Best NIC for PfSense?
-
@CC:
So yeah while the original post kind of meanders into troubleshooting a bit, I did reply to the topic subject " Best NIC for PfSense?" ;)
The original poster already tried an intel chipset, and you just told him to try an intel chipset. If you want to speak to what NIC is most reliable then I guess the advice should speak to the prevalence of counterfeit parts and the importance of making sure that you're sourcing quality parts, and then name a specific nic. A grey market intel nic with dodgy components isn't any better than a cut-rate realtek with dodgy components. (Except that on this board you might get castigated for getting the too-cheap intel nic off ebay, but the too-cheap realtek will be written off as "all realteks are the same and none of them can possibly work".) So if the goal is to buy one more nic to see if that's the problem the advice would be to buy an i350-T2 at full retail from a reliable supplier. It should run about $140. If that one flakes out also, it's the system not the nics.
-
So, which part of plain Intel (no OEM) is unclear? And yeah, there's no "grey market" with Realtek NICs, because noone wants to fake something that's already a complete crap from the very beginning.
-
Yup. They work great. Ask the PC Engines guy what they think about Realtek.
Interestingly, the only NIC I've had unexplained flakiness with in the past several years is the i210 in the apu2. I suspect maybe something they missed in the initialization in the firmware because their firmware support has been generally lousy. I never had any problems with the rtls in the apu1 (except that I think they never did release a firmware fix to get the speed indicator lights working usefully), or with i2xxs on other platforms. I'd also suspect it was worth it to them to spend an extra couple of bucks on intel chips just to stop all the whining they got from fanboys about the realteks.
-
Definitely. All those complaints about Realtek were from Intel fanboys, while actually there was no real problem with them, whatsoever… The OP having the NICs die on him on a daily basis is also a perfect reason to recommend Realtek as the best option.
Out of this retarded debate.
::) ::) ::)
-
Definitely. All those complaints about Realtek were from Intel fanboys, while actually there was no real problem with them, whatsoever… The OP having the NICs die on him on a daily basis is also a perfect reason to recommend Realtek as the best option.
It's almost as though the OP didn't write that 2 of the 3 chipsets he was having problems with were not realtek. (Or maybe fanboys have selective reading comprehension?)
-
I have no idea about stge. And I have already commented on the non-OEM multiple times, but people pushing Realtek junk clearly have selecting understanding. The card not getting properly recognized/initialized on a warm reboot would clearly suggest shitty firmware coming from the OEM. But then again, the option will obviously be Realtek. If the OP puts say 16 of them in there, leaving most of them unused, chances are that only the unused ones will actually die on him, so it should minimize the forced reboots.
-
I have no idea about stge.
Clearly.
The card not getting properly recognized/initialized on a warm reboot would clearly suggest shitty firmware coming from the OEM.
Or a flaky pcie bus, which would also explain random hangs at runtime with three different chipsets. But I understand that anything that implies that spending enough money on the right intel nic isn't a magical solution to any problem or that any other kind of nic might actually work must be suspect.
-
Yep. Every thread asking about recommended NICs should be closed with "Buy Realtek".
-
Yep. Every thread asking about recommended NICs should be closed with "Buy Realtek".
You've certainly proven my point about there being a weird, irrational, monomaniacal phobia about a particular manufacturer's products running through this board. What's really interesting is that I never even suggested buying another realtek, I just pointed out that there are other things to look at than the nic. Sorry if that caused brain hurt.
-
And now for something completely different.
So, this is my question: which is the most reliable NIC for PfSense?
Oh wait, that was the original question, before the Realtek squad took over the thread. ::)
-
Or a flaky pcie bus, which would also explain random hangs at runtime with three different chipsets. But I understand that anything that implies that spending enough money on the right intel nic isn't a magical solution to any problem or that any other kind of nic might actually work must be suspect.
Fair comment; the OP (who's thread has been hijecked at this point) might have something else up that's manifesting as network problems (I've even seen switches be the root cause in the past) but while there are other vendors out there who's mileage may vary, given the maturity of the drivers (one of BSD's weaker points), and the stability of the hardware at this point it's difficult to NOT recommend the intel cards when someone asks. (and they are typically cited as the goto on unraid forums (unraid runs on nanobsd))
-
This is the kind of thing that makes me go nuts on this forum.
People come in here and want to get attention with their problems at the most basic level.
(excluding netgate products of course)If you didn't do your troubleshooting to get all the way to "oh it must be software" why are you even asking in here?
DO the work first instead of wasting the time of people. Oh and even pissing off some of us in the process.
"What is the best nic for pfsense" is clearly answered in the GD book.
Yeah we assume stuff on this board. We assumed you are competent enough to do your own troubleshooting if you're building your own systems. We assume you've established that your problem is with pfsense through troubleshooting otherwise you'd be on another vendor's board posting shit.
All of a sudden there's blowback because there's some Realtek fans in the house and don't like that the forumers routinely bash them.
This must be hell, the same week people are defending Realtek and Leslie Jones is pushing to be in Deadpool 2. Man wtf is going on? Realtek's ethernet devices have been a scourge for however long. They have a crab logo for cryin out loud. A CRAB. -
realtek is poor on FreeBSD (which is what pfsense uses).
I recommend on realtek nic's to disable offloading which should make them stable but they still wont scale as well to higher loads as intel cards, since intel has tunable interrupt moderation etc.
The realtek issues are bad enough in that I invested around £50 in a mini pcie addon card for my NUC so I could get 2 intel ports.
-
Realtek sucks, their so called "gigabit" nics can barely reach half that with twice as much cpu usage as an intel nic doing actual 1gbps.
I hate intel for a variety of reasons but they make way better nics than realtek, although they aren't the only game in town.Anyone who hasn't ever heard of more nic oem's than realtek and intel is simply clueless, off the top of my head mellanox, cavium, solarflare - to name a few but Intel is AFAIK the only company that has widely available modern 1gbps ethernet cards whereas for 10gbps there is the above, mellanox connectx2 can be had for only $10-30 for instance which is a great deal for 10gbe)
Intel i350 (best modern chipset):
You can get a 4 port whitebox reference design (made with a real intel ASIC) for around $50 on fleabay.
The "OEM" unbranded whitebox ones are fine, I have had mine for over a year and it works just as good as the real thing there isn't any reason to spend five times as much if you're using this at home and not a business mission critical environment.
Keep in mind the genuine one is made in china too.I am a paranoid person but I do not think there is a backdoor, people buying these aren't sticking them in anything important so it isn't worth spending millions to do this and not simply do it to the intel fab itself vs just some gray market ebay shit.
It supports SR-IOV with flexi-ports, whereas the older generation such as gigabit ET series you couldn't assign a single port to a VM you had to do two at a time.
Intel Gigabit ET (older):
Server pulls around $10 for dual port on ebay, sr-iov that doesn't have flexi-port partitioning.Intel PRO/1000PT (very old):
No virtualization, but you can get a 6 port silicom for $10 on ebay. -
Realtek sucks, their so called "gigabit" nics can barely reach half that with twice as much cpu usage as an intel nic doing actual 1gbps.
curl foo/testfil > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1024M 100 1024M 0 0 111M 0 0:00:09 0:00:09 –:--:-- 111M
curl foo-jumbo/testfil > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1024M 100 1024M 0 0 117M 0 0:00:08 0:00:08 --:--:-- 117MThat's an 8111G, so your statement is demonstrably false. You wanna argue the i350 is a better nic than an 8111G I won't dispute that, but let's at least keep the criticism grounded in reality.
Intel i350 (best modern chipset):
You can get a 4 port whitebox reference design (made with a real intel ASIC) for around $50 on fleabay.
The "OEM" unbranded whitebox ones are fine, I have had mine for over a year and it works just as good as the real thing there isn't any reason to spend five times as much if you're using this at home and not a business mission critical environment.
Keep in mind the genuine one is made in china too.The problem isn't the chip in the middle of the board, it's the components surrounding that chip. Chinese factories will produce what they're paid to produce. A legit vendor will pay for high-spec components and QC testing (and will test random samples themselves and reject orders which don't meet spec). A vendor hitting a $50 price point on ebay is using low spec components and skipping the QC. That doesn't mean that the $50 NIC is guaranteed to fail, but it does mean that the chance of it flaking out under load is a heck of a lot higher than the part built from high spec components. If you're buying just one and the failure rate is still something like 1 in 1000 your odds of getting something broken are still pretty low–but anyone doing this should be aware of what they're getting. (And that 1 in 1000 number is completely made up; anecdotally there are batches where the failure rates are a heck of a lot higher than that, and the thing about no-name ebay sellers is that there's no way to figure out what batch your part is coming from or what the real failure rate is.) That said, if you get a bad one you can throw it out and buy another and still come out ahead over buying one from a legit source, as long as your time isn't worth anything and/or you know this can happen and don't waste a lot of time trying to figure out what's wrong.
-
On my GB board are the Realtek 8111G also.
I`m in a home environment and can confirm that they work fine.
950 Mbps + overhead = 1 Gbps, no problem for this Realtek and no sweat for CPU… -
With similar failures on realtek, stge, and em it is probably time to start considering something other than your NIC choice as the source of your problems.
-
Realtek sucks, their so called "gigabit" nics can barely reach half that with twice as much cpu usage as an intel nic doing actual 1gbps.
curl foo/testfil > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1024M 100 1024M 0 0 111M 0 0:00:09 0:00:09 –:--:-- 111M
curl foo-jumbo/testfil > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1024M 100 1024M 0 0 117M 0 0:00:08 0:00:08 --:--:-- 117MThat's an 8111G, so your statement is demonstrably false. You wanna argue the i350 is a better nic than an 8111G I won't dispute that, but let's at least keep the criticism grounded in reality.
Yeah let's just go with reliable consistency. Realtek and its kind are not consistent enough performers in a myriad of contexts to facilitate a 1st class networking experience via pfsense. There are always outliers but the statistics are there. And even if you get an A#1 part, the chips drivers are still considered to be underdeveloped in BSD.
-
Yeah let's just go with reliable consistency. Realtek and its kind are not consistent enough performers in a myriad of contexts to facilitate a 1st class networking experience via pfsense. There are always outliers but the statistics are there. And even if you get an A#1 part, the chips drivers are still considered to be underdeveloped in BSD.
I won't even agree with the consistency thing, there's enough data out there showing they work fine. There are definitely issues with cut rate ebay boards that have historically used rtl as the cheapest option, but IME those are problems with the component integration, not the rtl part. It's exactly the same kind of issues of dodgy VRs and capacitors that plague ebay intel nics, and I can pretty much guarantee now that intel is embedding i200s in almost everything you'll start to see cut rate ebay motherboards with flaky onboard networks that happen to use intel drivers–because so much of this has nothing to do with the networking silicon itself.
I will agree that the bsd re(4) driver has been terrible (though it's getting better), but if that's the beef people should just say that rather than making ludicrous claims that every product made by a major manufacturer doesn't actually work.
-
I have an Intel i350-T2 running with baremetal PFSense Haswell i5-3.2ghz and it's freaking wonderful.
TCP iperf 1500mtu
client1-PFSense(NAT, HFSC traffic shaping to 1Gb, 2 streams both ways)-client2(internal to network)
1.95Gb/s @ 12% CPUUDP iperf 64mtu
client1-PFSense(NAT, HFSC traffic shaping to 1Gb, 4 streams one way)-client2(external to network)
1Gb/s @ 17% CPU; PFSense claimed nearly 1Gb/s egress on the WAN, so I assume loss was low. Due to the nature of client2 being outside the network, my internet connection is rate limited well below 1Gb. I would have done an internal test, but Win10 still doesn't work with VLANs. But that's line rate NATing+Shaping.
