Intel Mini-ITX Atom 8-core Hardware Build Recipe Available Here
-
I wanted a more power efficient pfsense box so I saw this thread with this build guide.
My previous PFSense box. An i5-2500k, 8gb ram, dual intel NIC
I was about to get my full gig up and down from Centurylink with it doing there speed test.
With this machine, I can't get past 700mbps but my upload I'm hitting 930mbps
I thought this could be Century link but I put my i5-2500k box in to double check and I'm getting 940mbps up and down constantly.
This is running the latest version of pfsense. Any help would be greatly appreciated.
I've read WAN-NAT is based on single core speed. Would getting an G3258 be good for this? It's just for my apartment. 5-10 devices connected at a time.
I'm seeing really similar things as you. My upload is hitting 800+mbps but downstreams are no better than 550/600. This is also with centurylink gigabit fiber.
What's really interesting is, I have a host on the other side of the WAN port that's local, and iperf will easily hit 930mbps down/up.So initially I just assumed that something on the fiber was the bottleneck, but if i use centurylink's router, i get 800+ both ways. Looks like I'll have to look into some tuning to see if I can figure out what's going on.
Disabled bandwidthd. I'm not at 750mbit/s down.
-
What's really interesting is, I have a host on the other side of the WAN port that's local, and iperf will easily hit 930mbps down/up.
With counting the TCP/IP overhead on top you will be nearly the 1 GBit/s.
iPerf 3.0 and using the command for multi core usage would be bringing much more speed or throughput
but if this would be not able to saturated or converted in "real life", it would be also not the hit you have
been searching for. Its a shame I would really love to know if more owners of this setup are having the same
problems as you where reported here. Ok with 930+ MBit/s you can easily life I think, because the TCP/IP overhead must be counted on that on top and 3% - 5% loosing during or through the SPI/NAT phase.
And for each 10 - 20 firewall rules you can count some less throughput also.So initially I just assumed that something on the fiber was the bottleneck, but if i use centurylink's router, i get 800+ both ways. Looks like I'll have to look into some tuning to see if I can figure out what's going on.
The only one I could suggest is the PowerD HI adaptive and mbuf sizes.
- PowerD (hi adaptive) to use all CPU cores right
- mbuf size because for each core and LAN Port a queue will be created and for 8 Cores and 4 LAN Ports
you will have then created 32 queues and open!
So playing around with this two functions and/or numbers would be really good to start.
-
@BlueKobold:
With counting the TCP/IP overhead on top you will be nearly the 1 GBit/s.
iPerf 3.0 and using the command for multi core usage would be bringing much more speed or throughput
but if this would be not able to saturated or converted in "real life", it would be also not the hit you have
been searching for. Its a shame I would really love to know if more owners of this setup are having the same
problems as you where reported here. Ok with 930+ MBit/s you can easily life I think, because the TCP/IP overhead must be counted on that on top and 3% - 5% loosing during or through the SPI/NAT phase.
And for each 10 - 20 firewall rules you can count some less throughput also.Right, with iperf 930mbit is really close to the theoretically maximum of 940. Close enough that so many other variables might come into play to affect it that I'd not think about it anymore.
But it's really odd that to a host on the WAN side gets me 930mbit from the LAN side, but that I only get 750mbit downstream through the gigabit fiber ethernet. If I use centurylink's own router, I get 850-900, so I know the link is capable of getting closer to gigabit.
The nat/firewall overhead should be same to a host on the other side of the WAN as it would be out gigabit fiber connection. So if the overhead isn't affecting the iperf requests to the other host, it's probably not an issue out to the internet either.
The only one I could suggest is the PowerD HI adaptive and mbuf sizes.
- PowerD (hi adaptive) to use all CPU cores right
- mbuf size because for each core and LAN Port a queue will be created and for 8 Cores and 4 LAN Ports
you will have then created 32 queues and open!
So playing around with this two functions and/or numbers would be really good to start.
I've already tried setting to hiadaptive and maximum with no affect.
524888 mbufs and I've never seen it go above 50000I also found a freebsd network stack tuning page and read up on it and tried:
net.inet.ip.redirect=0
and net.inet.ip.fastforwarding=1Both with no affect.
-
I pay about 23 USD / month for 1Gbit/200Mbit + 150 digital TV channels + landline phone.
Damn! I think I'll have to move do Buda-pest.. I was checking Broadband rankings and I found few EU nations having great speeds.. and S.Korea/ Singapore.
Which ISP is this & where in BP {General area.. I heard not all ISPs are everywhere?}? -
The service packages they sell: http://digi.hu/ajanlat/internet/lan
"Ft/hó" means HUF/month; "Sávszélesség" means bandwidth (achievable max) and "Garantált sávszélesség" means the minimum guaranteed bandwidth you get at any time. In the evenings the upload speed can go to as low as this, downloads are stil close to the max (measured with speedtest.net against a server in Budapest).Click on "MEGRENDELÉS" (starts a place order wizard), it will show you a dropdown list with locations in Hungary where they offer services, (Város = city, Utca = street) look for "Nagysebességű internet", that means high speed internet. They offer it not only in Budapest.
The network quality the build is not top in terms of hardware (they have fiber until the main building, and then some mid-category coverter splits this up to copper, and Cat5e goes to each apartment), never had issues though. They give a ZTE ZXHN H298N as CPE which provides an analog telephone line via some VLAN-ed VoIP. You have to use this if you want to keep the phone line, if you use your own router/firewall, you can't use your own ATA to reach the VoIP service on your own. This is true for home users. There are bussiness class services too, but they are in a different price range… -
Hi all, I took the Atom build and am using it at my company since we only have comcast 100 down / 10 up until I have another use for it.
I'm happy with my current build. Powerdraw is 30watts on load
- i3-4150T (35w TDP)
- Asrock ITX board H97
- 16GB Corsair DDR3 sitting around
- 128GB Kingston SSD
- Silverstone MiloML05B
- Silverstone 450W SFX
I'm getting 930mbps+ up and 930mbps+
Packages I'm running: Snort, Bandwidth D, Squid, OpenVPN
-
started a second thread, then did more research and i found this:
https://forum.pfsense.org/index.php?topic=92718.0Summary - FreeBSD + PPPoE only uses a single rx queue.
Makes sense now. Single threaded performance of the C2758 isn't enough to keep up, and PPPoE limits it to a single queue.
Guess I'll have to wait for this to be implemented.
-
fyi- if you want the CPU fan the p/n is
Specifications
Mfr Part Number: SNK-C0054A4L
Application: Motherboard - X9SCV-QV4/X9SCV-Q
Socket Type: Socket G2 (rPGA 988B)
CPU Support: Intel 2nd Generation Core i7/ i5/ i3, Pentium, Celeron Mobile Processors
Fan Speed: 6500 RPM (4-pin PWM Controls)
Noise: 36.6 dBA
Dimensions: 60.0 x 60.0 x 31.5 mmhttp://smile.amazon.com/dp/B005NJQ6T2
I had an idle temp of around 30 Celsius but when I did anything it would quickly ramp up to 60-70 degrees. Now I'm consistently down to 27-30 Celsius.
I have no idea how the temp got soo high so the $25 expensive fan was worth it to me. They must've given me the mobo one of you probably returned lol.
When I emailed Supermicro they said not to use the mouting bracket- it's the same metal piece underneath the mobo already. You could probably get a 4 pin fan of the same size and slap fan on the CPU but this has a metal case enclosing the heatsink and the fan sits on top of that plate. I guess so it doesn't melt from my scorched cpu.
The case I used was Morex 5689 Locking Mini-ITX Case With 60W PSU. It's an ok case but I don't think I'd recommend it unless you want to save having to look for a PSU as well. It does come with a wall-mount bracket and it locks to the bracket if you were using it for something commercial or as a carputer or something. I wouldn't buy it again for home use, necesarily, because the case takes 11 screws to remove. 4 of which you'd have to use the key to get to- thus, it's made for physical security I suppose.
-
I have a question about the ethernet buffer issues here. If you have 16 or 32gb of RAM, do you still have the problems and need to send the command to the kernal for the buffers?
-
I have a question about the ethernet buffer issues here. If you have 16 or 32gb of RAM, do you still have the problems and need to send the command to the kernal for the buffers?
IIRC, it is especially required if you have a lot of memory.
-
I have a question about the ethernet buffer issues here.
pfSense is based on FreeBSD and the kernel was historical growing up as the basis of the FreeBSD
system and in former days or before a long time, this kernel space was more then big in size and
sufficient enough to handle the former Internet connection and hardware given NIC speed.But now together with the actual hardware and todays Internet link speed from something around of
1 GBit/s at the WAN port, it comes to more or less problems. But while FreeBSD is able to handle a real
huge amount of system memory (RAM), the kernel space or memory can be freed by high up or increase
the mbuf size that there it will be able to reach better results.If you have 16 or 32gb of RAM, do you still have the problems and need to send the command to the kernal for the buffers?
Yep, with 16 GB of RAM you will be able to set up the mbuf size to 1000000 or higher. In some rarely cases
it would also be helping to shorten this size to 65.000 or less, but not even! But this is not all about the RAM
you could also assign a higher amount of memory to Squid or for other things. The packet filter, the IP forwarding parts, and even NAT (part of pf, but run at a different phase) all hit the memory system.
It's likely not that your CPU can't keep up, it's more that your memory system is saturated.As I see it right the real angle point here is that the PPPoE part is using only a single CPU core and
if this CPU or SoC is not really strong enough you will be getting lower speed or plain throughput at
the WAN interface. Tis could be changing with netmap-fwd in the next release of pfSense and/or
perhaps with Intel QuickAssist in version 2.3 or even later with much luck something that is called
DPDK over the AVX/AVX2 CPU registers, that might be speeding up the entire Layer3 packet forwarding
part massively for us. I will see with what the developers are surprising us in the final version 2.3 -
Sir Loin,
What SSD are you using with this build?
And how exactly did you install pfSense? Through the Serial port, usb stick etc?.. Which Serial cable did you use?
-
I am using a Samsung 850 Evo 250GB. But any SATA SSD (and probably any size over 32GB) will do. I installed though a USB stick. I don't have a serial cable.
-
how much better would this be than the RCC-VE 2440? it will cost me about $150 more. I run open vpn have quite a few computers and devices in my house and have 100/10 Internet.
-
Thanks for the build details Sir Loin. I built the same setup off of your recipe and its working great. Just need some screws to install the fans and I'll be set.
-
@Sir:
The A1SRi-2758f works with either the 4-pin connector or the 20-pin connector, but not both at the same time (per motherboard manual chapter 1-6 on page 1-12). This power supply works with this motherboard. You will need a 4-pin power cable extender. Additionally, you will need a Serial ATA 15 Pin Female to LP4 Female Power Cable to connect power to the hard drive or SSD of your choice, if you are not using only USB memory stick for boot or storage. Alternatively, this power brick + picoPSU combo will work and has the hard drive power connector built in.
Just want to point out that the SATA 15 pin female to LP4 connector is injection molded one and is a disaster waiting to happen. Its a bad choice and we need another recommendation.
-
@Sir:
The A1SRi-2758f works with either the 4-pin connector or the 20-pin connector, but not both at the same time (per motherboard manual chapter 1-6 on page 1-12). This power supply works with this motherboard. You will need a 4-pin power cable extender. Additionally, you will need a Serial ATA 15 Pin Female to LP4 Female Power Cable to connect power to the hard drive or SSD of your choice, if you are not using only USB memory stick for boot or storage. Alternatively, this power brick + picoPSU combo will work and has the hard drive power connector built in.
Just want to point out that the SATA 15 pin female to LP4 connector is injection molded one and is a disaster waiting to happen. Its a bad choice and we need another recommendation.
-
Time to go find one that is safe. Does anyone have a suggestion?
Cables 1 please scroll through the side
Cables 2 custom cable production too
Cables 3 one to two sleeved
Cables 3 one to one sleevedWould be my personal choice.
NZXT CB-43SATA 7.87" 4-Pin Molex to 3 SATA Cable
Link and variant one
Link and variant two -
Thanks Frank. Looks like these cables are of very good quality. But the Molex end needs to be female. I remember it was. Not easy to find one with female end.
-
I had also hard time sourcing a cable. I ended up cutting non needed parts from an coverter cable with like 6 plugs.
But that is also the molded type :(