C2758 or i7-3555LE
-
WAN is 50/10 (may go up at some point in the future) and LAN is gigabit has about 7 vlans with rules that dictate certain vlans have access to other vlans and while others don't. I added ASSP (smtp proxy) and it has worked well (single thread) and since 2.2 is multi-thread I might look into ASSP 2.0 which supports multi-thread at least last time I checked. Also, like I mentioned in my first post that we have site-to-site vpn as well as occasional mobile vpn users.
-
I have a c2758 with 2 site to site vpns's, 10 mobile vpn users and 15 vpn connected sip phones and it does not break a sweat. 100/100 link and pfblocker, ntop and suricata packages installed also.
Just a data point for consideration.
-
Good to know. Are you using 2.2?
-
I have a C2758 on 2.1.5 and it's a rockstar. It's on a GigE connection that it gets via a Cisco 4948 (core switch) and so far since I only have a test machine behind it I've only done basic speed tests running around 500 megabits. Max load has been 0.58. I'll push full wire speed later today to see what happens, but I'm guessing it won't break much of a sweat. And that's on 2.1.5. I was just testing with it and potentially was going to use a E3 Xeon, but no need at all for that.
I expect 2.2 to have no issue keeping up with 20 site-to-sites that are on 20 to 50 megabit connections.
I'm pretty excited about the small (non-rackmount) C2758 boxes I've seen mention in these forums coming from Netgate in Q1 of 15. I'll be replacing my endpoints with those at all my branches - needless to say, I'm sold on the Rangeley Atom (C2758). They're beasts.
-
I too have a C2758 with 8gig ECC.
The CPU is never taxed even with a bunch of packages sniffing through all packets.
If anything, the memory would be maxed out before the CPU is stressed, LOL. The i7 will likely be the cheaper route though. -
All things being equal, I'd chose the one with the best single thread performance. i7.
But its a tough call. The 8 core atom is really nice but the memory is usually expensive enough to make you cry.
What about the i7 board? What memory does it use?Memory is not that bad. I got it for like ~10/gig just a couple weeks ago for the Atom. For the SM C2758 board.
-
All things being equal, I'd chose the one with the best single thread performance. i7.
But its a tough call. The 8 core atom is really nice but the memory is usually expensive enough to make you cry.
What about the i7 board? What memory does it use?Memory is not that bad. I got it for like ~10/gig just a couple weeks ago for the Atom. For the SM C2758 board.
$10/GB is a pretty good price for ECC SODIMMs. I think I paid about $12/GB when I got my C2758 box.
-
Contrary to popular belief, price is an object for most people, but were it not I'd chose the 8 core atom also.
I just can't overlook the fact that an old tired i7 for cheap will easily match the performance of the fastest 8 core atom board though.Electricity here is 2.5x as expensive as USA, so over time (alot of time), power would be my biggest argument for the atom.
-
Get the supermicro 8 core Atom with 4x gigabit nic and regular ddr3 dim slots in itx. Not much more than than the 4 core or variant with so-dimms. Add 16-64gb of ddr3 ecc, and you can use it as a pfsense router and m some other servers on there if need be. Do it once and right. The i7 is good to go, but uses more power ND supports less ram. If you are not transcoding, there is no point. If you want to cheap out, go amd 5350 on an asus board with ecc ram and a Intel nic or two.
-
Anyone know if there are any install/driver issues with 2.1.5 or 2.2 with the supermicro c2758 board? I want to build one and just want to be sure of what work I may have to do to get it running. Please share any info you're aware of.
thanks!
Jay. -
No problem with my A1SRi-2558 running 2.2
-
I'm a pfSense n00b (haven't installed it yet) but there's something some of these guys don't seem to consider.
The c2758 processor has hardware encryption acceleration (QuickAssist) which the i7 does not have. Granted it isn't utilized in pfSense yet, or in pretty much anything else AFAICT, but it will be and at that point I'm betting VPN performance on any c2*58 processor will hands down beat any i7.
It might be worth your time to look up what QuickAssist is before you make your choice. The fw7551 and c2758 already get pretty good VPN performance when using AES encryption, the QuickAssist does that for a lot more encryption types and for compression as well. The hardware encryption features are in the CPU itself.
I just ordered one of these: http://www.supermicro.com/products/motherboard/Atom/X10/A1SRM-LN7F-2758.cfm
Unlike the earlier products it takes either ecc or non-ecc memory, up to 64g. 7 lan ports, all intel, plus an IPMI.
Edit: For that matter, when I was buying memory for this system I chose 2x8g modules, and registered ECC memory was only $4 a stick more than non-ECC memory. Is cost really that big a deal? The box cost around USD $1000, can't say for sure because I bought other hardware at the same time.
Back to QuickAssist, if you have a bigger box and want QuickAssist on it you can spend USD $1000 for a QuickAssist adapter if you want, the only one I've found is at Mouser electronics.
-
For anyone that doesn't need lan bypass and wants usb 3.0, the board is also available that way.
http://www.supermicro.com/products/motherboard/Atom/X10/A1SRi-2758F.cfm
This one doesn't take non-ECC ram, but I think ECC is a better choice for a network router.
And it's ~$333 compared to ~$436 on amazon.
And thanks for the feedback, Wolf666, that there should be no install issues with 2.2.
Jay.
-
I looked really hard at that board too.
I found too many reviews complaining about it freezing on boot. That's not OK for me.
I assume this sort of thing would be fixed by a BIOS upgrade but I saw no evidence of such an upgrade, and I've been burned in the past by an assumption that a bios update for what I considered a critical bug would be released which never came around. Not for networking-related hardware but for VT-d support in that case.
In my case, this box will be used for a home network which will (hopefully soon) get gigabit Internet, and which I need to have an insanely fast VPN on. The VPN will only be needed part of the time, and this box will be running a virtualization hypervisor (either kvm or VMware ESXi) and the router/vpn/intrusion prevention software will run inside one or more guests. I will also have other VMs as necessary and as the capabilities of the board permit.
-
Today the i7 will be faster. But in the future, likely in less than a year, you're gonna want the cores.
Trust me. ::) :-X