Braswell N3150 with Intel NICs
-
Cross, current Atoms (Cherry Trail) are being used in tables and stuff. These architectures are very similar but Intel names them different for the target market. If Atom comes with an extra integrated video with no extra wattage, but named Celeron, I will still take it. I am not sure Atom vs Celeron choice matters for a household firewall. Sticking with Intel NIC is probably more important. Atom C2550 also has 4 cores but comes at the cost of 14W TDP. Another question is, how much pfSense does benefit from 2 extra cores? I didn't have any interest in IPMI since I don't know much about it.
-
This is not about saving money but getting 3x more performance per watt compared to Atom 2358 with the same TDP, 4 cores instead of 2, flexible storage options, dual channel memory, i211 Intel NICs,
Please compare dual core COUs against dual Core CPUs and Quad core CPUs against quad core CPUs.
At first I want to go straight forward and not jumping from site to site and watching out for all
devices available in one price range, but more on what really and exactly you want to do with
this box and pfSense. It might be better to reach really your goals and fit more exact your needs
then saving money and looking for the power consuming of this both CPUs. What is really 6W
against 7W? ~$1,49 each year against ~$3,49 each year (CPU only)?What you want to install and use pfSense to be?
For how many peoples and clients this might be running?
What speed is available at the WAN interface and must be routet?
What kind of LAN switch is there in the game? Layer3 or Layer2?
Firewall only
Firewall & IDS (Snort)
Firewall & IDS (Snort) & Proxy (Squid) as a caching proxy
Firewlal & IDS (Snort) & Proxy (Squid) & SquidGuard & pfBlocker-NG
Firewlal & IDS (Snort) & Proxy (Squid) & SquidGuard & pfBlocker-NG & DPI & VPN
Firewlal & IDS (Snort) & Proxy (Squid) & SquidGuard & pfBlocker-NG & DPI & VPN & HAVP (ClamAV)
On top VLANs & QoS & VOIP & ,…......AES,
If you are using IPSec it will be a really good choice if you are using OpenVPN you will not benefit
from this feature and without Intel QuickAssist this might be so also later.integrated video for easier installation and troubleshooting.
An integrated IPMI Port or a serial console port are the best option to solve out problems.
And I can turn this unit into something else anytime I wish.
And at this point I want more to return to be the first step of all and not the last one!
Otherwise we should only discuss what kind of hardware is the better, stronger or cheaper one
for you, but please trust me if I tell you cheap bought is often buying twice. Nothing against a
coll shot on ebay, fire sale or company closing. But so easy and cheap as wanted by the most users
it is often not do able.Total cost comes close to $350 + shipping.
All in all I don´t know where you are living (country) and what is the shipping cost or fee and tax on top
but a common and fast device that is really running pfSense smooth and liquid is mostly only some coins
away from the self made boxes.I am not sure Atom vs Celeron choice matters for a household firewall.
An Intel Atom C2758 with SSD and up to 64 GB ECC RAM will be much more powerful
then a Intel Celeron. It comes together with AES-NI, Intel QuickAssist and DPDK over
AVX/AVX2 register will be more powerful and long time running or future proof.
The 4 core variant as the SG-4860 will be able to realize a full UTM and 500 MBit/s
VPN throughput.If the SG-xxx units are to high in price the ADI ones coming with the same hardware
but more budget like. But if this will be then also to high in price compared to the power
I really suggest to go with ready assembled boxes. Pending on your budget you needs
you will be able to spend some more coin and get really sorted.Intel J1900 4C/2,4GHz with 2 Intel GB LAN Ports Bare bone ~360 €
Intel N3700 4C/2,4GHz with 4 Intel GB LAN Ports & IPMI Port Bare bone ~420 €RAM & mSATA or WiFi card and all is running well for a long time for you.
MX3150N- $200
Supermicro X11SBA-LN4F (4 Core N3700 CPU @2,4GHz) ~235€
2x4 gb ddr3- $47
Related to the circumstance that your RAM was went south in one case, I would
more have a look on Kingston Value RAM, ECC if able to insert.mSATA- 30 gb - $30
For a pfSense firewall only or perhaps if not many throughput is there together Snort on top
but for more you should have a closer look on a greater model that supports TRIM for sure.12v adapter-$25
The above named models by me, are sold together with the right external PSU & right fitting chassis & board
you are on the save side but fiddling all cheap together might be bringing you more or less problems beside. -
built a setup for a friend using the matx asrock n3150m with an celeron 3150 cpu with a dual port intel 4x pcie card in the 16x slot. operates at 1x electrical @ pcie 2.0, but is more than sufficient.
running pfsense in a vm under hyper v with win server 2016 tech preview 4 (hyper v in 2012 r2 crashes on this board)
-
BlueKobold, thanks for your detailed response.
I am leaning towards your suggestion of X11SBA-LN4F. It is $220 here at US and is a better deal than N3150. But it will require a case with a PSU.
You mentioned the electricity cost of wattage. I was thinking more about heat it will generate. I want to make sure my DIY box will remain fanless. Atom C2758 you suggested has TDP of 20w.
I want to use this for Firewall & IDS (Snort) & Proxy (Squid) & SquidGuard & pfBlocker-NG. VPN is not critical for me. I have more than 3 servers running; Plex media, Jriver Music, file synchronization server (cloud) and multiple webcams. I have 90Mbs/9Mbs and sufficient for streaming video and DSD audio. Servers are running on single hardware; Supermicro X10SAE, Xeon 1246, 16Gb, Windows 10. I have plenty of power at the main server to install pfsense as a VM. If I decide against building my own box, VM is an alternative for me, but I don't know the pros and cons of pfSense as a VM yet.
-
I am leaning towards your suggestion of X11SBA-LN4F. It is $220 here at US and is a better deal than N3150. But it will require a case with a PSU.
Right, this might be a better solution likes the N3150 is offering to you, but nearly the same price and
much more powerful as I see it right. Please have a closer look into this thread here that is talking about
the N3700 board from Supermicro. X11SBA-LN4F vs A1SRi-2558FIt might be enlighten you before you are buying this board or Supermicro Superserver.
Turning it left around or right around, it might be that the Supermicro C2758 board will
be one of the most powerful solutions running smooth and liquid, with an not really unleashed
potential. So I really think the full given power by the Intel Atom C2758 SoC isn´t exhausted at
this time. Together with AES-NI, Intel QuickAssist and DPDK over AVX/AVX2 CPU registers it will
be coming perhaps more as we all should expect at this moment from. So perhaps you will be starting
to install at first the pfSense inside of a VM and then you could read about the X11SBA-LN4F board in
the other thread about any kind of behaviors, perhaps you will turn around or change your mind and
the Intel Atom C2558 or C2758 platform will be seen in another total different light.If I would not waiting on the new Supermicro Xeon D-1518, D-1528 or D-1548 platform upgrade that
will be launched at Q1/2016, I would personally also go with a SG-4860/SG-8860 or a self made C2758
pfSense box. -
@BlueKobold:
If I would not waiting on the new Supermicro Xeon D-1518, D-1528 or D-1548 platform upgrade that
will be launched at Q1/2016, I would personally also go with a SG-4860/SG-8860 or a self made C2758
pfSense box.Oh, those CPUs are looking nice!. Do you think that it would be a good idea to mix into one of these a NAS and pfSense using ESXI 6.0? I read the integrated LANs like i350 have virtualisation capabilities so it will be the same as running it native (or almost, I guess… for the pfSense setup I mean)
I'm not too keen on having pfsense virtualised, but maybe is an interesting option as I also have a NAS running.
EDIT: how do you find out if a CPU has the QuickAssist? it's not listed in the ark.intel.com database
-
So perhaps you will be starting to install at first the pfSense inside of a VM and then you could read about the X11SBA-LN4F board in
the other thread about any kind of behaviors, perhaps you will turn around or change your mind and
the Intel Atom C2558 or C2758 platform will be seen in another total different light.If I would not waiting on the new Supermicro Xeon D-1518, D-1528 or D-1548 platform upgrade that
will be launched at Q1/2016, I would personally also go with a SG-4860/SG-8860 or a self made C2758
pfSense box.@BlueKobold you are very helpful. I am not going to rush and buy hardware at this moment. I read the X11SBA-LN4F thread and decided that it's not for me. N3150 board is also untested. New Xeon D series (35-45W) will require active cooling, so will C2758 (25W), not sure about C2558 (15W). I will read more about pfSense in a VM.
-
Guys, what is the Intel's strategy for future of micro server CPUs? Since they reduced the die size from 22 to 14nm, they came up with with new Atoms (X5 and X7) but with integrated video targeting tablets and Surface. Celeron N3000 series is the cousin of the new Atoms. If you look into server Atoms, the last chip was launched in Q3 2013 (C27xx). On the other hand, they are bringing down the Xeon series to small servers but these are not for the micro servers yet since D series are still require min 35W. Where is the new 14nm Atom for micro servers i.e. successor to Rangeley? Will it be SoC or not? There are so many chips, I am lost.
-
There are a lot of CPU's these days it is very difficult to keep up with. I came across this information a few days ago during my searches for similar reasons and according to the "Intel Public Roadmap" the successor to the C2xxx series is supposed to be the Denverton platform based on 14nm technology.
Intel Roadmap:
http://www.intel.com/content/dam/www/public/us/en/documents/roadmaps/public-roadmap-article.pdfDenverton News:
http://www.cpu-world.com/news_2015/2015102901_Some_details_of_Denverton_SoCs_for_microservers.htmlThey were originally hoping it would launch late 2015 but now apparently they are shooting for second half of 2016. Really has not been a lot of updated news on it since Nov/Dec 2015.
Might be worth holding out for though, with support for up to 16 cores, more memory, and DDR4 - not that most people need that capability for a basic pfsense box but hey i'm not judging. It will be interesting to see what the initial price point is since the motherboards for the C2xxx series have maintained the value for ~2 years now. Hopefully they go easy on us consumers!
-
if you want itx and a 14nm chip and intel lan, you either need to buy the expensive supermicro option or find a way to plug the 4x intel lan card to the itx asrock board.
if you dont mind going matx, this setup works as the matx board has a 16x slot (1x electrical)
this is running pfsense in a vm in windows server 16 tech preview 4 as server 2012 r2 would crash with hyper v
-
@BlueKobold:
AES,
If you are using IPSec it will be a really good choice if you are using OpenVPN you will not benefit
from this feature and without Intel QuickAssist this might be so also later.Very interesting and useful comments.
Still I don't understand this one about OpenVPN not faster with AES-NI.
From OpenVPN.net figures are quite different.This said, I've no idea about Quickassist impact which may help even more.
I was here reacting only to the "OpenVPN with vs. without AES-NI", more with question mark that strong statement BTW. -
There are a lot of CPU's these days it is very difficult to keep up with. I came across this information a few days ago during my searches for similar reasons and according to the "Intel Public Roadmap" the successor to the C2xxx series is supposed to be the Denverton platform based on 14nm technology.
Intel Roadmap:
http://www.intel.com/content/dam/www/public/us/en/documents/roadmaps/public-roadmap-article.pdfDenverton News:
http://www.cpu-world.com/news_2015/2015102901_Some_details_of_Denverton_SoCs_for_microservers.htmlThey were originally hoping it would launch late 2015 but now apparently they are shooting for second half of 2016. Really has not been a lot of updated news on it since Nov/Dec 2015.
Might be worth holding out for though, with support for up to 16 cores, more memory, and DDR4 - not that most people need that capability for a basic pfsense box but hey i'm not judging. It will be interesting to see what the initial price point is since the motherboards for the C2xxx series have maintained the value for ~2 years now. Hopefully they go easy on us consumers!
Thanks, that's the answer I was looking for.
"Next year (2016), Atom C2000-series is going to be replaced with Harrisonville Platform and the next generation Atom SoCs, codenamed Denverton and Denverton-NS. These processors will be manufactured on 14nm technology." -
I wanted to point out this post by jwt on another thread:
@jwt:
The i210 NICs only have 4 rx/tx queues, which is fine for the 4 core SoC (http://ark.intel.com/products/87261/Intel-Pentium-Processor-N3700-2M-Cache-up-to-2_40-GHz), but you'll find that future versions of pfSense have a minimum 4 core requirement (I might make it 8, I've not decided.)
As documented here: http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/i210-ethernet-controller-datasheet.pdf , there are only 4 tx and 4 rx queues on an i210.
The SoC is significantly slower than a 4 core Rangeley (1.6GHz on the N3700, 2.4Ghz on the C2558), and this will translate into real-world performance differences. Someone pointed out 6W .vs 15W, and this is why.
Rangeley also has better (i350 .vs i210) NICs. https://twitter.com/gonzopancho/statuses/643443335114424320
I also don't believe in integrated graphics on a standalone networking device.
That means we may not be able to run pfsense on 2 core C2338 (SG2220 and SG2440) in the future. The change may come when Netgate replaces C2338 for the Denverton Atoms.
-
Comprehensive Guide to pfSense 2.3 Part 2: Hardware
Almost everything a newbie needs to know…
Youtube Video -
Oh, those CPUs are looking nice!. Do you think that it would be a good idea to mix into one of these a NAS and pfSense using ESXI 6.0?
Installing a firewall inside of a VM might be discussed by two different camps, one vote for it and the other not.
But, if you are installing it at home, I think it could be a win for you, with a closer view on the electric power
usage within. And there was an interesting article about one of these SoCs at www.servethehome.com and
they where trying out this construct pfSense and a NAS in different VMs on the Xeon D-1500 platform.
But I was not finding it now in the minute, sorry for that.I read the integrated LANs like i350 have virtualisation capabilities so it will be the same as running it native (or almost, I guess… for the pfSense setup I mean)
This should be answered by peoples who are running hyper-visors and VMs.
I'm not too keen on having pfsense virtualised, but maybe is an interesting option as I also have a NAS running.
As told above it might be interesting for home user pending on the electric power usage
to have a NAS and pfSense running in VMs, but perhaps there will be soon or nearly another
way be opened owed to this point. comment on that by @jwtEDIT: how do you find out if a CPU has the QuickAssist? it's not listed in the ark.intel.com database
Not that we are talking here about two different things, there is an existing D-1500 platform and now
an upgrade to existing platform and one is Storage accelerated and the other one is network accelerated
not likes before one SKU for all! And the newer platform that is network accelerated, ending with an eight
likes Xeon D-15x8, only is coming together with; Servethehome articleIt appears as though the next-generation Intel Xeon D-15×8 networking parts will have a similar impact on performance,
if not even greater with their support for DPDK and QuickAssist.- AES-NI (likes before)
Is actual used at the moment by pfSense - Intel QuickAssist (new)
pfSense team is working on, to insert it in the pfSense code - Intel DPDK (for enabled software) (new)
Is on the road map together with netmap as I am right informed
As an example, it can be speeding up Layer3 routing and such things as i know, if the DPDK was
used to write code or the API from this DPDK was used to write code, but this should be answered
by an code writer and not by me. I don´t know writing code and programming.
Xeon D-15x1 = storage accelerated SKUs using the SPDK
Xeon D-15x8 = network accelerated SKus using the DPDK
Servethehome articleVery interesting and useful comments.
Surely, it was done by @cmb in another thread about VPN and AES-NI. AES-NI inoperative on pfSense 2.2?
Still I don't understand this one about OpenVPN not faster with AES-NI.
From OpenVPN.net figures are quite different.This might be pending on the point that we are not talking about the same thing as I would imagine
for now, but let me try to explain it that it comes more clear to understand. There are two points here
we are talking about; OpenVPN & IPSec VPN and the usage and benefit from using AES-NI
So one time the usage of AES-NI and one time the benefits from using AES-NI would be the
both points to discuss here as I see it right. Please correct me if not so.-
OpenSSL is using AES-NI if it is present in the CPU or SoC and OpenSSL is used by OpenVPN
but OpenVPN is only AES-CBC at this time and this might be not getting any benefit from the AES-NI -
IPSec is using AES-GCM and this is using AES-NI and will also benefiting from this.
Or if you need it more sliced and cut;
- OpenSSL is using AES-NI if it is present in the CPU or SoC
- OpenSSL is used by OpenVPN and this uses AES-CBC
- But AES-CBC is not getting no till only a very tiny benefit from AES-NI
- IPSec is using AES-GCM
- And AES-GCM is using the AES-NI instructions and getting also a huge benefit from that
Thats all, please don´t mix it up to hard or read something other out from this.
Or in shorter version:
IPSec is using AES-GCM and this will benefits from the AES-NI and let growing
up the entire throughput from normal 1x up to 4x or 5x.OpenVPN is using AES-CBC but this is not benefiting from the AES-NI and there fore
there is no till only some benefit from the AES-NI usage.This said, I've no idea about Quickassist impact which may help even more.
Ok but what should pump up both IPSec and OpenVPN? There are two ways to realize this.
OpenVPN also gets AES-GCM that is using the AES-NI instructions as said by @cmb in the
other thread and OpenVPN is also benefiting from them, or if not so, or not so fast
the Intel QuickAssist technology is ready to use in pfSense for compression and decompression
that might be speeding up also the OpenVPN without using AES-NI or without AES-GCM.I was here reacting only to the "OpenVPN with vs. without AES-NI", more with question mark that strong statement BTW.
If only IPSec with AES-GCM is using AES-NI and speeding up VPNs by the AES-NI instruction set of
the CPU or Soc, but OpenSSL in or used by OpenVPN is only using AES-CBC and based on this there
will be only a little bit or no benefit from AES-NI there for. Please what was strong now from this statement?That means we may not be able to run pfsense on 2 core C2338 (SG2220 and SG2440) in the future.
Can be but I think the comment was more related to the Intel i2xx LAN Ports and the NIC queues that will be
produced and must be handled by pfSense.The change may come when Netgate replaces C2338 for the Denverton Atoms.
Why should they do so? If the intel Atom C2000 (Rangeley) SoCs become older they are cheaper
to buy and if they are sufficient enough to handle 1 GBit/s on the WAN and ~500 MBit/s (SG-4860)
VPN throughput it could be a really cheaper then now entry level, home usage or SOHO platform for
the pfSense store. And the Xeon D-15x8 SoCs are definitely more enterprise related, so the "Denverton"
platform might be a good chance to set up a Pro series between them, or am I wrong with this? - AES-NI (likes before)
-
@BlueKobold:
The change may come when Netgate replaces C2338 for the Denverton Atoms.
Why should they do so? If the intel Atom C2000 (Rangeley) SoCs become older they are cheaper
to buy and if they are sufficient enough to handle 1 GBit/s on the WAN and ~500 MBit/s (SG-4860)
VPN throughput it could be a really cheaper then now entry level, home usage or SOHO platform for
the pfSense store. And the Xeon D-15x8 SoCs are definitely more enterprise related, so the "Denverton"
platform might be a good chance to set up a Pro series between them, or am I wrong with this?Rangeley was manufactured 2 years ago on 22nm wafers and it is history for Intel. It's time for another tock. You may not be able to source it anymore.
-
Well, I've got Windows Server 2012 R2 running with Hyper-V on my CI323 nano after thinkering a bit.
The solution that I've used is to download all the Windows 8/8.1 drivers from the zotac site + the Intel chipset driver from JetWay site for NP591 board ( the newest inf driver on the JetWay site is dated 02.june 2016.) and integrated the divers into the install and boot wim files using dism.
After installing the Windows Server 2012 R2 did all the possible updates, and only then I've added the Hyper-v role to the Windows. I'm running a virtualized firewall on my CI323.
The next step is getting ESXI running on my CI323 or Hyper-v Server, the later could be a problem since the system crashes as soon as it's installed on first boot, so there is no possibility to update the server ( could try updating the server with VT turned off in BIOS).ATM. I've installed Hyper-V Server 2012 R2, with VT disabled and updating Hyper-V, will post results if someone is interested.
Kind regards,
Bruno -
I tried Jetway but decided to return it. Instead, I changed my server to XeonE3-1245 and supermicro X11 motherboard with a 4 port intel LAN and running pfsense on Vmware under Windows 10. Addons are snort, pfblocker and Squid proxy. It has been very stable and fast for 6 months.
-
Bruno
I have been trying to install ESXi 6.0 on the ci323 nano but with no luck. Everything I have tried so far ends up halting at" Relocating modules and starting up the kernel". Would like to know if you are able to install ESXi on it and how you went about it. -
I tried Jetway but decided to return it. Instead, I changed my server to XeonE3-1245 and supermicro X11 motherboard with a 4 port intel LAN and running pfsense on Vmware under Windows 10. Addons are snort, pfblocker and Squid proxy. It has been very stable and fast for 6 months.
Which Jetway board did you have, and why did you decide to return it?
-
I tried Jetway but decided to return it. Instead, I changed my server to XeonE3-1245 and supermicro X11 motherboard with a 4 port intel LAN and running pfsense on Vmware under Windows 10. Addons are snort, pfblocker and Squid proxy. It has been very stable and fast for 6 months.
Which Jetway board did you have, and why did you decide to return it?
I had a Jetway JC320U93W-2930-B Intel Celeron N2930 Dual Intel LAN Fanless NUC
It generated too much heat. SO-DIMM was defective or the motherboard was causing memtest errors. SSD I received was DOA. The USB drive that I was using temporarily eventually failed too. I had enough problems. I wanted to give it a shot to vmware installation and never looked back.