Need advice on a pfsense box
-
I probably would not need a z series motherboard. You are right, the H or B series will probably work.
the 4330 uses 54TDP and the 4330T uses 35W, but the 4330 has a 3.5GHz clock speed as opposed to the 4330t's 3.0 HGz clock speed.
http://www.cpu-world.com/Compare/493/Intel_Core_i3_i3-4330_vs_Intel_Core_i3_i3-4330T.htmlAs far as AES-NI goes, I have never used it, but it sounds like it can help out with VPN encryption/decryption. I will have a 100Mbps ISP connection and I should be the only one connecting to my firewall via VPN at the moment.
The Pentiums do look like they are about half the price. My main concern is power consumption and performance since this is the gateway to my network and would be the first bottleneck- so I want to make sure this rig is setup the best I can for all my future endeavors. I plan on doing a few projects that I will run from this network.
But as far as a motherboard goes, is it true that any Intel 8 series motherboard will work? I have heard that USB 3.0 has some problems, but that is okay. I'll just make sure the motherboard has some USB 2.0 ports.
-
I repeat, unless you are running you processor full out, it will not consume anywhere near its max tdp. For the difference in price you would be better of spending money on memory and having that extra power on tap.
Remember you can usually undervolt processors also, which will significantly drop consumption
-
AES-NI is not currently accelerated in pfSense.
We will change that, likely this year.
-
I probably would not need a z series motherboard. You are right, the H or B series will probably work.
the 4330 uses 54TDP and the 4330T uses 35W, but the 4330 has a 3.5GHz clock speed as opposed to the 4330t's 3.0 HGz clock speed.
http://www.cpu-world.com/Compare/493/Intel_Core_i3_i3-4330_vs_Intel_Core_i3_i3-4330T.htmlAs far as AES-NI goes, I have never used it, but it sounds like it can help out with VPN encryption/decryption. I will have a 100Mbps ISP connection and I should be the only one connecting to my firewall via VPN at the moment.
The Pentiums do look like they are about half the price. My main concern is power consumption and performance since this is the gateway to my network and would be the first bottleneck- so I want to make sure this rig is setup the best I can for all my future endeavors. I plan on doing a few projects that I will run from this network.
But as far as a motherboard goes, is it true that any Intel 8 series motherboard will work? I have heard that USB 3.0 has some problems, but that is okay. I'll just make sure the motherboard has some USB 2.0 ports.
I wouldn't worry too much about the TDP. At lower loads, both processors will likely consume similar amounts of power. It's only when you nearly fully load the processors (both CPU & GPU) where you start to see a significant difference. Don't forget that the T suffix chips give up maximum clockrate in return for reduced TDP.
Take note that AES-NI will only work now in OpenVPN and not cryptodev (for IPSEC).
The Pentium G3220 will likely do >100Mbps AES-256 VPN for IPSEC/ OpenVPN with sheer brute power anyway. For me, my ISP is giving out a free upgrade from my 150Mbps/ 75Mbps to 1000Gbps/500Mbps later this year so AES-NI is something I look to having (I only use OpenVPN anyway).
I have not used any USB 3.0 devices on the boards, only keyboards. So far so good for the ports connected to the native USB 3.0 controller on the chipset. I doubt you can even get USB 3.0 on the get-go. You'll likely just get your device connected at USB 2.0 speeds in pfSense.
-
The Pentium G3220 will likely do >100Mbps AES-256 VPN for IPSEC/ OpenVPN with sheer brute power anyway.
Considering an Atom D510 will do 50Mbps AES-256 I would think it will do significantly better than 100Mbps.
Single thread Passmark comparisson:
Intel Atom D510 @ 1.66GHz 265
Intel Pentium G3220 @ 3.00GHz 1,759Steve
-
Considering an Atom D510 will do 50Mbps AES-256 I would think it will do significantly better than 100Mbps.
Single thread Passmark comparisson:
Intel Atom D510 @ 1.66GHz 265
Intel Pentium G3220 @ 3.00GHz 1,759Steve
Probably close to 300Mbps? A little less than what I plan for in the long term (dubious perks of having a NGNBN). Not to mention, it's horribly power inefficient compared to AES-NI ASIC for high throughput VPN.
-
Probably close to 300Mbps? A little less than what I plan for in the long term (dubious perks of having a NGNBN). Not to mention, it's horribly power inefficient compared to AES-NI ASIC for high throughput VPN.
Do you really need 300mbps? - 30MB/s is likely to be sufficient for quite some time unless you're transferring massive files. Heck 100mbps will handle 2xHD streams.
-
Do you really need 300mbps? - 30MB/s is likely to be sufficient for quite some time unless you're transferring massive files. Heck 100mbps will handle 2xHD streams.
Pretty much for large files in general. Mostly when I need to grab installers from home when I'm in the office (both lines from same ISP so I can very potentially get 500Mbps). At the moment, I can still get my rated speeds (150/ 75) easily even for international traffic (as long as my ISP has got a direct transit/ peer to that country).
-
Just setup a MSI H81i board with pfSense 2.1. Same issue with the AsRock board - AHCI has to be disabled in BIOS or else GEOM won't see the drive.
It'd appear to me that Gigabyte is the only one (for Haswell) without this issue at the moment (I don't buy Asus due to warranty issues - lousy distributor here).
-
Just setup a MSI H81i board with pfSense 2.1. Same issue with the AsRock board - AHCI has to be disabled in BIOS or else GEOM won't see the drive.
It'd appear to me that Gigabyte is the only one (for Haswell) without this issue at the moment (I don't buy Asus due to warranty issues - lousy distributor here).
I had no problems with achi and my asrock h81-dgs with 2.1.1 prerelease