Braswell N3150 with Intel NICs
-
I loved pfSense during my testing and would love to support the people behind this huge effort. I wouldn't mind buying Atom C2338 based 2220 box for home use. However Rangeley architecture is getting old. New Celeron N3150 (Braswell) has 4 cores, integrated graphics, DDR3-1600 and yet TDP is only 6W while dual core Atom C2338 burns 7W. Braswell is built on 14nm, while Rangeley is 22 nm silicon. http://ark.intel.com/compare/87258,81073,78867,71995,77976
I found this Braswell barebone for $195 http://www.bcmcom.com/bcm_product_MX3150N.htm and has dual intel i211 NICs and support AES. By adding memory, case and SSD, it will probably come to same price as 2220, but will have longer life span. And if I change my mind down the road, it will be ready to be converted into a mini desktop pc.
So, should I settle for SG-2220 or go with the Braswell Celeron?
-
I think to answer your question you need to clearly define what your intentions and goals are. Although the architecture for the Atom series is slightly older, this means the platforms have had time to work out most bugs. The SG-2220 is sold as a hardware/software package that has been tested and is ready to use out of the box. I have not heard of any bad experiences with that hardware.
If stability is not as high of a concern and you are more of a "DIY power through the headaches kind of individual", then more cutting edge hardware may be the answer. However, depending on your needs you may not see any real world benefits from the newer hardware. Better graphics of the N3000 series to me wouldn't even be a factor when deciding on hardware for a server platform.
Take some time to figure out what services you would like to run, take into consideration your available bandwidth from the ISP, consider what kind of traffic you will be dealing with, how complex your network will be, etc. Planning in the early stages will save you money and pain down the road.
-
Yes, I am a DIY kind of guy and always built my own PCs. I already installed pfSense and configured the pfblocker and snort. I installed it onto Jetway N2930 and pfsense worked perfectly fine. But the box vs memory went south after 3 weeks probably due to insufficient cooling. But M350 will probably provide better cooling. http://resources.mini-box.com/online/ENC-M350/moreimages/M350-Multiple-Bracket-Options.html
You always take risk when doing things yourself. If the new board turns out to be stable, benefit will be 3x more performance per watt. http://cpuboss.com/cpus/Intel-Celeron-N3150-vs-Intel-Atom-C2338
-
So, should I settle for SG-2220 or go with the Braswell Celeron?
This could not so easy answered by us, because only you will know what you want to install or
which services you want to over in your local area network. The SG-2220 is offering on top of
the 4 GB eMMC storage an M.2 and a miniPCIe slot for storage and WiFI. So if this amount of
RAM is enough for you and you will be not turning it into a fully UTM device and 1 GBit/s WAN
routing on top both units are not the right thing to reach your goals.Building your own appliance will saving even a bit of money for the customer, but if you are only
cheap thinking or buying you will be buy mostly double or twice. -
Total cost comes close to $350 + shipping. This is not about saving money but getting 3x more performance per watt compared to Atom 2338 with the same TDP, 4 cores instead of 2, flexible storage options, dual channel memory, i211 Intel NICs, AES, integrated video for easier installation and troubleshooting. And I can turn this unit into something else anytime I wish.
MX3150N- $200
Morex 557 case- $50
2x4 gb ddr3- $47
mSATA- 30 gb - $30
12v adapter-$25 -
It seems that you are already sold on the newer chip for expectations of higher performance and efficiency which are probably both valid in this comparison.
To be fair about this though, the systems you are comparing are quite different, like comparing apples and oranges. The N3150 is marketed as a mobile processor while the atom is intended for server applications. To say that a newer chip with 4 cores will perform better than an older chip with 2 cores is a non argument. However, this goes back to defining what is important to you as everyone's needs are different. With the mobile chip ECC memory is not an option - I'm guessing this does not matter to you. If you compared the N3150 to an Atom C2530 (with 4 cores) it would at least be a closer contender and I think you would find that their real world processing performance would be very similar with the tip of the hat going towards the celeron for lower power consumption and newer technology advantage.
Some other things you may want to consider would be would you like to have IPMI?
-
Cross, current Atoms (Cherry Trail) are being used in tables and stuff. These architectures are very similar but Intel names them different for the target market. If Atom comes with an extra integrated video with no extra wattage, but named Celeron, I will still take it. I am not sure Atom vs Celeron choice matters for a household firewall. Sticking with Intel NIC is probably more important. Atom C2550 also has 4 cores but comes at the cost of 14W TDP. Another question is, how much pfSense does benefit from 2 extra cores? I didn't have any interest in IPMI since I don't know much about it.
-
This is not about saving money but getting 3x more performance per watt compared to Atom 2358 with the same TDP, 4 cores instead of 2, flexible storage options, dual channel memory, i211 Intel NICs,
Please compare dual core COUs against dual Core CPUs and Quad core CPUs against quad core CPUs.
At first I want to go straight forward and not jumping from site to site and watching out for all
devices available in one price range, but more on what really and exactly you want to do with
this box and pfSense. It might be better to reach really your goals and fit more exact your needs
then saving money and looking for the power consuming of this both CPUs. What is really 6W
against 7W? ~$1,49 each year against ~$3,49 each year (CPU only)?What you want to install and use pfSense to be?
For how many peoples and clients this might be running?
What speed is available at the WAN interface and must be routet?
What kind of LAN switch is there in the game? Layer3 or Layer2?
Firewall only
Firewall & IDS (Snort)
Firewall & IDS (Snort) & Proxy (Squid) as a caching proxy
Firewlal & IDS (Snort) & Proxy (Squid) & SquidGuard & pfBlocker-NG
Firewlal & IDS (Snort) & Proxy (Squid) & SquidGuard & pfBlocker-NG & DPI & VPN
Firewlal & IDS (Snort) & Proxy (Squid) & SquidGuard & pfBlocker-NG & DPI & VPN & HAVP (ClamAV)
On top VLANs & QoS & VOIP & ,…......AES,
If you are using IPSec it will be a really good choice if you are using OpenVPN you will not benefit
from this feature and without Intel QuickAssist this might be so also later.integrated video for easier installation and troubleshooting.
An integrated IPMI Port or a serial console port are the best option to solve out problems.
And I can turn this unit into something else anytime I wish.
And at this point I want more to return to be the first step of all and not the last one!
Otherwise we should only discuss what kind of hardware is the better, stronger or cheaper one
for you, but please trust me if I tell you cheap bought is often buying twice. Nothing against a
coll shot on ebay, fire sale or company closing. But so easy and cheap as wanted by the most users
it is often not do able.Total cost comes close to $350 + shipping.
All in all I don´t know where you are living (country) and what is the shipping cost or fee and tax on top
but a common and fast device that is really running pfSense smooth and liquid is mostly only some coins
away from the self made boxes.I am not sure Atom vs Celeron choice matters for a household firewall.
An Intel Atom C2758 with SSD and up to 64 GB ECC RAM will be much more powerful
then a Intel Celeron. It comes together with AES-NI, Intel QuickAssist and DPDK over
AVX/AVX2 register will be more powerful and long time running or future proof.
The 4 core variant as the SG-4860 will be able to realize a full UTM and 500 MBit/s
VPN throughput.If the SG-xxx units are to high in price the ADI ones coming with the same hardware
but more budget like. But if this will be then also to high in price compared to the power
I really suggest to go with ready assembled boxes. Pending on your budget you needs
you will be able to spend some more coin and get really sorted.Intel J1900 4C/2,4GHz with 2 Intel GB LAN Ports Bare bone ~360 €
Intel N3700 4C/2,4GHz with 4 Intel GB LAN Ports & IPMI Port Bare bone ~420 €RAM & mSATA or WiFi card and all is running well for a long time for you.
MX3150N- $200
Supermicro X11SBA-LN4F (4 Core N3700 CPU @2,4GHz) ~235€
2x4 gb ddr3- $47
Related to the circumstance that your RAM was went south in one case, I would
more have a look on Kingston Value RAM, ECC if able to insert.mSATA- 30 gb - $30
For a pfSense firewall only or perhaps if not many throughput is there together Snort on top
but for more you should have a closer look on a greater model that supports TRIM for sure.12v adapter-$25
The above named models by me, are sold together with the right external PSU & right fitting chassis & board
you are on the save side but fiddling all cheap together might be bringing you more or less problems beside. -
built a setup for a friend using the matx asrock n3150m with an celeron 3150 cpu with a dual port intel 4x pcie card in the 16x slot. operates at 1x electrical @ pcie 2.0, but is more than sufficient.
running pfsense in a vm under hyper v with win server 2016 tech preview 4 (hyper v in 2012 r2 crashes on this board)
-
BlueKobold, thanks for your detailed response.
I am leaning towards your suggestion of X11SBA-LN4F. It is $220 here at US and is a better deal than N3150. But it will require a case with a PSU.
You mentioned the electricity cost of wattage. I was thinking more about heat it will generate. I want to make sure my DIY box will remain fanless. Atom C2758 you suggested has TDP of 20w.
I want to use this for Firewall & IDS (Snort) & Proxy (Squid) & SquidGuard & pfBlocker-NG. VPN is not critical for me. I have more than 3 servers running; Plex media, Jriver Music, file synchronization server (cloud) and multiple webcams. I have 90Mbs/9Mbs and sufficient for streaming video and DSD audio. Servers are running on single hardware; Supermicro X10SAE, Xeon 1246, 16Gb, Windows 10. I have plenty of power at the main server to install pfsense as a VM. If I decide against building my own box, VM is an alternative for me, but I don't know the pros and cons of pfSense as a VM yet.
-
I am leaning towards your suggestion of X11SBA-LN4F. It is $220 here at US and is a better deal than N3150. But it will require a case with a PSU.
Right, this might be a better solution likes the N3150 is offering to you, but nearly the same price and
much more powerful as I see it right. Please have a closer look into this thread here that is talking about
the N3700 board from Supermicro. X11SBA-LN4F vs A1SRi-2558FIt might be enlighten you before you are buying this board or Supermicro Superserver.
Turning it left around or right around, it might be that the Supermicro C2758 board will
be one of the most powerful solutions running smooth and liquid, with an not really unleashed
potential. So I really think the full given power by the Intel Atom C2758 SoC isn´t exhausted at
this time. Together with AES-NI, Intel QuickAssist and DPDK over AVX/AVX2 CPU registers it will
be coming perhaps more as we all should expect at this moment from. So perhaps you will be starting
to install at first the pfSense inside of a VM and then you could read about the X11SBA-LN4F board in
the other thread about any kind of behaviors, perhaps you will turn around or change your mind and
the Intel Atom C2558 or C2758 platform will be seen in another total different light.If I would not waiting on the new Supermicro Xeon D-1518, D-1528 or D-1548 platform upgrade that
will be launched at Q1/2016, I would personally also go with a SG-4860/SG-8860 or a self made C2758
pfSense box. -
@BlueKobold:
If I would not waiting on the new Supermicro Xeon D-1518, D-1528 or D-1548 platform upgrade that
will be launched at Q1/2016, I would personally also go with a SG-4860/SG-8860 or a self made C2758
pfSense box.Oh, those CPUs are looking nice!. Do you think that it would be a good idea to mix into one of these a NAS and pfSense using ESXI 6.0? I read the integrated LANs like i350 have virtualisation capabilities so it will be the same as running it native (or almost, I guess… for the pfSense setup I mean)
I'm not too keen on having pfsense virtualised, but maybe is an interesting option as I also have a NAS running.
EDIT: how do you find out if a CPU has the QuickAssist? it's not listed in the ark.intel.com database
-
So perhaps you will be starting to install at first the pfSense inside of a VM and then you could read about the X11SBA-LN4F board in
the other thread about any kind of behaviors, perhaps you will turn around or change your mind and
the Intel Atom C2558 or C2758 platform will be seen in another total different light.If I would not waiting on the new Supermicro Xeon D-1518, D-1528 or D-1548 platform upgrade that
will be launched at Q1/2016, I would personally also go with a SG-4860/SG-8860 or a self made C2758
pfSense box.@BlueKobold you are very helpful. I am not going to rush and buy hardware at this moment. I read the X11SBA-LN4F thread and decided that it's not for me. N3150 board is also untested. New Xeon D series (35-45W) will require active cooling, so will C2758 (25W), not sure about C2558 (15W). I will read more about pfSense in a VM.
-
Guys, what is the Intel's strategy for future of micro server CPUs? Since they reduced the die size from 22 to 14nm, they came up with with new Atoms (X5 and X7) but with integrated video targeting tablets and Surface. Celeron N3000 series is the cousin of the new Atoms. If you look into server Atoms, the last chip was launched in Q3 2013 (C27xx). On the other hand, they are bringing down the Xeon series to small servers but these are not for the micro servers yet since D series are still require min 35W. Where is the new 14nm Atom for micro servers i.e. successor to Rangeley? Will it be SoC or not? There are so many chips, I am lost.
-
There are a lot of CPU's these days it is very difficult to keep up with. I came across this information a few days ago during my searches for similar reasons and according to the "Intel Public Roadmap" the successor to the C2xxx series is supposed to be the Denverton platform based on 14nm technology.
Intel Roadmap:
http://www.intel.com/content/dam/www/public/us/en/documents/roadmaps/public-roadmap-article.pdfDenverton News:
http://www.cpu-world.com/news_2015/2015102901_Some_details_of_Denverton_SoCs_for_microservers.htmlThey were originally hoping it would launch late 2015 but now apparently they are shooting for second half of 2016. Really has not been a lot of updated news on it since Nov/Dec 2015.
Might be worth holding out for though, with support for up to 16 cores, more memory, and DDR4 - not that most people need that capability for a basic pfsense box but hey i'm not judging. It will be interesting to see what the initial price point is since the motherboards for the C2xxx series have maintained the value for ~2 years now. Hopefully they go easy on us consumers!
-
if you want itx and a 14nm chip and intel lan, you either need to buy the expensive supermicro option or find a way to plug the 4x intel lan card to the itx asrock board.
if you dont mind going matx, this setup works as the matx board has a 16x slot (1x electrical)
this is running pfsense in a vm in windows server 16 tech preview 4 as server 2012 r2 would crash with hyper v
-
@BlueKobold:
AES,
If you are using IPSec it will be a really good choice if you are using OpenVPN you will not benefit
from this feature and without Intel QuickAssist this might be so also later.Very interesting and useful comments.
Still I don't understand this one about OpenVPN not faster with AES-NI.
From OpenVPN.net figures are quite different.This said, I've no idea about Quickassist impact which may help even more.
I was here reacting only to the "OpenVPN with vs. without AES-NI", more with question mark that strong statement BTW. -
There are a lot of CPU's these days it is very difficult to keep up with. I came across this information a few days ago during my searches for similar reasons and according to the "Intel Public Roadmap" the successor to the C2xxx series is supposed to be the Denverton platform based on 14nm technology.
Intel Roadmap:
http://www.intel.com/content/dam/www/public/us/en/documents/roadmaps/public-roadmap-article.pdfDenverton News:
http://www.cpu-world.com/news_2015/2015102901_Some_details_of_Denverton_SoCs_for_microservers.htmlThey were originally hoping it would launch late 2015 but now apparently they are shooting for second half of 2016. Really has not been a lot of updated news on it since Nov/Dec 2015.
Might be worth holding out for though, with support for up to 16 cores, more memory, and DDR4 - not that most people need that capability for a basic pfsense box but hey i'm not judging. It will be interesting to see what the initial price point is since the motherboards for the C2xxx series have maintained the value for ~2 years now. Hopefully they go easy on us consumers!
Thanks, that's the answer I was looking for.
"Next year (2016), Atom C2000-series is going to be replaced with Harrisonville Platform and the next generation Atom SoCs, codenamed Denverton and Denverton-NS. These processors will be manufactured on 14nm technology." -
I wanted to point out this post by jwt on another thread:
@jwt:
The i210 NICs only have 4 rx/tx queues, which is fine for the 4 core SoC (http://ark.intel.com/products/87261/Intel-Pentium-Processor-N3700-2M-Cache-up-to-2_40-GHz), but you'll find that future versions of pfSense have a minimum 4 core requirement (I might make it 8, I've not decided.)
As documented here: http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/i210-ethernet-controller-datasheet.pdf , there are only 4 tx and 4 rx queues on an i210.
The SoC is significantly slower than a 4 core Rangeley (1.6GHz on the N3700, 2.4Ghz on the C2558), and this will translate into real-world performance differences. Someone pointed out 6W .vs 15W, and this is why.
Rangeley also has better (i350 .vs i210) NICs. https://twitter.com/gonzopancho/statuses/643443335114424320
I also don't believe in integrated graphics on a standalone networking device.
That means we may not be able to run pfsense on 2 core C2338 (SG2220 and SG2440) in the future. The change may come when Netgate replaces C2338 for the Denverton Atoms.
-
Comprehensive Guide to pfSense 2.3 Part 2: Hardware
Almost everything a newbie needs to know…
Youtube Video