Intel Mini-ITX Atom 8-core Hardware Build Recipe Available Here
-
I wanted a more power efficient pfsense box so I saw this thread with this build guide.
My previous PFSense box. An i5-2500k, 8gb ram, dual intel NIC
I was about to get my full gig up and down from Centurylink with it doing there speed test.
With this machine, I can't get past 700mbps but my upload I'm hitting 930mbps
I thought this could be Century link but I put my i5-2500k box in to double check and I'm getting 940mbps up and down constantly.
This is running the latest version of pfsense. Any help would be greatly appreciated.
I've read WAN-NAT is based on single core speed. Would getting an G3258 be good for this? It's just for my apartment. 5-10 devices connected at a time.
-
My previous PFSense box. An i5-2500k, 8gb ram, dual intel NIC
This CPU is running @3,7GHz and not on 2,4GHz so it would not be fair and able to compare against.
I was about to get my full gig up and down from Centurylink with it doing there speed test.
For sure this CPU is also playing in a total other range or class of CPUs.
With this machine, I can't get past 700mbps but my upload I'm hitting 930mbps
Pending on the turned on features, activated and installed packets and also offered services this
could easily be. But once more again, comparing an Intel Core i5-2500k against an smaller Intel
Atom SoC is not really wise! An Atom core is not a i5 core and a i5 core not an Xeon core!
This might be looking for many persons as it its the same, but trust me please it isn´t.I thought this could be Century link but I put my i5-2500k box in to double check and I'm getting
940mbps up and down constantly.For sure it is a really powerful and good working CPU.
This is running the latest version of pfsense. Any help would be greatly appreciated.
What could be helped there? I am pretty sure that the an Intel Atom C2758 SoC based board is capable
to route 1 GBit/s at the WAN port. But it is more the question what is all enabled at the WAN port?- Snort
- Squid & SquidGuard
- DPI Layer7 filter
- endless firewall rules
Or is this a plain and full install on a SSD/HDD without any other services and installed packets?
Please have a look at the dashboard systeminformation at the CPU information and tell us please
what kind of GHz you will see there? Is it @2,4GHz?Is this a really Supermicro C2558 or C2758 board or "only" a C2358 board that is not capable to
pull full 1 GBit/s?I've read WAN-NAT is based on single core speed.
Not more anytime, since version 2.2.x pfSense was doing a bigger jump forward on this
and this was also not the last jump as I see it right.Would getting an G3258 be good for this? It's just for my apartment. 5-10 devices connected at a time.
An Intel Celeron G3260T @3,2GHz is capable to route 1 GBit/s fine without any problems and lets you run
pfSense and Snort together and one or two VPN tasks. -
I appreciate the reply. Right now I'm running both machines bare no packages. The reason why I went with the supermicro is because I thought the i5 was overkill for apartment use.
I did transfer the config from my i5 machine to this current machine. I'm wondering if I should do a clean install instead of transferring the config over.
I'll dive into it further. To me it does seem odd that it can hit 900+ mbps on the upload but only go down 700mbps on the download.Regarding the hardware, this is the Supermicro A1SRi-2758f with 1x 8gb of the Kingston ECC ram with a 64gb SSD. I also updated the bios so it's current and did a bios reset to make sure nothing was turned off (this was a 2nd hand board I bought on ebay for $220)
-
After starting over again with a fresh install, checking and double check my config. Running 0 packages. I can say this can't fully saturate gigabit fiber with centurylink. I am only getting 700mbps down but the uplink I can get 930mbps.
This I believe is in line with PFsense's own box. http://store.pfsense.org/C2758/
TCP 940mbps UDP 756mbpsI have a spare machine with an intel G3258. I'm going to experiment and see if this would be a viable solution to saturating a gigabit fiber line.
I'm still going to keep this atom box around. Maybe optimizations in quickconnect or optimizations in next version of pfsense could help.
-
I have all the parts in except the fans (on route from the usa to me as i could not get 40 mm pwm fans locally)
Without fans it runs at about 42-43 degrees idle stacked on top of an intake fan of an other pc so there is some airflow through the case. Might put 80 mm pwm fan on top of the m350 case blowing air in without the top cover on to have some air flow over the mainbord while testing untill 40 mm fans arive.Only issue i had was to source the cable for the ssd from the male molex on the board. Bought some extention cable with multiple sata and molex connectors and removed the connectors i do not use. (Female molex and 2 x sata power left) this was a 4€ Cable.
I like the setup very much till now, compact case, good power connection with the 4-pin mini din.
Will test it in front of my own pc till i have all the packages running like i want till i have my family run over it :) live with 3 females under the same roof, and if youtube and facebook not work i have to seek for cover ;)update:fans have arrived and indeed can go loud, but not loud when system booted up, so very nice fans. Temperature idle is now at 26 degrees celcius in a room that is 22-24 degrees.
-
There's something wrong with your build, or your climate, if you're at 70C. You really don't need multiple fans. In some installs you won't need any at all.
It's the climate. I've got two of these motherboards (in different cases, one of them is the 1U Rack case from Supermicro itself) and they both run at 70C temperature. None of these boxes operate in air conditioned server rooms.
Throwing a fan on top of them reduces temperature drastically.Hmm.. ur speedtest shows Hungary/ Budapest. Fast speeds.. are they expensive?
How does it get so hot in Budapest? -
I pay about 23 USD / month for 1Gbit/200Mbit + 150 digital TV channels + landline phone.
-
I pay about 23 USD / month for 1Gbit/200Mbit + 150 digital TV channels + landline phone.
Why does the US suck so bad when it comes to internet. :'(
My 4M/1.2M WISP is $60/month. Satellite TV $85/month. 2 cell phones $118/month.
-
I pay about 23 USD / month for 1Gbit/200Mbit + 150 digital TV channels + landline phone.
Why does the US suck so bad when it comes to internet. :'(
My 4M/1.2M WISP is $60/month. Satellite TV $85/month. 2 cell phones $118/month.
Because of things like this: http://venturebeat.com/2014/02/21/verizon-closes-130b-deal-to-buy-out-vodafones-stake-in-verizon-wireless-today/
I assume telcos like these want this amount of money back from the consumers ($130 billion) -
Ok testing the setup now. Only routing between wan and lan (is inside my network for test) no packages, i see 10-11% load when doing 500-540 mbps from usenet down.
System and cpu temperature stays on 30 degrees (celcius) in a room that is 23 degrees.With Snort activated on WAN interface with ET rules it goes up to 24%
File copy from PC to NAS through the firewall at 105/106 MB/sec puts the CPU load at 38%
That is not bad at all i think. -
I wanted a more power efficient pfsense box so I saw this thread with this build guide.
My previous PFSense box. An i5-2500k, 8gb ram, dual intel NIC
I was about to get my full gig up and down from Centurylink with it doing there speed test.
With this machine, I can't get past 700mbps but my upload I'm hitting 930mbps
I thought this could be Century link but I put my i5-2500k box in to double check and I'm getting 940mbps up and down constantly.
This is running the latest version of pfsense. Any help would be greatly appreciated.
I've read WAN-NAT is based on single core speed. Would getting an G3258 be good for this? It's just for my apartment. 5-10 devices connected at a time.
I'm seeing really similar things as you. My upload is hitting 800+mbps but downstreams are no better than 550/600. This is also with centurylink gigabit fiber.
What's really interesting is, I have a host on the other side of the WAN port that's local, and iperf will easily hit 930mbps down/up.So initially I just assumed that something on the fiber was the bottleneck, but if i use centurylink's router, i get 800+ both ways. Looks like I'll have to look into some tuning to see if I can figure out what's going on.
-
I wanted a more power efficient pfsense box so I saw this thread with this build guide.
My previous PFSense box. An i5-2500k, 8gb ram, dual intel NIC
I was about to get my full gig up and down from Centurylink with it doing there speed test.
With this machine, I can't get past 700mbps but my upload I'm hitting 930mbps
I thought this could be Century link but I put my i5-2500k box in to double check and I'm getting 940mbps up and down constantly.
This is running the latest version of pfsense. Any help would be greatly appreciated.
I've read WAN-NAT is based on single core speed. Would getting an G3258 be good for this? It's just for my apartment. 5-10 devices connected at a time.
I'm seeing really similar things as you. My upload is hitting 800+mbps but downstreams are no better than 550/600. This is also with centurylink gigabit fiber.
What's really interesting is, I have a host on the other side of the WAN port that's local, and iperf will easily hit 930mbps down/up.So initially I just assumed that something on the fiber was the bottleneck, but if i use centurylink's router, i get 800+ both ways. Looks like I'll have to look into some tuning to see if I can figure out what's going on.
Disabled bandwidthd. I'm not at 750mbit/s down.
-
What's really interesting is, I have a host on the other side of the WAN port that's local, and iperf will easily hit 930mbps down/up.
With counting the TCP/IP overhead on top you will be nearly the 1 GBit/s.
iPerf 3.0 and using the command for multi core usage would be bringing much more speed or throughput
but if this would be not able to saturated or converted in "real life", it would be also not the hit you have
been searching for. Its a shame I would really love to know if more owners of this setup are having the same
problems as you where reported here. Ok with 930+ MBit/s you can easily life I think, because the TCP/IP overhead must be counted on that on top and 3% - 5% loosing during or through the SPI/NAT phase.
And for each 10 - 20 firewall rules you can count some less throughput also.So initially I just assumed that something on the fiber was the bottleneck, but if i use centurylink's router, i get 800+ both ways. Looks like I'll have to look into some tuning to see if I can figure out what's going on.
The only one I could suggest is the PowerD HI adaptive and mbuf sizes.
- PowerD (hi adaptive) to use all CPU cores right
- mbuf size because for each core and LAN Port a queue will be created and for 8 Cores and 4 LAN Ports
you will have then created 32 queues and open!
So playing around with this two functions and/or numbers would be really good to start.
-
@BlueKobold:
With counting the TCP/IP overhead on top you will be nearly the 1 GBit/s.
iPerf 3.0 and using the command for multi core usage would be bringing much more speed or throughput
but if this would be not able to saturated or converted in "real life", it would be also not the hit you have
been searching for. Its a shame I would really love to know if more owners of this setup are having the same
problems as you where reported here. Ok with 930+ MBit/s you can easily life I think, because the TCP/IP overhead must be counted on that on top and 3% - 5% loosing during or through the SPI/NAT phase.
And for each 10 - 20 firewall rules you can count some less throughput also.Right, with iperf 930mbit is really close to the theoretically maximum of 940. Close enough that so many other variables might come into play to affect it that I'd not think about it anymore.
But it's really odd that to a host on the WAN side gets me 930mbit from the LAN side, but that I only get 750mbit downstream through the gigabit fiber ethernet. If I use centurylink's own router, I get 850-900, so I know the link is capable of getting closer to gigabit.
The nat/firewall overhead should be same to a host on the other side of the WAN as it would be out gigabit fiber connection. So if the overhead isn't affecting the iperf requests to the other host, it's probably not an issue out to the internet either.
The only one I could suggest is the PowerD HI adaptive and mbuf sizes.
- PowerD (hi adaptive) to use all CPU cores right
- mbuf size because for each core and LAN Port a queue will be created and for 8 Cores and 4 LAN Ports
you will have then created 32 queues and open!
So playing around with this two functions and/or numbers would be really good to start.
I've already tried setting to hiadaptive and maximum with no affect.
524888 mbufs and I've never seen it go above 50000I also found a freebsd network stack tuning page and read up on it and tried:
net.inet.ip.redirect=0
and net.inet.ip.fastforwarding=1Both with no affect.
-
I pay about 23 USD / month for 1Gbit/200Mbit + 150 digital TV channels + landline phone.
Damn! I think I'll have to move do Buda-pest.. I was checking Broadband rankings and I found few EU nations having great speeds.. and S.Korea/ Singapore.
Which ISP is this & where in BP {General area.. I heard not all ISPs are everywhere?}? -
The service packages they sell: http://digi.hu/ajanlat/internet/lan
"Ft/hó" means HUF/month; "Sávszélesség" means bandwidth (achievable max) and "Garantált sávszélesség" means the minimum guaranteed bandwidth you get at any time. In the evenings the upload speed can go to as low as this, downloads are stil close to the max (measured with speedtest.net against a server in Budapest).Click on "MEGRENDELÉS" (starts a place order wizard), it will show you a dropdown list with locations in Hungary where they offer services, (Város = city, Utca = street) look for "Nagysebességű internet", that means high speed internet. They offer it not only in Budapest.
The network quality the build is not top in terms of hardware (they have fiber until the main building, and then some mid-category coverter splits this up to copper, and Cat5e goes to each apartment), never had issues though. They give a ZTE ZXHN H298N as CPE which provides an analog telephone line via some VLAN-ed VoIP. You have to use this if you want to keep the phone line, if you use your own router/firewall, you can't use your own ATA to reach the VoIP service on your own. This is true for home users. There are bussiness class services too, but they are in a different price range… -
Hi all, I took the Atom build and am using it at my company since we only have comcast 100 down / 10 up until I have another use for it.
I'm happy with my current build. Powerdraw is 30watts on load
- i3-4150T (35w TDP)
- Asrock ITX board H97
- 16GB Corsair DDR3 sitting around
- 128GB Kingston SSD
- Silverstone MiloML05B
- Silverstone 450W SFX
I'm getting 930mbps+ up and 930mbps+
Packages I'm running: Snort, Bandwidth D, Squid, OpenVPN
-
started a second thread, then did more research and i found this:
https://forum.pfsense.org/index.php?topic=92718.0Summary - FreeBSD + PPPoE only uses a single rx queue.
Makes sense now. Single threaded performance of the C2758 isn't enough to keep up, and PPPoE limits it to a single queue.
Guess I'll have to wait for this to be implemented.
-
fyi- if you want the CPU fan the p/n is
Specifications
Mfr Part Number: SNK-C0054A4L
Application: Motherboard - X9SCV-QV4/X9SCV-Q
Socket Type: Socket G2 (rPGA 988B)
CPU Support: Intel 2nd Generation Core i7/ i5/ i3, Pentium, Celeron Mobile Processors
Fan Speed: 6500 RPM (4-pin PWM Controls)
Noise: 36.6 dBA
Dimensions: 60.0 x 60.0 x 31.5 mmhttp://smile.amazon.com/dp/B005NJQ6T2
I had an idle temp of around 30 Celsius but when I did anything it would quickly ramp up to 60-70 degrees. Now I'm consistently down to 27-30 Celsius.
I have no idea how the temp got soo high so the $25 expensive fan was worth it to me. They must've given me the mobo one of you probably returned lol.
When I emailed Supermicro they said not to use the mouting bracket- it's the same metal piece underneath the mobo already. You could probably get a 4 pin fan of the same size and slap fan on the CPU but this has a metal case enclosing the heatsink and the fan sits on top of that plate. I guess so it doesn't melt from my scorched cpu.
The case I used was Morex 5689 Locking Mini-ITX Case With 60W PSU. It's an ok case but I don't think I'd recommend it unless you want to save having to look for a PSU as well. It does come with a wall-mount bracket and it locks to the bracket if you were using it for something commercial or as a carputer or something. I wouldn't buy it again for home use, necesarily, because the case takes 11 screws to remove. 4 of which you'd have to use the key to get to- thus, it's made for physical security I suppose.
-
I have a question about the ethernet buffer issues here. If you have 16 or 32gb of RAM, do you still have the problems and need to send the command to the kernal for the buffers?
