Intel NUC + switch. Is this possible?
-
Hi Jason, thanks for the reply!
One thing you should note is that by only using a single NIC you are going to limit the throughput between the devices on different networks as everything will need to go through pfSense.
even if I get a 2 NIC (or 3 NIC) as Netgate or any other I will get to connect just 1 port of it to my switch and all traffic will need to pass through the other NIC port anyway right? What´s the advantage of that config?
If I understand correctly my setup with a netgate would be:
internet provider connected to first NIC
switch connected to second NICall other devices connected to my switch.
It seems almost the same…. everything will need to route through first NIC....
Am I missing something?
kind regards
-
even if I get a 2 NIC (or 3 NIC) as Netgate or any other I will get to connect just 1 port of it to my switch and all traffic will need to pass through the other NIC port anyway right? What´s the advantage of that config?
If you're only ever going to hook up one NIC for your internal network then it doesn't matter how many NICs your system has.
My point still stands though. If you're using a single NIC with 6 vLAN tags then your MAX throughput will be lower than if you had 6 NICs with 1 vLAN tag each, 3 NICs with 2 tags each, etc. With a single NIC you're limited to 1 Gbit/s in and 1 Gbit/s out aggregated across all vLANs.
-
Would that processor be able to route / filter more than 1Gbps to begin with?
-
How can I measure my routing needs? external connection to the net is just 50Mbits …
-
I just love intel NUC as they are cost effective and have a pretty small footprint.
I intend to get another intel NUC based on Celeron N2820 2.13 GHz + 4Gb RAM + 32GB HD (total cost on Amazon will be less then $250) to run PfSense in order to get these running.
Yes, NUC have a small footprint. It's an intriguing product and I also do believe some (esp. the inexpensive lower-end models) can be cost effective for some tasks. And yes, you should probably be able to make this work. However, I personally believe the NUC is just the wrong device for this job, i.e. as a routing / pfSense machine.
Or, to put it more precisely, $200+ on a NUC seems a lot of money spent on a totally "sub-optimal" tool to me (for this particular use case, mind you).
Just as a heads-up: from what I gathered, the Intel NUC DN2820FYKH uses a Realtek RTL8111G NIC - which I suppose there isn't any support included for in current pfSense builds (though it seems that you can - somehow - compile your own driver and make it work):
https://forum.pfsense.org/index.php?topic=65355.0
-
Or, to put it more precisely, $200+ on a NUC seems a lot of money spent on a totally "sub-optimal" tool to me (for this particular use case, mind you).
what options do you suggest with a small footprint and enough power for less then USD250? PfSesnse store offer a similar product VK-T40E2 Firewall Router Security Appliance
at $449.00!!! Almost the same processor power for twice as much !!! Of course there are Intel NICs and memories but still a lot to pay considering the product differences…kind regards
Gustavo -
I use a NUC (the 4th gen Haswell i5 one) with 16GB ram and a 120GB m-sata drive as my pfSense development station. :-)
I ran a NUC with an i3 in it for a "pfSense box" (booting off USB) for a while (at home). I'm currently using the VK-T40E2, but that's more of a dog-fooding exercise.
-
what options do you suggest with a small footprint and enough power for less then USD250? PfSesnse store offer a similar product VK-T40E2 Firewall Router Security Appliance
at $449.00!!Rebranded PC Engines APU1C.
Alternatively:
http://store.netgate.com/NetgateAPU2.aspxThere might some differences in detail.
Also beware, the linked wall mount bracket is not recommend by manufacturer (for the APU's higher thermal envelope).I know, it's more than $250. But rather closer to it.
-
You really have to define what you're after more closely.
You have only a 50Mbps WAN so, yes, in theory the m1n1wall (ALIX) will pass that no problem. It has ~85Mbps capability. However if you want to run any packages you will soon see a restriction below 50Mbps. More importantly all your inter-VLAN traffic will have to go through the pfSense box and you may well want that to be >50Mbps.Would that processor be able to route / filter more than 1Gbps to begin with?
No I don't believe it could. If you look at the Celeron N2820s single thread performance it's very close to a Pentium-M at 17GHz. I have that chip and it can manage ~650Mbps. The Celeron will be slightly faster since it can offload other processes to other cores. I have to say I'm not sure I can believe that benchmark figure, I expect it to be much faster. ???
Steve
Edit: typo
-
Rebranded PC Engines APU1C.
Alternatively:
http://store.netgate.com/NetgateAPU2.aspxBut these devices also feature Realtek NICs. Are they supported on PfSense?
The 1 GHz Dual Core AMD G Series can handle how much traffic?
-
More importantly all your inter-VLAN traffic will have to go through the pfSense box and you well want that to be >50Mbps.
That's why I wouldn't feel good about having only one NIC, and a Realtek at that. Also, there doesn't seem to be any sensible way of expansion later.
-
Rebranded PC Engines APU1C.
Alternatively:
http://store.netgate.com/NetgateAPU2.aspxBut these devices also feature Realtek NICs. Are they supported on PfSense?
The 1 GHz Dual Core AMD G Series can handle how much traffic?
I think 'rebranded' is a bit strong, but … whatever.
Yes, pfSense supports the Realtek NICs on the APU board(s).
The issue with throughput seems to be limited by the NICs, not the CPU, but as always, YMMV.
-
More importantly all your inter-VLAN traffic will have to go through the pfSense box and you well want that to be >50Mbps.
That's why I wouldn't feel good about having only one NIC, and a Realtek at that.
Huh? If the CPU can't push more than 50mbps to begin with, what do you think you'll gain from having multiple NICs vs. VLANs on a single NIC?
-
More importantly all your inter-VLAN traffic will have to go through the pfSense box and you well want that to be >50Mbps.
That's why I wouldn't feel good about having only one NIC, and a Realtek at that.
Huh? If the CPU can't push more than 50mbps to begin with, what do you think you'll gain from having multiple NICs vs. VLANs on a single NIC?
To differ on this: if you don't need much hocus-pocus between the vlans (traffic shaping, limiting, policy-based routing, extensive acl's, or any other goodie from pfSense) go with a L3 switch, and let that one do the intervlan routing. Way more effective. Then you're less restricted on what to use for pfSense HW?
-
In this case I suppose the better option would be a 4+ port box. Any suggestions with a small size and power requirements gigabit NIC for under USD 300?
Is this product a good offer considering its price target? http://www.amazon.com/gp/product/B00ESMUF7O/ref=olp_product_details?ie=UTF8&me=&seller=
kind regards
-
You could also go for a Layer3 switch, and have routing between VLANs done by it. That will save your NUC from a lot of traffic, it will only handle access between WAN and the VLANs.
-
Huh? If the CPU can't push more than 50mbps to begin with
Why shouldn't it?
Even the (in terms of performance) ancient ALIX' 500MHz Geode can push more than 50mbps.
The Celeron should be capable of multiple times higher throughput.I think shoehorning all traffic through one NIC is definitely not going to help with performance.
Also, I believe there are some practical considerations why a 2- or 3-port device is preferable (management access, dedicated WAN).L3 switch seems a sensible idea as well, if budget allows.
-
Huh? If the CPU can't push more than 50mbps to begin with
Why shouldn't it?
This was in reference to the Alix board, but I really meant 85mbps (which is what somebody claimed the ALIX is good for), not 50mbps.
Even the (in terms of performance) ancient ALIX' 500MHz Geode can push more than 50mbps.
The Celeron should be capable of multiple times higher throughput.I think shoehorning all traffic through one NIC is definitely not going to help with performance.
Also, I believe there are some practical considerations why a 2- or 3-port device is preferable (management access, dedicated WAN).Just from a performance perspective, using separate physical links instead of VLANs on a single link will not buy you anything unless you're actually bottlenecked by that link. So if your CPU isn't fast enough to be able to saturate a single link, having additional links will not get you better performance.
-
Ok. A Celeron won't make the gigabit.
What if I get a NUC i5-4250U Processor and then replace the HDD with a mini PCI-E dual gigabit NIC card?
There are some options like:
a) http://www.cervoz.com/uploaded/datasheet/Datasheet_MEC-LAN-M002.pdf
b) http://www.ebay.com.au/itm/Mini-PCI-Express-PCIe-Gigabit-Ethernet-x2-Network-Adapter-NIC-Card-2-Port-/221070821678?pt=UK_Computing_Other_Computing_Networking&hash=item3378d9092eand others.
By doing that I'll have an i5 with 3 gigabit ports to run all my network. I'll connect one of the ports through a layer2 capable switch.
Inside the NUC there is also a half size mini PCI-E port for the WIFI card I won't use. Is there any other mini PCIe card that fits in there so I can get 2 more NIC in my NUC? If I can do this I'll have an i5 with 5 gigabit NIC for under $500 with low power and small size. Just what I need.
I'm not sure either if this half size PCIe slot is shared with the full size PCIe slot … anyone familiar with the NUC's hardware?
Any toughts on that sub $500 i5 more then quad gigabit NIC with small form factor and low energy consumption?
kind regards
-
Any ideas, please?
kind regards