering to order off a nice 4way quad nic card and perhaps a xeon server !
Are you suggesting a dual core and less nics like 2 are more reliable then ?
-
I still feel for overall reliability if you got a pfsense box running 24/7 a xeon/server base pc will be better with its ECC server ram and an SSD and intel nics to boot and in some ways you kinda loose power efficiency but gain reliability.
Sure, until you add so many NICs and CPU cores that you start hitting bugs in the igb driver and your system panics. :)
Does this really happen with pfsense ?
I had no idea… was considering to order off a nice 4way quad nic card and perhaps a xeon server !
Are you suggesting a dual core and less nics like 2 are more reliable then ?
Yes, I just posted about this last week.
http://forum.pfsense.org/index.php/topic,69486.0.html
A quad-core Xeon + a quad-port NIC is probably fine out of the box. An 8-core , or a quad with 8 NICs? Maybe not. A quad with a dozen NICs, well, personal experience… The issues can be overcome, you'll just need to enter the BIOS and set your system to run on a single core until you've made the necessary changes.
-
thanks good to hear !
-
Any use any of this hardware for expanding your port capabilities? Considering using a Tiny Box or Laptop with single port.