Intel Mini-ITX Atom 8-core Hardware Build Recipe Available Here
-
That's make sense…I can't find anywhere how many normal (no vpn/no gaming) concurrent clients this Atom 8-core box can handle... here my set up would be...
From ISP CABLE MODEM
WAN---Pfsense (Squid, Sarg, Corn etc packges)
LAN----SWITCH----5 Hard Wire Computers/DVR/TV...etc
OPT1---SWITCH ----10 Access Points----300 max Wireless Clients
OPT2---Future WAN2
Hope some one will help....Thanks
-
That's make sense…I can't find anywhere how many normal (no vpn/no gaming) concurrent clients this Atom 8-core box can handle...
This would depending on many other things and not only on the 8 Core "Rangeley" SoC alone!
- structured network
- VLANs & QoS
- used switches (L2/3) and there performance
From ISP CABLE MODEM
Ok
WAN–-Pfsense (Squid, Sarg, Corn etc packges)
ect packages I really mean is one of the points that should be known right to come closer
because Squid & SquidGuard & Snort will be narrow down the performance of the entire pfSense box.
Or perhaps massively DPI tasks on Layer 7 are hard core narrow down the power of the SoC./DVR/TV…etc
Set up a DMZ with a Layer2 Switch and store these multimedia things there that the network will not be disturbed by those devices. Cisco SG200-10/20 would be right.
LAN–--SWITCH----5 Hard Wire Computers
VLAN10 privat
OPT1–-SWITCH ----10 Access Points----300 max Wireless Clients
VLAN20 WLAN, Perhaps a separate switch likes a Cisco SG300-20/28 that is able to route the VLANs by its own?
Its to offload this from the pfSense box!Also the VLAN10 and VLAN20 are able to run then over one bigger Layer3 Switch as mentioned
perhaps a Cisco SG300 series switch with an viewing eyes for the OPT2 as WAN2!OPT2–-Future WAN2
Why not!
10 Access Points–--300 max Wireless Clients
What WLAN APs are installed here and is this by a WLAN controller regulated and handled WLAN or not?
If the WiFi clients are only surfing, mailing or facebook using it would be not the problem,
but if they are watching YouTube or downloading massively files it would be really slow down. -
Thanks for detail advise Bluekobold,
ect packages I really mean is one of the points that should be known right to come closer
because Squid & SquidGuard & Snort will be narrow down the performance of the entire pfSense box.
Or perhaps massively DPI tasks on Layer 7 are hard core narrow down the power of the SoC.WAN set to DHCP. willing to use this new box for hotel. I have to keep logs of visited urls so I need only squid/sarg & still trying to make it work since 2 years in my other pf boxes (HP Thinclient 5740 for 30 to 50 clients) but never works properly. so as of now not using squid. Do not need Snort or other cup/mem hungry packages.
Set up a DMZ with a Layer2 Switch and store these multimedia things there that the network will not be disturbed by those devices. Cisco SG200-10/20 would be right.
VLAN10 privat
VLAN20 WLAN, Perhaps a separate switch likes a Cisco SG300-20/28 that is able to route the VLANs by its own?
Its to offload this from the pfSense box!Also the VLAN10 and VLAN20 are able to run then over one bigger Layer3 Switch as mentioned
perhaps a Cisco SG300 series switch with an viewing eyes for the OPT2 as WAN2!you are absolutely right, but in my case Due to remote site setup if switch fails VLANs config is problem, using regular GB switchs are just plug and play. Also I never use VLANs & Managed switches.
What WLAN APs are installed here and is this by a WLAN controller regulated and handled WLAN or not?
If the WiFi clients are only surfing, mailing or facebook using it would be not the problem,
but if they are watching YouTube or downloading massively files it would be really slow down.On OPT1 (HOTSPOT 10.10.10.1/24) using engenius-600/360 APs with static IP 10.10.10.3 to 15 no dhcp. Keep few pre config APs as standby unit at location just in case any AP fail to replace with. all APs are hard wire from/to switch no POE used. Not using WLAN controller at all. pf is handling dhcp leases for all. pf rules & allias on OPT1 are controlling unwanted access to LAN & OPT2 well. Yes, there are youtube users so as of now using captiveportal.inc to control bandwidths for all users. Do not know how to share available bandwidth equally to all when network is busy. Hoping this box will do the job.
Thanks for your help
-
WAN set to DHCP. willing to use this new box for hotel. I have to keep logs of visited urls so I need only squid/sarg & still trying to make it work since 2 years in my other pf boxes (HP Thinclient 5740 for 30 to 50 clients) but never works properly.
If you are able to read the German language here are two tutorials about HotSpot with Captive Portal
and VLANs with pfSense, the config must only be typewritten by yours.pfSense HotSpot with Captive Portal
Setup VLAN & routing with pfSenseyou are absolutely right, but in my case Due to remote site setup if switch fails VLANs config is problem, using regular GB switchs are just plug and play. Also I never use VLANs & Managed switches.
Your main question was, could the C2758 board handle the traffic for ~300 WiFi clients, is this right?
And now I would only telling you that you can do some things, if this is not the case, to come closer
to reach your goal!
WLAN APs from UBNT and their Controller Software, free of charge, will be able to handle this
Load a little bit better and then combined with a Cisco SG300-28 Switch and VLANs it would
perhaps no problem.Do not know how to share available bandwidth equally to all when network is busy.
- VLANs & QoS (is also prioritize the network traffic)
- traffic shaping (from switch side balancing out the load)
- WiFi controller (is balancing out the entire clients load)
- Layer3 Switch (is doing the LAN/WLAN routing)
-
I wanted a more power efficient pfsense box so I saw this thread with this build guide.
My previous PFSense box. An i5-2500k, 8gb ram, dual intel NIC
I was about to get my full gig up and down from Centurylink with it doing there speed test.
With this machine, I can't get past 700mbps but my upload I'm hitting 930mbps
I thought this could be Century link but I put my i5-2500k box in to double check and I'm getting 940mbps up and down constantly.
This is running the latest version of pfsense. Any help would be greatly appreciated.
I've read WAN-NAT is based on single core speed. Would getting an G3258 be good for this? It's just for my apartment. 5-10 devices connected at a time.
-
My previous PFSense box. An i5-2500k, 8gb ram, dual intel NIC
This CPU is running @3,7GHz and not on 2,4GHz so it would not be fair and able to compare against.
I was about to get my full gig up and down from Centurylink with it doing there speed test.
For sure this CPU is also playing in a total other range or class of CPUs.
With this machine, I can't get past 700mbps but my upload I'm hitting 930mbps
Pending on the turned on features, activated and installed packets and also offered services this
could easily be. But once more again, comparing an Intel Core i5-2500k against an smaller Intel
Atom SoC is not really wise! An Atom core is not a i5 core and a i5 core not an Xeon core!
This might be looking for many persons as it its the same, but trust me please it isn´t.I thought this could be Century link but I put my i5-2500k box in to double check and I'm getting
940mbps up and down constantly.For sure it is a really powerful and good working CPU.
This is running the latest version of pfsense. Any help would be greatly appreciated.
What could be helped there? I am pretty sure that the an Intel Atom C2758 SoC based board is capable
to route 1 GBit/s at the WAN port. But it is more the question what is all enabled at the WAN port?- Snort
- Squid & SquidGuard
- DPI Layer7 filter
- endless firewall rules
Or is this a plain and full install on a SSD/HDD without any other services and installed packets?
Please have a look at the dashboard systeminformation at the CPU information and tell us please
what kind of GHz you will see there? Is it @2,4GHz?Is this a really Supermicro C2558 or C2758 board or "only" a C2358 board that is not capable to
pull full 1 GBit/s?I've read WAN-NAT is based on single core speed.
Not more anytime, since version 2.2.x pfSense was doing a bigger jump forward on this
and this was also not the last jump as I see it right.Would getting an G3258 be good for this? It's just for my apartment. 5-10 devices connected at a time.
An Intel Celeron G3260T @3,2GHz is capable to route 1 GBit/s fine without any problems and lets you run
pfSense and Snort together and one or two VPN tasks. -
I appreciate the reply. Right now I'm running both machines bare no packages. The reason why I went with the supermicro is because I thought the i5 was overkill for apartment use.
I did transfer the config from my i5 machine to this current machine. I'm wondering if I should do a clean install instead of transferring the config over.
I'll dive into it further. To me it does seem odd that it can hit 900+ mbps on the upload but only go down 700mbps on the download.Regarding the hardware, this is the Supermicro A1SRi-2758f with 1x 8gb of the Kingston ECC ram with a 64gb SSD. I also updated the bios so it's current and did a bios reset to make sure nothing was turned off (this was a 2nd hand board I bought on ebay for $220)
-
After starting over again with a fresh install, checking and double check my config. Running 0 packages. I can say this can't fully saturate gigabit fiber with centurylink. I am only getting 700mbps down but the uplink I can get 930mbps.
This I believe is in line with PFsense's own box. http://store.pfsense.org/C2758/
TCP 940mbps UDP 756mbpsI have a spare machine with an intel G3258. I'm going to experiment and see if this would be a viable solution to saturating a gigabit fiber line.
I'm still going to keep this atom box around. Maybe optimizations in quickconnect or optimizations in next version of pfsense could help.
-
I have all the parts in except the fans (on route from the usa to me as i could not get 40 mm pwm fans locally)
Without fans it runs at about 42-43 degrees idle stacked on top of an intake fan of an other pc so there is some airflow through the case. Might put 80 mm pwm fan on top of the m350 case blowing air in without the top cover on to have some air flow over the mainbord while testing untill 40 mm fans arive.Only issue i had was to source the cable for the ssd from the male molex on the board. Bought some extention cable with multiple sata and molex connectors and removed the connectors i do not use. (Female molex and 2 x sata power left) this was a 4€ Cable.
I like the setup very much till now, compact case, good power connection with the 4-pin mini din.
Will test it in front of my own pc till i have all the packages running like i want till i have my family run over it :) live with 3 females under the same roof, and if youtube and facebook not work i have to seek for cover ;)update:fans have arrived and indeed can go loud, but not loud when system booted up, so very nice fans. Temperature idle is now at 26 degrees celcius in a room that is 22-24 degrees.
-
There's something wrong with your build, or your climate, if you're at 70C. You really don't need multiple fans. In some installs you won't need any at all.
It's the climate. I've got two of these motherboards (in different cases, one of them is the 1U Rack case from Supermicro itself) and they both run at 70C temperature. None of these boxes operate in air conditioned server rooms.
Throwing a fan on top of them reduces temperature drastically.Hmm.. ur speedtest shows Hungary/ Budapest. Fast speeds.. are they expensive?
How does it get so hot in Budapest? -
I pay about 23 USD / month for 1Gbit/200Mbit + 150 digital TV channels + landline phone.
-
I pay about 23 USD / month for 1Gbit/200Mbit + 150 digital TV channels + landline phone.
Why does the US suck so bad when it comes to internet. :'(
My 4M/1.2M WISP is $60/month. Satellite TV $85/month. 2 cell phones $118/month.
-
I pay about 23 USD / month for 1Gbit/200Mbit + 150 digital TV channels + landline phone.
Why does the US suck so bad when it comes to internet. :'(
My 4M/1.2M WISP is $60/month. Satellite TV $85/month. 2 cell phones $118/month.
Because of things like this: http://venturebeat.com/2014/02/21/verizon-closes-130b-deal-to-buy-out-vodafones-stake-in-verizon-wireless-today/
I assume telcos like these want this amount of money back from the consumers ($130 billion) -
Ok testing the setup now. Only routing between wan and lan (is inside my network for test) no packages, i see 10-11% load when doing 500-540 mbps from usenet down.
System and cpu temperature stays on 30 degrees (celcius) in a room that is 23 degrees.With Snort activated on WAN interface with ET rules it goes up to 24%
File copy from PC to NAS through the firewall at 105/106 MB/sec puts the CPU load at 38%
That is not bad at all i think. -
I wanted a more power efficient pfsense box so I saw this thread with this build guide.
My previous PFSense box. An i5-2500k, 8gb ram, dual intel NIC
I was about to get my full gig up and down from Centurylink with it doing there speed test.
With this machine, I can't get past 700mbps but my upload I'm hitting 930mbps
I thought this could be Century link but I put my i5-2500k box in to double check and I'm getting 940mbps up and down constantly.
This is running the latest version of pfsense. Any help would be greatly appreciated.
I've read WAN-NAT is based on single core speed. Would getting an G3258 be good for this? It's just for my apartment. 5-10 devices connected at a time.
I'm seeing really similar things as you. My upload is hitting 800+mbps but downstreams are no better than 550/600. This is also with centurylink gigabit fiber.
What's really interesting is, I have a host on the other side of the WAN port that's local, and iperf will easily hit 930mbps down/up.So initially I just assumed that something on the fiber was the bottleneck, but if i use centurylink's router, i get 800+ both ways. Looks like I'll have to look into some tuning to see if I can figure out what's going on.
-
I wanted a more power efficient pfsense box so I saw this thread with this build guide.
My previous PFSense box. An i5-2500k, 8gb ram, dual intel NIC
I was about to get my full gig up and down from Centurylink with it doing there speed test.
With this machine, I can't get past 700mbps but my upload I'm hitting 930mbps
I thought this could be Century link but I put my i5-2500k box in to double check and I'm getting 940mbps up and down constantly.
This is running the latest version of pfsense. Any help would be greatly appreciated.
I've read WAN-NAT is based on single core speed. Would getting an G3258 be good for this? It's just for my apartment. 5-10 devices connected at a time.
I'm seeing really similar things as you. My upload is hitting 800+mbps but downstreams are no better than 550/600. This is also with centurylink gigabit fiber.
What's really interesting is, I have a host on the other side of the WAN port that's local, and iperf will easily hit 930mbps down/up.So initially I just assumed that something on the fiber was the bottleneck, but if i use centurylink's router, i get 800+ both ways. Looks like I'll have to look into some tuning to see if I can figure out what's going on.
Disabled bandwidthd. I'm not at 750mbit/s down.
-
What's really interesting is, I have a host on the other side of the WAN port that's local, and iperf will easily hit 930mbps down/up.
With counting the TCP/IP overhead on top you will be nearly the 1 GBit/s.
iPerf 3.0 and using the command for multi core usage would be bringing much more speed or throughput
but if this would be not able to saturated or converted in "real life", it would be also not the hit you have
been searching for. Its a shame I would really love to know if more owners of this setup are having the same
problems as you where reported here. Ok with 930+ MBit/s you can easily life I think, because the TCP/IP overhead must be counted on that on top and 3% - 5% loosing during or through the SPI/NAT phase.
And for each 10 - 20 firewall rules you can count some less throughput also.So initially I just assumed that something on the fiber was the bottleneck, but if i use centurylink's router, i get 800+ both ways. Looks like I'll have to look into some tuning to see if I can figure out what's going on.
The only one I could suggest is the PowerD HI adaptive and mbuf sizes.
- PowerD (hi adaptive) to use all CPU cores right
- mbuf size because for each core and LAN Port a queue will be created and for 8 Cores and 4 LAN Ports
you will have then created 32 queues and open!
So playing around with this two functions and/or numbers would be really good to start.
-
@BlueKobold:
With counting the TCP/IP overhead on top you will be nearly the 1 GBit/s.
iPerf 3.0 and using the command for multi core usage would be bringing much more speed or throughput
but if this would be not able to saturated or converted in "real life", it would be also not the hit you have
been searching for. Its a shame I would really love to know if more owners of this setup are having the same
problems as you where reported here. Ok with 930+ MBit/s you can easily life I think, because the TCP/IP overhead must be counted on that on top and 3% - 5% loosing during or through the SPI/NAT phase.
And for each 10 - 20 firewall rules you can count some less throughput also.Right, with iperf 930mbit is really close to the theoretically maximum of 940. Close enough that so many other variables might come into play to affect it that I'd not think about it anymore.
But it's really odd that to a host on the WAN side gets me 930mbit from the LAN side, but that I only get 750mbit downstream through the gigabit fiber ethernet. If I use centurylink's own router, I get 850-900, so I know the link is capable of getting closer to gigabit.
The nat/firewall overhead should be same to a host on the other side of the WAN as it would be out gigabit fiber connection. So if the overhead isn't affecting the iperf requests to the other host, it's probably not an issue out to the internet either.
The only one I could suggest is the PowerD HI adaptive and mbuf sizes.
- PowerD (hi adaptive) to use all CPU cores right
- mbuf size because for each core and LAN Port a queue will be created and for 8 Cores and 4 LAN Ports
you will have then created 32 queues and open!
So playing around with this two functions and/or numbers would be really good to start.
I've already tried setting to hiadaptive and maximum with no affect.
524888 mbufs and I've never seen it go above 50000I also found a freebsd network stack tuning page and read up on it and tried:
net.inet.ip.redirect=0
and net.inet.ip.fastforwarding=1Both with no affect.
-
I pay about 23 USD / month for 1Gbit/200Mbit + 150 digital TV channels + landline phone.
Damn! I think I'll have to move do Buda-pest.. I was checking Broadband rankings and I found few EU nations having great speeds.. and S.Korea/ Singapore.
Which ISP is this & where in BP {General area.. I heard not all ISPs are everywhere?}? -
The service packages they sell: http://digi.hu/ajanlat/internet/lan
"Ft/hó" means HUF/month; "Sávszélesség" means bandwidth (achievable max) and "Garantált sávszélesség" means the minimum guaranteed bandwidth you get at any time. In the evenings the upload speed can go to as low as this, downloads are stil close to the max (measured with speedtest.net against a server in Budapest).Click on "MEGRENDELÉS" (starts a place order wizard), it will show you a dropdown list with locations in Hungary where they offer services, (Város = city, Utca = street) look for "Nagysebességű internet", that means high speed internet. They offer it not only in Budapest.
The network quality the build is not top in terms of hardware (they have fiber until the main building, and then some mid-category coverter splits this up to copper, and Cat5e goes to each apartment), never had issues though. They give a ZTE ZXHN H298N as CPE which provides an analog telephone line via some VLAN-ed VoIP. You have to use this if you want to keep the phone line, if you use your own router/firewall, you can't use your own ATA to reach the VoIP service on your own. This is true for home users. There are bussiness class services too, but they are in a different price range…
