Newb: Some hardware advise please?

DCDarkling

Hello all,

I have been looking to finally setup my own firewall. It is for a home connection. I like the idea of pfsense because it seems fairly futureproof. I should, so far I understood, be able to port over settings to newer hardware in the future, get newer hardware. Or simple add / remove modules in pfsense depending on need.

Now I do have some issues finding some suitable hardware. Partially related due to my lack of knowhow in freebsd. (Which is fine, I see this as a nice project to pick that up also.)
My network knowhow can use improvement so im partially using this project for that also. If any below makes no sense its due to that & feel free to tell me.
Right now im a bit lost in what I truly need of hardware.

Im looking for hardware, especially a motherboard with the following:

• Need to be able to get it in the EU. (NL better)

• I would love to have something like IPMI on it. I know myself to well, its a requirement. And yes it makes the hardware more expensive.

• As silent as possible. Size is not a issue. Smaller is better but I can even put it in a normal desktop size.

• Future ready in terms of power. Right now it needs to handle roughly 120Mb down and 12Mb up, but I would like to account for any future speed increases.

• Internal lan is Gbit and I would like it to keep its internal transfer speed.

• VPN options. (I do not need many at once, but the option to have VPN be nice.)

• Needs to be able to run freebsd/pfsense of course. Herein lies one of my biggest issues. Finding a board which is guaranteed compatible.

• A good amount of NIC ports. Preferably intel. Not for use as a switch. Just that certain clients can be separated by port from others. Although Id guess vlans on the same port would work just as fine.

• Room in performance for future additions. (like 'hey lets include this in my pfsense'.) I can not fully predict in total what I will do with it. Its a learning curve. But I prefer to get hardware once, instead the need to replace a year later.

• I have around 5 clients max usually. And most are in low usage. But this could change in the future.

• latency times and steady streaming are requirements. (gaming and stuff like netflix)

I noticed supermicro had some nice motherboards, but their info claims its not freebsd compatible. (as in its not tagged on in the compatibility list)
Im also wondering how strong the cpu truly needs to be. I understand cpu = throughput, but surely that also matters on how many clients require connection?

I haven't considered the hardware in the store because so far I see it needs to be important which raises the cost. And like I said, I really really want it to have something like IPMI.
I read I can best handle wifi with a accesspoint and not freebsd, so lets not worry about that.

I'm sure i've left plenty of open points where you would like more info, so feel free to ask.

Guest

PC Engines

• APU1D4
• APU2B4 (Q1/2016)

Jetway Intel Celeron J1900 or N2930 Boards
power saving, powerful and strong enough

• 4 Cores
• Intel GB LAN Ports
• 2 miniPCIe Slots + SIM

pfSense Store units
Supports Intel QuickAssist & AES-NI

• SG-2440
• SG-4860
• SG-8860

Supermicro Intel Atom C2358, C2558 and C2758 ("Rangeley")
Supports Intel QuickAssist & AES-NI

• A1SRi-2758F (8 Cores / 8 Threads)
• A1SRi-2558F (4 Cores / 4 Therads)
• A1SRM-LN5F-2358 or A1SRM-LN7F-2358 (2 Cores / 2 Threads)

Supermicro Intel Xeon D-15x8 mini ITX boards
D-1518, D-1528 and D-1548 are networking accelerated models

• AES-NI support for encryption (VPN)
• DPDK enabled software support
• Intel QuickAssist support

You will be able to use all this platform either for pfSense or FreeBSD, more or less using all the given
potential functions, options or features.

DCDarkling

Excellent. Many thanks.

I will take your list and research myself from there on to see what best fits for me.
I was worried to get hardware which isnt supported, so having a list for me to work with is simply excellent.

If I get more questions I shall let you all know.

pfsense_me

Hi
You can also check this one:
http://www.aliexpress.com/item/4-ethernet-ports-motherboard-J1900-fanless-J1900-2-5-HDD-inboard-BYPASS-supported-High-performance-Router/32421366325.html
I've received mine a few days ago and from now on it seems to work great :)
If you need less power, the same one exists with J1800 CPU.
See here: https://forum.pfsense.org/index.php?topic=102983.0

DCDarkling

Thanks. Ill also note it down. Have a look at it.

whosmatt

Can't go wrong with one of the SuperMicro boards.  The IPMI on those is top notch.

Guest

@DCDarkling:

Excellent. Many thanks.

I will take your list and research myself from there on to see what best fits for me.
I was worried to get hardware which isnt supported, so having a list for me to work with is simply excellent.

If I get more questions I shall let you all know.

• Pending on pfSense and FreeBSD all Boards were matching
• Related to the IPMI only the Supermicro Boards were matching

DCDarkling

Then it will probably be a supermicro board. IPMI (or a similar technique) is a requirement.

Once again, thanks for letting me know.
I am quite wary to buy boards when I am unsure if its compatible with freebsd/pfsense. To hear that they are is quite helpful indeed. (As I stated before)

And your new comment about IPMI shortens the list drasticly. ;)
What the exact difference between the supermicro boards is im of now still unsure, but thats easy for me to lookup ofc. ;)
(I meant the more advanced stuff, obviously not the core difference)

But I am starting to repeat myself, so I guess I know what I need to for now. :D

Guest

The Supermicro boards, named by me in the above lines, are equipped with different SoCs!

• On is the Intel Atom C2x58 (Rangeley) series from 2 to 8 CPU Cores
• The other series is equipped with Intel Xeon D-15x8 SoCs that is stronger and more powerful
  From 4 Cores only till 16 CPU cores with 32 threads this boards will be sorted.

Both series are supporting AES-NI for a better VPN throughput, DPDK over AVX/AVX2 CPU registers
that will be able to run DPDK enabled software for faster Layer2/3 routing as an example and at least
the Intel QuickAssist Supports for en- and decryption and de- and compression for a better throughput.

On your admin console PC you could run the IPMI management CD/DVD and connect to the IPMI Port
as it is local connected to watch the boot queue and do settings or management things on the board.

DCDarkling

yeh, that is one of the reasons why i wanted to go IPMI. My research on IPMI went quite well. No questions there. :D

I assumed the other soc was more powerful. Xeon is usually serverside, atom.. not always if I remember ok.
Which basicly boils down to what power do I need.

If all boards can do what I need, its probably just deciding what kind of future buffer I want. Perhaps compare details like ECC memory etc. But thats preference, not requirement. ;)
I strongly doubt I need 16 cores. So im likely better of not going TO high. (buffer is nice but should be within reason aye)
Unless you say I cant do what I want with the lower ones. One of the reasons I made the topic is my inability to correctly gauge my cpu need. (although the info on the site is a indication of course.)

Quickassist boosting throughput may be interesting to keep in mind. :)

Guest

yeh, that is one of the reasons why i wanted to go IPMI. My research on IPMI went quite well. No questions there. :D

And with no extra charge like other vendors are taking for a option like this!

I assumed the other soc was more powerful. Xeon is usually serverside, atom.. not
always if I remember ok. Which basicly boils down to what power do I need.

It all depends on the used functions and offered services for sure and last but not least on the
budget you have!

If all boards can do what I need, its probably just deciding what kind of future buffer I want. Perhaps compare details like ECC memory etc. But thats preference, not requirement. ;)

ECC RAM usage is given on both boards.

I strongly doubt I need 16 cores. So im likely better of not going TO high. (buffer is nice but should be within reason aye)

Go with the Intel Atom C2758 mini ITX board. It might be the best choice between performance, need and
future proof headroom.

Unless you say I cant do what I want with the lower ones. One of the reasons I made the topic is my inability to correctly gauge my cpu need. (although the info on the site is a indication of course.)

You can either go with the Intel Xeon D-1518 or D-1528 network accelerated boards from Supermicro.
DDR4 2133MHz ECC RAM, M.2 2242 (short) or 2280 (long) SSD (Samsung 950 Pro 2500 write and 1500 read)
Much more power and future proof related to the tech. specs.

Quickassist boosting throughput may be interesting to keep in mind. :)

• AES-NI ist fully supported now.
• Intel QuickAssist they are working hard on this to use for us
• netmap & DPDK enabling, they are also working on this features

So all in all for the named above things you will be happy for a longer time with the Supermicro C2758 board
with perhaps 8 GB or 16 GB ECC RAM and a SSD. it will be enough to fitting your needs.

DCDarkling

Once again.. many thanks & excellent.

I haven't even had time to research your answers. You reply fast haha.
Yeh I will definately look at your suggestions. Although I have the feeling from your replies that the xeon boards are probably more then I realistic need.

Budget is not a issue perse. of course I wont spend thousands on it, but I prefer to spend big once then replace the hardware every 2 years. ^^

Thankfully I am not lacking in my knowhow of other hardware like SSDs so now worries there. :)
One of the reasons im doing this project for myself is to gain more insight in areas where my it knowhow is lacking. (Freebsd, networking at a level like this, etc)

But from a quick look I will probably go for the A1SRi-2758F. I already came across it in the past (but was worried if it worked with pfsense/freebsd).
It also seems I can get it easily enough.
ecc memory isnt that hard to find, its clearly specified whats compatible.

The casing will probably take some searching but im not worries. Size isnt a issue. I still have a good SSD in storage, can always upgrade. :D

Thanks.

Guest

Although I have the feeling from your replies that the xeon boards are probably more then I realistic need.

If you go with the intel xeon D-1548 (16 Cores / 32 Threads) Supermicro board and a adequate M.2 (2280)
Samsung 950 Pro for the Hypervisor host OS and then pfSense, freeBSD and FreeNAS as a VM guest you will
be perhaps also really lucky with this! This might be even all coming together with which things you could life.

But this board might be launched in Q1/2016 for ~$950 and together with RAM, RAID Controller, 4 HDDs
and the M.2 SSD you will be paying then not less then ~$1800 as I see it right.

So I love more to get my hands on installed OS bare metal and also two smaller boards with a
Supermicro case.

Supermicro SC721 TQ-250B with PSU ~200 €

Supermicro SC101i ~74 €
Supermicro internal 80 Watt PSU for SC101i MCP-250-10103-0N ~87 €

M350 mini ITX case ~60 €
Netzteil DC-DC picoPSU-160-XT ~62 €

Or a separate stand alone FreeBSD machine for playing around later on top?
Jetway NF9HG-2930 Intel Celeron Quad Core Fanless PC ~$299

Its your choice, perhaps you let the Christmas hype running beside and in the new year you will consider
to chose a  adequate solution for you.

DCDarkling

You are correct in that I could go for the stronger board and combine it with a NAS and stuff.
I am actually planning to build a NAS also, which will also will run on freebsd.. So there is logic in your idea.

I already considered it myself and rejected the idea. I want the devices separate. There are some practical reasons for this on my end. I will make it work, now worries there. ;)
So I will most likely in the future go for a seperate board for both the firewall and nas. But im focussing on the firewall first.

One project at a time. ;)

Yeh, I glanced over the cases you linked. They are good ideas. I will look into it in more detail. I am totally not worried about finding anything compatible in terms of casings or psu.

No worries, I can definitely continue with all the advice you gave on the motherboards and cpu's.

bluepr0

did you go with the A1SRi-2758F finally? I'm also looking for a good board to build a new pfsense box

DCDarkling

I am planning to go with the A1SRi-2758F, as so far I understood it works with pfsense.

Im not in a big hurry for this project so I am taking all steps easy. I just finished making the list of all hardware (combined with what I can easily order).
So next step is truly ordering it and then I can continue.

Wont be days, but I will. :)