Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hey, pfSense team: no love for old hardware?

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    26 Posts 16 Posters 6.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vbentley
      last edited by

      I made the jump to 'old' 64-bit hardware around the time of 2.1.5 and I am pleased that I did. I still have one 32-bit pfSense machine in service but that's simply because it is practically silent and is used in a noise sensitive area. I reluctantly scrapped most of my 32-bit hosts at the recyclers and bought thirteen old 64-bit server class machines to replace them for less than the cost of a budget spec new Windows10 laptop.

      I think amd64/x64 hardware will be common for a long time yet but ARM kit will flash by as quick as mobile phone hardware does. I am surprised about pfSense considering ARM it must be a 'factory' requirement. For the Community Edition ARM has the added complexity of processor variety that is almost proprietory with bits and bobs of some ARM versions being used in others E.g. RaspberryPi ARM6+7 as well as 32-bit and 64-bit versions needing some GPL violating binary blob for some functionality.

      Trademark Attribution and Credit
      pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        Please stop using hardware more than 8 years old. Supporting old hardware holds everyone back. Either you're moving forward or backward.

        1 Reply Last reply Reply Quote 0
        • O
          openletter
          last edited by

          @Harvy66:

          Please stop using hardware more than 8 years old.

          No, thank you.

          pfSense 2.4.3-RELEASE (amd64) installed to PC on Samsung 860 EVO mSATA 256 GB SSD with Supermicro X11SBA-LN4F, Intel Pentium N3700, 4 GB RAM, 4 mobo 10/100/1000, 1 PCIe 10/100/1000 x4 NIC (HP NC364T), and APC Smart-UPS SMT1500.

          1 Reply Last reply Reply Quote 0
          • L
            LFCavalcanti
            last edited by

            @Harvy66:

            Please stop using hardware more than 8 years old. Supporting old hardware holds everyone back. Either you're moving forward or backward.

            I don't think what matters here is the age of a piece of hardware, but the technology standards it conforms to.

            There's a huge difference between an Intel Pentium 4 an a Core i7 for sure, but not much difference between a Core 2 Duo and a Core i7 when it comes to hardware compatibility.

            Performance in the other hands has to be scaled, but that's another conversation entirely…

            In any case, the SG-2440 on the pfSense store does better with a cheap price than most old Hardware you can buy.

            –

            Luiz Fernando Cavalcanti
            IT Manager
            Arriviera Technology Group

            1 Reply Last reply Reply Quote 0
            • N
              NOYB
              last edited by

              @Harvy66:

              Please stop using hardware more than 8 years old. Supporting old hardware holds everyone back. Either you're moving forward or backward.

              Free hardware trumps holding you back every time.

              1 Reply Last reply Reply Quote 0
              • J
                jwt Netgate
                last edited by

                Some things that have no initial cost are still not free.

                1 Reply Last reply Reply Quote 0
                • chpalmerC
                  chpalmer
                  last edited by

                  @jwt:

                  Some things that have no initial cost are still not free.

                  Like the school district north of me that in the earlier part of last decade had a donor that wanted to give them 20 brand new computers.

                  The district thought about it and decided to not accept the donation based on the ongoing maintenance and replacement costs that would follow.

                  Triggering snowflakes one by one..
                  Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                  1 Reply Last reply Reply Quote 0
                  • ivorI
                    ivor
                    last edited by

                    @openletter:

                    @Harvy66:

                    Please stop using hardware more than 8 years old.

                    No, thank you.

                    You would like to keep your old hardware but use new software?

                    Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                    1 Reply Last reply Reply Quote 0
                    • M
                      MontTech
                      last edited by

                      I think its time to dig out that old 286 that I have stashed in the garage!  ;D

                      1 Reply Last reply Reply Quote 0
                      • D
                        divsys
                        last edited by

                        I think its time to dig out that old 286 that I have stashed in the garage!

                        Don't laugh, up until pfSense 2.2.5, I had one site still running on an old P-III w/384MB RAM

                        They finally succumbed to progress and  moved into the 90's with a 64 bit machine - last year

                        -jfp

                        1 Reply Last reply Reply Quote 0
                        • dennypageD
                          dennypage
                          last edited by

                          The days of grabbing an old piece of junk out of the closet and repurposing it are coming to an end.

                          Increasingly in the industry, new software requires new hardware. It's becoming a simple fact of life. There are many good reasons behind this, but two that I will call out are 1) the greater overall system advances that are achieved by the software taking advantage of the new hardware, and 2) the dramatic reduction in QA and support costs. The economics are plain and simple. Given a option between "how do we make this work on 5+ year old hardware" and "how can we make use of Intel's new instruction set", the choice is clear. [Btw, don't assume that because something is open source that economics don't apply–the currency is people's time.]

                          And at some point, all other things aside, old hardware becomes a loosing proposition. The bathtub curve always wins in the end.

                          Five years and out. Trending down.

                          1 Reply Last reply Reply Quote 0
                          • D
                            docdawning
                            last edited by

                            I'm sad 32bit support has ended as I got a real kick out of my router being a 2004 vintage P4 box I got for free. I've had a lot of great years with this machine. Now, I'm replacing it with a Xeon-based machine I bought from a recycler for about $30. No more will I be on 768MB of RAM, but rather 6GB. Thing is, for what my router does, which is definitely routing and the like, the P4 probably could be good for some years to come. I don't really need or want pfsense to add tons of other features, as I like my infrastructure to be compartmentalized. No matter, the change is more of a minor inconvenience than anything. I might whine more if I were paying anything, but you know… I'm not. So thanks pfsense!


                            UPDATE: Here I am about an hour later, running on my "new" pfsense router. I gotta admit the switch from a Dell Optiplex GX260 to a Dell Precision 490 (P4 2.26GHz, 1core, 768MB memory to Xeon 5120 1.87GHz, 4 threads, 6GB memory). This $36 Xeon dumpster box from around 2010 should serve me well for another decade or four. I bet it'll be retired only to switch to something more power efficient. My exported pfsense had a lot of customizations in it, but it imported easily. The only issue at all was some interface names had changed. pfsense handled that easily. I even brought over one of my PATA drives without much effort (I use it for squid cache). Hah. Retro upgrade.

                            Based on numerous before and after throughput tests (speedtest.net), seems my latency is about the same, in some cases a lot higher, in a few cases barely faster. My up and down throughput remains basically identical to before dumping my P4 rig. Any of these changes may simply be due to the time of day (Saturday, mid-day).


                            UPDATE 2: Well, my new machine derailed pretty hard after not too long. After the initial install, I imported my old config. Then I updated one minor pfsense release to the latest version successfully. Then I made some minor config changes and added a line to my /etc/fstab that I confirmed working by invoking it from the command-line. Finally, I did a last reboot to confirm all was stable and it died with this message:

                            I tried a few minor things to recover, but ultimately just reinstalled. But this time I opted not to bother with ZFS and just went with UFS. I've added back my fstab mod and all's well. Everything's updated again, reboots are survived. I'm inclined not to blame ZFS, but.. Maybe.

                            1 Reply Last reply Reply Quote 0
                            • K
                              kejianshi
                              last edited by

                              dennypage - I disagree.  I think the reasonable limits for an opensource project should be OS limits.

                              For example…  An OS won't boot with less than a certain amount of ram.  Or the OS removed support for this or that hardware.

                              If you have to spend time writing code to exclude certain hardware, you are not acting like any opensource project I know of.

                              Hell - Go that route and people will just buy cisco.

                              1 Reply Last reply Reply Quote 0
                              • chpalmerC
                                chpalmer
                                last edited by

                                @kejianshi:

                                dennypage - I disagree.  I think the reasonable limits for an opensource project should be OS limits. 
                                Hell - Go that route and people will just buy cisco.

                                Dude-  Your replying to a post from April 2016..    ;D

                                But have you tried to run Cisco software on a non Cisco device?    Good luck!

                                32 bit has another year of updates at this point.  At the end of that year the boxes are not going to magically stop working..  (well, maybe have a higher failure rate due to age)

                                People still using 32 bit equipment will still be more secure than consumer grade store bought routers bought today in a couple of years I bet.  But it gives them time to plan and find a new AES-NI box.  :)

                                Triggering snowflakes one by one..
                                Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                                1 Reply Last reply Reply Quote 0
                                • DerelictD
                                  Derelict LAYER 8 Netgate
                                  last edited by

                                  Not building and maintaining and testing the 32-bit subsystem is not more work as asserted. It is less work.

                                  Chattanooga, Tennessee, USA
                                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                  1 Reply Last reply Reply Quote 0
                                  • K
                                    kejianshi
                                    last edited by

                                    In my case I was referring to AES-NI.  Which I still think 95% of users don't NEED.

                                    For most people its just a cool spec they get to "oooooohhhhh" over when they look at their dashboard.

                                    I run VPNs on every box I've installed, so I probably NEED it more than most.  And I still don't need it.

                                    If I had gigabit connections on both ends of a VPN tunnel I probably would.  Thats still an extremely small percent of users.

                                    1 Reply Last reply Reply Quote 0
                                    • ivorI
                                      ivor
                                      last edited by

                                      Let's not revive old threads please. The 64bit and AES-NI requirements have been discussed many times, it's time to move on. Thank you.

                                      Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.