Shuttle DS57U (Broadwell & Dual Intel NICs)
-
@hedsht:
i'm not using this one as a pfsense box anymore, because AES-NI is not supported.
had a really nice chat with the shuttle support and they confirmed that the celeron they used doesnt support AES-NI, its not a bios issue.
but, later this year shuttle will release a i3 & i5 version which will definitely support AES-NI.That's not true according to Intel. Sounds like BS to me. I was about to go and buy one until hearing that…
http://ark.intel.com/products/84809/Intel-Celeron-Processor-3205U-2M-Cache-1_50-GHzi've talked with the intel support as well, the celeron does support aes-ni, but its up to the manufacturer which version he uses and apparently shuttle took the one without aes-ni in this case.
-
Was you CPU maxed out all the time?
Just because AES acceleration isn't supported on chip doesn't mean the box can't do a good job depending on bandwidth you need supported.
Not that this would be my go-to box to begin with but if I already had one, it would have to be incapable of doing the job for me to unplug it.
-
@hedsht:
@hedsht:
i'm not using this one as a pfsense box anymore, because AES-NI is not supported.
had a really nice chat with the shuttle support and they confirmed that the celeron they used doesnt support AES-NI, its not a bios issue.
but, later this year shuttle will release a i3 & i5 version which will definitely support AES-NI.That's not true according to Intel. Sounds like BS to me. I was about to go and buy one until hearing that…
http://ark.intel.com/products/84809/Intel-Celeron-Processor-3205U-2M-Cache-1_50-GHzi've talked with the intel support as well, the celeron does support aes-ni, but its up to the manufacturer which version he uses and apparently shuttle took the one without aes-ni in this case.
That doesn't really make sense. The model supports it. If there's a version that doesn't then well it's a different model surely.
Was you CPU maxed out all the time?
Just because AES acceleration isn't supported on chip doesn't mean the box can't do a good job depending on bandwidth you need supported.
Not that this would be my go-to box to begin with but if I already had one, it would have to be incapable of doing the job for me to unplug it.
What don't you like about it?
-
@gonzopancho:
This .vs http://store.netgate.com/ADI/RCC-DFF-2220.aspx at $275 which has:
- more clockrate (1.7GHz .vs 1.5GHz)
Atom 1,7Ghz vs. Celeron 1,5GHz - this should be a clear win for the Celeron. It's ok to list advantages of your solution, but comparing the clock rate feels like cheating in that case.
- less power consumption (TDP 6W .vs 15W
€15 difference per year (24/7)
- better Ethernets
Can you explain the difference?
- Shuttle is only spec-ed to 40C, 2220 is spec-ed to 65C
The main advantage is, that the Shuttle system is available in Germany. Other solutions often have to be imported.
Don't just look at the names, Intel C2350 is a member of Rangeley/Avoton (Silvermount series) which has server grade quality (The fastest C2750, octa-core Atom, was tested to be almost on par with previous generation 4C8T Xeon L5520, but TDP is just 1/3).
Definitely both CPU can do 1Gbps NAT throughput, while C2350 has turbo frequency up to 2GHz to make it even faster. -
That doesn't really make sense. The model supports it. If there's a version that doesn't then well it's a different model surely.
i can only say, what i've been told by the shuttle support. there isnt a bios setting to enable or disable AES-NI and i've tested FreeBSD 10.1, Ubuntu 14.04 and Windows 7 and none of them showed AES-NI Support.
So its either disabled on this CPU (maybe to save power?) or my particular cpu doesnt support AES-NI.
I went back to my D2500CC as a PfSense Firewall and am using the Shuttle DS57U as a Ubuntu Webserver for web development now.
-
Beware everything about Shuttle. I;ve used literally 50 of them in production over the years and have struck so many esoteric problems form board design faults to power supply problems (with eery different box/PSU I've had from them) and also strange case designs that make repair/replacement and moving components hard to do.
I've found their support to be appallingly lacking in almost every instance. In EU maybe it is better, in Taiwan it is not. Face saving has presented me with nothing but duplicated excuses and round robin discussions.
They are very windows centric, so using any other OS is a foreign concept and untested.
They're a but like Sony. Hardware developers that develop and test in 'Doze, and are still learning about how IMHO…
-
I'm following this topic too, since I ordered two DS57U last week (haven't arrived yet)…
I wanted to use them for pfsense with OpenVPN AES encrypted tunneling, etc... So I specifically wanted a CPU with AES-NI.Now, yesterday 30/03/2015, I'm SURE that it was stated on the Intel ARK website that the Intel Celeron 3205U supported AES-NI.
Today, when I check the Intel ARK page again, it is simply stated that this CPU does NOT support AES-NI. Intel, what's going on?
http://ark.intel.com/products/84809/Intel-Celeron-Processor-3205U-2M-Cache-1_50-GHz
http://oi62.tinypic.com/14t6gyb.jpgScreenshot attached of today...
Intel screwed us?
-
Now, yesterday 30/03/2015, I'm SURE that it was stated on the Intel ARK website that the Intel Celeron 3205U supported AES-NI.
Today, when I check the Intel ARK page again, it is simply stated that this CPU does NOT support AES-NI. Intel, what's going on?
Intel screwed us?And here's the proof for your RMA. :P
http://web.archive.org/web/20150205185342/http://ark.intel.com/products/84809/Intel-Celeron-Processor-3205U-2M-Cache-1_50-GHz
-
My two DS57U units arrived. I did some quick testing and I wanted to share the results (which are not too disappointing in my opinion).
I have twice the following hardware configuration:
1x SHUTTLE DS57U, Intel Celeron 3205U 1x Crucial M550 SSD 128GB mSATA (CT128M550SSD3) 2x 4 GB SO DDR3 1600 CL9 Crucial (BLS4G3N169ES4CEU)I have installed the following software on both devices:
Debian 7.8 OpenVPN 2.3.6I have used the following command to test the bandwith:
dd if=/dev/urandom of=/tmp/urandom.dat bs=1M count=1000 iperf -c iperf-server -F /tmp/urandom.datI use a random data file as source for the speed test, since the comp-lzo parameters could compress the tunnel. With the speed command above, there is no difference in results with "comp-lzo yes" or "comp-lzo no".
If an OpenVPN tunnel is used, it is a UDP tunnel.My results are as follows:
Shuttle 1 (S1) directly attached to Shuttle 2(S2), no tunnel (no OpenVPN)
Speed: 950 Mbit/sS1 to S2, OpenVPN, no encryption
Speed: 900 Mbit/sS1 to S2, OpenVPN, AES-128-CBC
Speed: 210 Mbit/sS1 to S2, OpenVPN, AES-256-CBC
Speed: 195 Mbit/sNow I know this isn't a full firewall/router test, since I only use one interface on each device. I also haven't used FreeBSD (pfSense), since I wanted to do a quick test to see if it would be possible to obtain > 100 Mbit/s speed with AES256. It seems like this is the case.
In the near future, I plan to have this configuration set up as a complete pfSense firewall.
-
The Message I got from Intel:
Hello Roland,
Thank you for your email. The AES-NI information that is currently visible on the ARK site for the Intel
Celeron Processor 3205U is incorrect. The specification has been changed in our system to show that this processor does not support AES-NI and the ARK site will be updated with this information later today. We appreciate that you took the time to send us a message, and apologize for the inconvenience.Best regards,
Lori Yung
ARK Support
ark.intel.com -
Apologize for the inconvenience? HAHA…
How about "Send me a freaking board/CPU combo that fits my needs."
-
Just wanted to say thanks to everyone on this thread.
I've been shopping for several weeks for something to replace an old power-hungry (~55 W) clunker and decided upon the new Shuttle DS57U (with 2x2 GB RAM, 60 GB SSD). I'm pleased with the initial quality, slim form factor, fanless design, and I echo everything hedsht has said, especially the ease of installation (v2.2.1).
I'd add one other con: the power button is a hair trigger.
This build is overkill for my simple home needs, but I look forward to using more of pfsense's features going forward.
@hedsht:
the shuttle has arrived and i'm happy with it.
lspci -lv (Ubuntu 14.04)
pciconf -lv (FreeBSD 10.1)Booting from USB works without any issues, even booting from SD Card works.
Minor con's so far:
-
the NICs use two different drivers, one is igb0 (I211) and the other one em0 (I218LM)
-
no status LEDs on NICs, might bother some people
-
Wifi Card (RTL8188EE) is not working
-
it isnt possible to disable the igpu (it will use 64mb of ram)
The case is made of metal which makes it quite hard to install external wifi antenna's, but i'll try to find a good spot, swap the wifi card and install two external antenna's.
I've set PowerD to adaptive and while downloading 100mbit the cpu idle's at around 500 MHz.
Power Usage: 11w (4 GB RAM & 64 GB SSD)
-
-
I also have the DS57U and wanted to install pfsense as a virtual machine in ESXI. Have any of you guys tried this yet? The main problem I'm having is that ESXI 6 only shows the i218 adapter as being available. The i211 adapter is no where to be seen. I see it available as a passthrough device. I can't figure out why it won't appear as a 2nd physical nic?
VMware compatibility guide show both have drivers available in esxi 6, why won't the i211 not appear as a available adapter?:
I211 compatibility:
http://www.vmware.com/resources/compatibility/detail.php?deviceCategory=io&productid=37601&deviceCategory=io&details=1&releases=273&keyword=i211&deviceTypes=6&VID=8086&DID=1539&page=1&display_interval=10&sortColumn=Partner&sortOrder=Asc
I218-LM compatibility:
http://www.vmware.com/resources/compatibility/detail.php?deviceCategory=io&productid=37653&deviceCategory=io&details=1&keyword=i21&page=1&display_interval=10&sortColumn=Partner&sortOrder=Asc
Any ideas?
-
even with aes-ni, those cpus can do gigabit wan and fast vpn without issue. they just have a higher load when doing a vpn without aes-ni.
with modern cpus, even the low end embedded models like the celeronj, aes-ni is or not is not an issue.
-
a Celeron-j 1900 can do 500/500 without issue. everyone was getting that gigabyte board with dual wan for that reason.
the realtek nics seem to limit it to 700/700ish, but the cpu can do more.
basically it depends on how much you want to spend.
-
I also have the DS57U and wanted to install pfsense as a virtual machine in ESXI. Have any of you guys tried this yet? The main problem I'm having is that ESXI 6 only shows the i218 adapter as being available. The i211 adapter is no where to be seen. I see it available as a passthrough device. I can't figure out why it won't appear as a 2nd physical nic?
VMware compatibility guide show both have drivers available in esxi 6, why won't the i211 not appear as a available adapter?:
I211 compatibility:
http://www.vmware.com/resources/compatibility/detail.php?deviceCategory=io&productid=37601&deviceCategory=io&details=1&releases=273&keyword=i211&deviceTypes=6&VID=8086&DID=1539&page=1&display_interval=10&sortColumn=Partner&sortOrder=Asc
I218-LM compatibility:
http://www.vmware.com/resources/compatibility/detail.php?deviceCategory=io&productid=37653&deviceCategory=io&details=1&keyword=i21&page=1&display_interval=10&sortColumn=Partner&sortOrder=Asc
Any ideas?
I installed ESXi 6.0 on my DS57U3. I had to create a customized ESXi-ISO with http://www.v-front.de/p/esxi-customizer-ps.html and installed the net-igb and sata-xahci driver package. See http://www.v-front.de/2015/08/a-fix-for-intel-i211-and-i350-adapters.html and http://www.v-front.de/2013/11/how-to-make-your-unsupported-sata-ahci.html
Besides I passed through the Realtek WLAN-card to a Debian 8 VM with a 4.2 Kernel and set this machine up as a WLAN-AP with hostapd - http://www.cyberciti.biz/faq/debian-ubuntu-linux-setting-wireless-access-point/
This also should work for a Shuttle DH170 imho.