Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Braswell N3150 with Intel NICs

    Scheduled Pinned Locked Moved Hardware
    27 Posts 9 Posters 22.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bluepr0
      last edited by

      @BlueKobold:

      If I would not waiting on the new Supermicro Xeon D-1518, D-1528 or D-1548 platform upgrade that
      will be launched at Q1/2016, I would personally also go with a SG-4860/SG-8860 or a self made C2758
      pfSense box.

      Oh, those CPUs are looking nice!. Do you think that it would be a good idea to mix into one of these a NAS and pfSense using ESXI 6.0? I read the integrated LANs like i350 have virtualisation capabilities so it will be the same as running it native (or almost, I guess… for the pfSense setup I mean)

      I'm not too keen on having pfsense virtualised, but maybe is an interesting option as I also have a NAS running.

      EDIT: how do you find out if a CPU has the QuickAssist? it's not listed in the ark.intel.com database

      1 Reply Last reply Reply Quote 0
      • S
        Sekrit
        last edited by

        So perhaps you will be starting to install at first the pfSense inside of a VM and then you could read about the X11SBA-LN4F board in
        the other thread about any kind of behaviors, perhaps you will turn around or change your mind and
        the Intel Atom C2558 or C2758 platform will be seen in another total different light.

        If I would not waiting on the new Supermicro Xeon D-1518, D-1528 or D-1548 platform upgrade that
        will be launched at Q1/2016, I would personally also go with a SG-4860/SG-8860 or a self made C2758
        pfSense box.

        @BlueKobold you are very helpful. I am not going to rush and buy hardware at this moment. I read the X11SBA-LN4F thread and decided that it's not for me. N3150 board is also untested. New Xeon D series (35-45W) will require active cooling, so will C2758 (25W), not sure about C2558 (15W).  I will read more about pfSense in a VM.

        pfSense 2.3.3-p1 (PFblockerNG, Snort, Squid).  VMware on Supermicro X11SSH-LN4F, Xeon E3-1425 v5, 16Gb

        1 Reply Last reply Reply Quote 0
        • S
          Sekrit
          last edited by

          Guys, what is the Intel's strategy for future of micro server CPUs?  Since they reduced the die size from 22 to 14nm, they came up with with new Atoms (X5 and X7) but with integrated video targeting tablets and Surface. Celeron N3000 series is the cousin of the new Atoms.  If you look into server Atoms, the last chip was launched in Q3 2013 (C27xx).  On the other hand, they are bringing down the Xeon series to small servers but these are not for the micro servers yet since D series are still require min 35W. Where is the new 14nm Atom for micro servers i.e. successor to Rangeley? Will it be SoC or not?  There are so many chips, I am lost.

          pfSense 2.3.3-p1 (PFblockerNG, Snort, Squid).  VMware on Supermicro X11SSH-LN4F, Xeon E3-1425 v5, 16Gb

          1 Reply Last reply Reply Quote 0
          • C
            cross
            last edited by

            There are a lot of CPU's these days it is very difficult to keep up with.  I came across this information a few days ago during my searches for similar reasons and according to the "Intel Public Roadmap" the successor to the C2xxx series is supposed to be the Denverton platform based on 14nm technology.

            Intel Roadmap:
            http://www.intel.com/content/dam/www/public/us/en/documents/roadmaps/public-roadmap-article.pdf

            Denverton News:
            http://www.cpu-world.com/news_2015/2015102901_Some_details_of_Denverton_SoCs_for_microservers.html

            They were originally hoping it would launch late 2015 but now apparently they are shooting for second half of 2016.  Really has not been a lot of updated news on it since Nov/Dec 2015.

            Might be worth holding out for though, with support for up to 16 cores, more memory, and DDR4 - not that most people need that capability for a basic pfsense box but hey i'm not judging.  It will be interesting to see what the initial price point is since the motherboards for the C2xxx series have maintained the value for ~2 years now.  Hopefully they go easy on us consumers!

            1 Reply Last reply Reply Quote 0
            • M
              messerchmidt
              last edited by

              if you want itx and a 14nm chip and intel lan, you either need to buy the expensive supermicro option or find a way to plug the 4x intel lan card to the itx asrock board.

              if you dont mind going matx, this setup works as the matx board has a 16x slot (1x electrical)

              this is running pfsense in a vm in windows server 16 tech preview 4 as server 2012 r2 would crash with hyper v

              20150921_225624.jpg
              20150921_225624.jpg_thumb

              1 Reply Last reply Reply Quote 0
              • C
                chris4916
                last edited by

                @BlueKobold:

                AES,

                If you are using IPSec it will be a really good choice if you are using OpenVPN you will not benefit
                from this feature
                and without Intel QuickAssist this might be so also later.

                Very interesting and useful comments.
                Still I don't understand this one about OpenVPN not faster with AES-NI.
                From OpenVPN.net figures are quite different.

                This said, I've no idea about Quickassist impact which may help even more.
                I was here reacting only to the "OpenVPN with vs. without AES-NI", more with question mark that strong statement BTW.

                Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                1 Reply Last reply Reply Quote 0
                • S
                  Sekrit
                  last edited by

                  @cross:

                  There are a lot of CPU's these days it is very difficult to keep up with.  I came across this information a few days ago during my searches for similar reasons and according to the "Intel Public Roadmap" the successor to the C2xxx series is supposed to be the Denverton platform based on 14nm technology.

                  Intel Roadmap:
                  http://www.intel.com/content/dam/www/public/us/en/documents/roadmaps/public-roadmap-article.pdf

                  Denverton News:
                  http://www.cpu-world.com/news_2015/2015102901_Some_details_of_Denverton_SoCs_for_microservers.html

                  They were originally hoping it would launch late 2015 but now apparently they are shooting for second half of 2016.  Really has not been a lot of updated news on it since Nov/Dec 2015.

                  Might be worth holding out for though, with support for up to 16 cores, more memory, and DDR4 - not that most people need that capability for a basic pfsense box but hey i'm not judging.  It will be interesting to see what the initial price point is since the motherboards for the C2xxx series have maintained the value for ~2 years now.  Hopefully they go easy on us consumers!

                  Thanks, that's the answer I was looking for. 
                  "Next year (2016), Atom C2000-series is going to be replaced with Harrisonville Platform and the next generation Atom SoCs, codenamed Denverton and Denverton-NS. These processors will be manufactured on 14nm technology."

                  pfSense 2.3.3-p1 (PFblockerNG, Snort, Squid).  VMware on Supermicro X11SSH-LN4F, Xeon E3-1425 v5, 16Gb

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sekrit
                    last edited by

                    I wanted to point out this post by jwt on another thread:

                    @jwt:

                    The i210 NICs only have 4 rx/tx queues, which is fine for the 4 core SoC (http://ark.intel.com/products/87261/Intel-Pentium-Processor-N3700-2M-Cache-up-to-2_40-GHz), but you'll find that future versions of pfSense have a minimum 4 core requirement (I might make it 8, I've not decided.)

                    As documented here: http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/i210-ethernet-controller-datasheet.pdf , there are only 4 tx and 4 rx queues on an i210.

                    The SoC is significantly slower than a 4 core Rangeley (1.6GHz on the N3700, 2.4Ghz on the C2558), and this will translate into real-world performance differences.  Someone pointed out 6W .vs 15W, and this is why.

                    Rangeley also has better (i350 .vs i210) NICs.  https://twitter.com/gonzopancho/statuses/643443335114424320

                    I also don't believe in integrated graphics on a standalone networking device.

                    That means we may not be able to run pfsense on 2 core C2338 (SG2220 and SG2440) in the future.  The change may come when Netgate replaces C2338 for the Denverton Atoms.

                    pfSense 2.3.3-p1 (PFblockerNG, Snort, Squid).  VMware on Supermicro X11SSH-LN4F, Xeon E3-1425 v5, 16Gb

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sekrit
                      last edited by

                      Comprehensive Guide to pfSense 2.3 Part 2: Hardware
                      Almost everything a newbie needs to know…
                      Youtube Video

                      pfSense 2.3.3-p1 (PFblockerNG, Snort, Squid).  VMware on Supermicro X11SSH-LN4F, Xeon E3-1425 v5, 16Gb

                      1 Reply Last reply Reply Quote 0
                      • ?
                        Guest
                        last edited by

                        Oh, those CPUs are looking nice!. Do you think that it would be a good idea to mix into one of these a NAS and pfSense using ESXI 6.0?

                        Installing a firewall inside of a VM might be discussed by two different camps, one vote for it and the other not.
                        But, if you are installing it at home, I think it could be a win for you, with a closer view on the electric power
                        usage within. And there was an interesting article about one of these SoCs at www.servethehome.com and
                        they where trying out this construct pfSense and a NAS in different VMs on the Xeon D-1500 platform.
                        But I was not finding it now in the minute, sorry for that.

                        I read the integrated LANs like i350 have virtualisation capabilities so it will be the same as running it native (or almost, I guess… for the pfSense setup I mean)

                        This should be answered by peoples who are running hyper-visors and VMs.

                        I'm not too keen on having pfsense virtualised, but maybe is an interesting option as I also have a NAS running.

                        As told above it might be interesting for home user pending on the electric power usage
                        to have a NAS and pfSense running in VMs, but perhaps there will be soon or nearly another
                        way be opened owed to this point. comment on that by @jwt

                        EDIT: how do you find out if a CPU has the QuickAssist? it's not listed in the ark.intel.com database

                        Not that we are talking here about two different things, there is an existing D-1500 platform and now
                        an upgrade to existing platform and one is Storage accelerated and the other one is network accelerated
                        not likes before one SKU for all! And the newer platform that is network accelerated, ending with an eight
                        likes Xeon D-15x8, only is coming together with; Servethehome article

                        It appears as though the next-generation Intel Xeon D-15×8 networking parts will have a similar impact on performance,
                        if not even greater with their support for DPDK and QuickAssist.

                        • AES-NI (likes before)
                          Is actual used at the moment by pfSense
                        • Intel QuickAssist (new)
                          pfSense team is working on, to insert it in the pfSense code
                        • Intel DPDK (for enabled software) (new)
                          Is on the road map together with netmap as I am right informed
                          As an example, it can be speeding up Layer3 routing and such things as i know, if the DPDK was
                          used to write code or the API from this DPDK was used to write code, but this should be answered
                          by an code writer and not by me. I don´t know writing code and programming.

                        Xeon D-15x1 = storage accelerated SKUs using the SPDK
                        Xeon D-15x8 = network accelerated SKus using the DPDK
                        Servethehome article

                        Very interesting and useful comments.

                        Surely, it was done by @cmb in another thread about VPN and AES-NI. AES-NI inoperative on pfSense 2.2?

                        Still I don't understand this one about OpenVPN not faster with AES-NI.
                        From OpenVPN.net figures are quite different.

                        This might be pending on the point that we are not talking about the same thing as I would imagine
                        for now, but let me try to explain it that it comes more clear to understand. There are two points here
                        we are talking about; OpenVPN & IPSec VPN and the usage and benefit from using AES-NI
                        So one time the usage of AES-NI and one time the benefits from using AES-NI would be the
                        both points to discuss here as I see it right. Please correct me if not so.

                        • OpenSSL is using AES-NI if it is present in the CPU or SoC and OpenSSL is used by OpenVPN
                          but OpenVPN is only AES-CBC at this time and this might be not getting any benefit from the AES-NI

                        • IPSec is using AES-GCM and this is using AES-NI and will also benefiting from this.

                        Or if you need it more sliced and cut;

                        • OpenSSL is using AES-NI if it is present in the CPU or SoC
                        • OpenSSL is used by OpenVPN and this uses AES-CBC
                        • But AES-CBC is not getting no till only a very tiny benefit from AES-NI
                        • IPSec is using AES-GCM
                        • And AES-GCM is using the AES-NI instructions and getting also a huge benefit from that

                        Thats all, please don´t mix it up to hard or read something other out from this.

                        Or in shorter version:
                        IPSec is using AES-GCM and this will benefits from the AES-NI and let growing
                        up the entire throughput from normal 1x up to 4x or 5x.

                        OpenVPN is using AES-CBC but this is not benefiting from the AES-NI and there fore
                        there is no till only some benefit from the AES-NI usage.

                        This said, I've no idea about Quickassist impact which may help even more.

                        Ok but what should pump up both IPSec and OpenVPN? There are two ways to realize this.
                        OpenVPN also gets AES-GCM that is using the AES-NI instructions as said by @cmb in the
                        other thread and OpenVPN is also benefiting from them, or if not so, or not so fast
                        the Intel QuickAssist technology is ready to use in pfSense for compression and decompression
                        that might be speeding up also the OpenVPN without using AES-NI or without AES-GCM.

                        I was here reacting only to the "OpenVPN with vs. without AES-NI", more with question mark that strong statement BTW.

                        If only IPSec with AES-GCM is using AES-NI and speeding up VPNs by the AES-NI instruction set of
                        the CPU or Soc, but OpenSSL in or used by OpenVPN is only using AES-CBC and based on this there
                        will be only a little bit or no benefit from AES-NI there for. Please what was strong now from this statement?

                        That means we may not be able to run pfsense on 2 core C2338 (SG2220 and SG2440) in the future.

                        Can be but I think the comment was more related to the Intel i2xx LAN Ports and the NIC queues that will be
                        produced and must be handled by pfSense.

                        The change may come when Netgate replaces C2338 for the Denverton Atoms.

                        Why should they do so? If the intel Atom C2000 (Rangeley) SoCs become older they are cheaper
                        to buy and if they are sufficient enough to handle 1 GBit/s on the WAN and ~500 MBit/s (SG-4860)
                        VPN throughput it could be a really cheaper then now entry level, home usage or SOHO platform for
                        the pfSense store. And the Xeon D-15x8 SoCs are definitely more enterprise related, so the "Denverton"
                        platform might be a good chance to set up a Pro series between them, or am I wrong with this?

                        1 Reply Last reply Reply Quote 0
                        • S
                          Sekrit
                          last edited by

                          @BlueKobold:

                          The change may come when Netgate replaces C2338 for the Denverton Atoms.

                          Why should they do so? If the intel Atom C2000 (Rangeley) SoCs become older they are cheaper
                          to buy and if they are sufficient enough to handle 1 GBit/s on the WAN and ~500 MBit/s (SG-4860)
                          VPN throughput it could be a really cheaper then now entry level, home usage or SOHO platform for
                          the pfSense store. And the Xeon D-15x8 SoCs are definitely more enterprise related, so the "Denverton"
                          platform might be a good chance to set up a Pro series between them, or am I wrong with this?

                          Rangeley was manufactured 2 years ago on 22nm wafers and it is history for Intel. It's time for another tock. You may not be able to source it anymore.

                          pfSense 2.3.3-p1 (PFblockerNG, Snort, Squid).  VMware on Supermicro X11SSH-LN4F, Xeon E3-1425 v5, 16Gb

                          1 Reply Last reply Reply Quote 0
                          • B
                            BrunoSmi
                            last edited by

                            Well, I've got Windows Server 2012 R2 running with Hyper-V on my CI323 nano after thinkering a bit.

                            The solution that I've used is to download all the Windows 8/8.1 drivers from the zotac site + the Intel chipset driver from JetWay site for NP591 board ( the newest inf driver on the JetWay site is dated 02.june 2016.) and integrated the divers into the install and boot wim files using dism.

                            After installing the Windows Server 2012 R2 did all the possible updates, and only then I've added the Hyper-v role to the Windows. I'm running a virtualized firewall on my CI323.
                            The next step is getting ESXI running on my CI323 or Hyper-v Server, the later could be a problem since the system crashes as soon as it's installed on first boot, so there is no possibility to update the server ( could try updating the server with VT turned off in BIOS).

                            ATM. I've installed Hyper-V Server 2012 R2, with VT disabled and updating Hyper-V, will post results if someone is interested.

                            Kind regards,
                            Bruno

                            1 Reply Last reply Reply Quote 0
                            • S
                              Sekrit
                              last edited by

                              I tried Jetway but decided to return it.  Instead, I changed my server to XeonE3-1245 and supermicro X11 motherboard with a 4 port intel LAN and running pfsense on Vmware under Windows 10.  Addons are snort, pfblocker and Squid proxy. It has been very stable and fast for 6 months.

                              pfSense 2.3.3-p1 (PFblockerNG, Snort, Squid).  VMware on Supermicro X11SSH-LN4F, Xeon E3-1425 v5, 16Gb

                              1 Reply Last reply Reply Quote 0
                              • N
                                netghost
                                last edited by

                                Bruno
                                I have been trying to install ESXi 6.0 on the ci323 nano but with no luck. Everything I have tried so far ends up halting at" Relocating modules and starting up the kernel". Would like to know if you are able to install ESXi on it and how you went about it.

                                1 Reply Last reply Reply Quote 0
                                • K
                                  khorton
                                  last edited by

                                  @Sekrit:

                                  I tried Jetway but decided to return it.  Instead, I changed my server to XeonE3-1245 and supermicro X11 motherboard with a 4 port intel LAN and running pfsense on Vmware under Windows 10.  Addons are snort, pfblocker and Squid proxy. It has been very stable and fast for 6 months.

                                  Which Jetway board did you have, and why did you decide to return it?

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    Sekrit
                                    last edited by

                                    @khorton:

                                    @Sekrit:

                                    I tried Jetway but decided to return it.  Instead, I changed my server to XeonE3-1245 and supermicro X11 motherboard with a 4 port intel LAN and running pfsense on Vmware under Windows 10.  Addons are snort, pfblocker and Squid proxy. It has been very stable and fast for 6 months.

                                    Which Jetway board did you have, and why did you decide to return it?

                                    I had a Jetway JC320U93W-2930-B Intel Celeron N2930 Dual Intel LAN Fanless NUC

                                    It generated too much heat. SO-DIMM was defective or the motherboard was causing memtest errors. SSD I received was DOA. The USB drive that I was using temporarily eventually failed too.  I had enough problems.  I wanted to give it a shot to vmware installation and never looked back.

                                    pfSense 2.3.3-p1 (PFblockerNG, Snort, Squid).  VMware on Supermicro X11SSH-LN4F, Xeon E3-1425 v5, 16Gb

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.