Pfsense : looking for low cost / low consumption Hardware
-
I just set up a pfsense box on
https://www.amazon.com/QOTOM-Q310G4-Barebone-Industrial-Celeron-Fanless/dp/B01JLQP7KQ
ok unless you want vpn (no aes-ni; should be in the same ballpark as an apu2 performance wise, for a bit more money and drawing significantly more power). I don't understand why they went with a broadwell celeron for a 2016 product.
I agree about the odd CPU choice
Im going to do some testing to see how much VPN traffic it can handle, should be ok for light throughput anyways.
I got it with a 120GB SSD and 8GB of ram for less than $300 though, thats alot less than i could build one for, especially with a fanless case.
So far so good.
-
The SG-2440 https://store.pfsense.org/SG-2440/ would fit the bill.
Thanks for reply.
Is there device or motherboard with a lower price ?Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?The only thing I can guess off the top of my head is that the SG has an incredibly good NIC built onto the mobo? If that's the case how much better is it than the Intel PRO/1000 Quad Port NICs you can get on eBay for $30-50?
I don't ask this question to flame. The OP asked for a 4-6 port low cost/TDP solution supporting DDR-L & passive cooling.
He also asked for an Atom CPU, if that's a hard requirement then this is irrelevant, but if it was just mentioned because Atom is synonymous with low-TDP then this is a relevant question.There is a massive disparity between the SG-2440 and an Apollo Lake build cost. There's a reason for that but it isn't immediately obvious to me and maybe not others as well. Can anyone clarify?
-
…
There is a massive disparity between the SG-2440 and an Apollo Lake build cost. There's a reason for that but it isn't immediately obvious to me and maybe not others as well. Can anyone clarify?My guess is that the SG-2440's $549.00 price tag includes some of the price of the support it comes with.
From https://store.pfsense.org/SG-2440/
pfSense Incident Based Support via email, chat or phone. Each purchase includes two complimentary incidents.From https://portal.pfsense.org/members/signup/per-incident-signup
pfSense
Per-Incident Support (2 Incidents) $399.00 for one yearTANSTAFL (There Ain't No Such Thing As A Free Lunch)! I have just happily bought a SG-2220 (should arrive in a few hours) which has the same disparity with roughly equivalent little boxes and has the same inducement. One way or another, a commercial organisation's support staff have to be paid. I imagine that Netgate thought deeply about pricing versus reputation and customer satisfaction.
The SG-1000 I have just returned (due to a throughput problem others are discussing elsewhere in the 2.4 section) had a 1 year gold subscription ($99) as an inducement.
I have been using pfSense (on ALIX and APU) boxes for 18 months and have solved problems (misunderstandings) from reading documentation and this forum, but having some incident support available does give me a nice warm feeling, even though I know it is costing me.
-
…
There is a massive disparity between the SG-2440 and an Apollo Lake build cost. There's a reason for that but it isn't immediately obvious to me and maybe not others as well. Can anyone clarify?My guess is that the SG-2440's $549.00 price tag includes some of the price of the support it comes with.
From https://store.pfsense.org/SG-2440/
pfSense Incident Based Support via email, chat or phone. Each purchase includes two complimentary incidents.From https://portal.pfsense.org/members/signup/per-incident-signup
pfSense Per-Incident Support (2 Incidents) $399.00 for one yearTANSTAFL (There Ain't No Such Thing As A Free Lunch)! I have just happily bought a SG-2220 (should arrive in a few hours) which has the same disparity with roughly equivalent little boxes and has the same inducement. One way or another, a commercial organisation's support staff have to be paid. I imagine that Netgate thought deeply about pricing versus reputation and customer satisfaction.
The SG-1000 I have just returned (due to a throughput problem others are discussing elsewhere in the 2.4 section) had a 1 year gold subscription ($99) as an inducement.
I have been using pfSense (on ALIX and APU) boxes for 18 months and have solved problems (misunderstandings) from reading documentation and this forum, but having some incident support available does give me a nice warm feeling, even though I know it is costing me.
Thanks for your response, I figured it would be something obvious but I didn't think it would be that obvious, haha!
I just use pfsense for my personal use, and absolutely love it. My needs combined with (IMO) really outstanding community support on this forum have meant that I've never really considered official paid tech support. (Which I think speaks volumes of pfsense and its community as I'm NOT an IT person.)
But now that you mention it that seems like a really good reason for a professional running a production system for a client to pay the extra money.It's also valuable to know what you are paying for when you buy an official pfsense system. Like I said, I didn't even consider support as an option when comparing prices, I was just thinking in terms of hardware capability vs $.
-
Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
Note that things may change in the relatively near future: https://ark.intel.com/products/97928/Intel-Atom-Processor-C3338-4M-Cache-up-to-2_20
…the next generation of the atom C series starts at $27... -
Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
Note that things may change in the relatively near future: https://ark.intel.com/products/97928/Intel-Atom-Processor-C3338-4M-Cache-up-to-2_20
…the next generation of the atom C series starts at $27...Sure, here you go:
http://asrock.com/mb/Intel/J3455-ITX/
https://www.newegg.com/Product/Product.aspx?Item=N82E16813157728
https://www.cpubenchmark.net/cpu.php?cpu=Intel+Celeron+J3455+%40+1.50GHz
http://www.asrock.com/mb/Intel/J3355B-ITX/
https://www.newegg.com/Product/Product.aspx?Item=N82E16813157726They aren't 4 port GBE out of the box, you would have to buy a PCIe NIC.
Intel PRO/1000 PT Quad Port Server NIC's with Low Profile brackets can be had for $35 used,
http://www.ebay.com/itm/IBM-Intel-PRO-1000-PT-PCI-E-Quad-Port-Gigabit-Ethernet-Adapter-LP-45W1959-/142220082375?hash=item211cfa3cc7:g:zdYAAOSwA3dYIKwO
Or $80 new,
http://www.databug.com/45W1959-p/45w1959.htmI happen to use a J3355 as a LibreElec HTPC because Apollo Lake includes hardware acceleration for HEVC up to 10 bit.
Irrelevant for this, but at it's low price/power point, small size, enough CPU power for a lot of pfsensing and AES-NI it seems like a very viable option for pfsense. -
Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
Sure, here you go:
[…]
They aren't 4 port GBE out of the box, you would have to buy a PCIe NIC.So you said "sure", then admitted there isn't such a thing. It's generally possible to cobble a bunch of parts into a solution cheaper than buying an integrated product, but it's apples and oranges. Your 4 port NIC by itself draws almost as much power as an integrated solution. If you're happy with it that's great, but it's not even close to being the same thing. It sounds like you're using it as a HTPC, which is what that part is designed for. You can make it work as a network device, and it's certainly a cheap way to get in with intel's current lineup, but it's an awkward fit. The reason I'm so excited about the c3xxx series is that it seems like intel might finally ship a product tuned for networking applications that's priced sensibly. Think about it: the celeron j's and n's are what people are using for budget networking builds, and every one of those has a 3d graphics accelerator on it that's not used at all. You're paying for the R&D and the silicon for a graphics card, and intel still prices them cheaper than parts that don't include it. (It's nice to be a monopoly and set prices based on your personal whims.) If you want a board with IPMI you'll pay for two graphics cards if you go with a celeron solution. That's nuts. So you're right that the c2xxx chips are unattractive from a pricing standpoint, and for no really good reason except intel being arbitrary–but in pretty much every other way, they're more sensible for a firewall. If you value the end result (a compact integrated box) then you'll pay for it, and if you don't you won't. And we can all hope we see the c3xxx's in volume soon.
-
Yeah, the Celeron build is certainly a compromise over a dedicated one. But for many the initial buy in for the dedicated pfsense boxes can be prohibitive, making the celerons and pentiums very attractive despite their drawbacks.
I do hope that the hardware you're talking about comes out at a low price point and is readily available, that would be awesome!
-
Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
JeGr in the german section of this forum did that already.
https://forum.pfsense.org/index.php?topic=104714.msg583760#msg583760There's no free lunch/you get what you pay for/… and someone has to pay the developers. They are employed and need lunch themselves.
-
Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
JeGr in the german section of this forum did that already.
https://forum.pfsense.org/index.php?topic=104714.msg583760#msg583760There's no free lunch/you get what you pay for/… and someone has to pay the developers. They are employed and need lunch themselves.
I've seen NCA-1010, never have seen solid benchmarks. It looks like it's about the same performance as an APU2 for a little bit more money. (Although even that's a guess because I haven't found many sites actually selling them.) So not a game changer–I assume if someone is unhappy with the APU2 they either want so spend significantly less than ~$150 or get significantly better performance. It would be nice to see more options in this space also, of course.
-
Asus J3455M-E w/ Intel
Celeron Processor J3455
8gb ram (4gb x2) - whats on sale
120gb ssd - whats on sale
matx case and 200w psu+ (don't buy a crappy psu)
intel dual nic card from ebay
case fan or two -
Asus J3455M-E w/ Intel
Celeron Processor J3455
8gb ram (4gb x2) - whats on sale
120gb ssd - whats on sale
matx case and 200w psu+ (don't buy a crappy psu)
intel dual nic card from ebay
case fan or twoKeep in mind that the board have a x16 PCIe slot operating at x1 and most (if not all) NIC's operates at x4! I have been struggling myself to find one mini-ITX board with enough NIC's or with a real x4 PCIe!
@VAMike pointed that most AMD mini-ITX boards have a real x4 PCIe however not sure about enough "horse power" with these AMD APU's! -
Keep in mind that the board have a x16 PCIe slot operating at x1 and most (if not all) NIC's operates at x4! I have been struggling myself to find one mini-ITX board with enough NIC's or with a real x4 PCIe!
For a dual gigabit card it doesn't actually matter: PCIe v2 gives 500MByte/s on a x1 slot. The cards have a x4 because you need x4 to get more than 250MByte/s on PCIe v1. So assuming your new system has PCIe v2 (pretty likely) as long as you can plug in a dual port card it won't be constrained by the bus bandwidth. (Quad port is a different story, you need the x4 for either PCIe v1 or v2, or would be very slightly constrained on v3 x1.)
-
I started with one of these the first time
https://www.amazon.com/Firewall-Micro-Appliance-PFSense-barebones/dp/B01GIVQI3MThe company that was shipping them from China doesn't appear to be selling them anymore (hence the above link to a different vendor).
Works perfect. I put in 8GB of RAM and a 60GB mSATA Card. Quite happy with it. I'm using all 4 interfaces (WAN,LAN, DMZ and a Guest network). iperf showed throughput through the interfaces at 975Mbit. (which is pretty good with gig interfaces). Use it for VPN and standard firewall routing. CPU temp was a touch higher than I wanted so I mounted a fan on top of it running off the USB port. (note - the CPU temp was still well within specs it wasn't that hot but ran 10 degree cooler with the fan on it)
I went to build a second one for a small business that I consult for but I ended up getting a different box (it was a dual core instead of a quad core and physically it was bigger). They apparently changed it on the Amazon page and didn't note it til later.
https://www.amazon.com/gp/product/B019Z8T9J0/
A couple of things about this box. Even with a dual core instead of a quad core, it cpu load doesn't show up higher (a few percent) than the quad core. It runs quite a bit cooler (bigger heat sink) so I no longer felt the fan was even needed (again, it was likely not needed on the first box, I just think "cooler is better")
However I had a hell of a time with the interfaces. They don't match the numbers of the front and whenever I would reload pfsense from scratch it seemed like they would move (first eth0 would be the second from the left, then it would be the far left). Very strange. Ultimately I just marked the interfaces with a label maker and forgot about. Other than that, it was functionally just fine and perhaps I got a bad one, but it works. In this case I only use two of the interfaces (outside/inside) so I decided it wasn't worth shipping the thing back to China for a replacement. But I did like the first box better, but for the money the second one worked just as well and it was pretty cheap and fast.
Just my 2 cents. Good luck.
-
Asus J3455M-E w/ Intel
Celeron Processor J3455As a side note, I like these apollo lake CPUs. They're right in the same ballpark price-wise as the old j1900s & the braswells but with some nice refinements (better crypto, better instruction execution, virtualization, etc). Still want the denverton version so I don't have to buy a GPU, though. :)
-
Asus J3455M-E w/ Intel
Celeron Processor J3455As a side note, I like these apollo lake CPUs. They're right in the same ballpark price-wise as the old j1900s & the braswells but with some nice refinements (better crypto, better instruction execution, virtualization, etc). Still want the denverton version so I don't have to buy a GPU, though. :)
Ever since I heard about the denverton server grade atom processor from you I've been very interested. That seems like it would be amazing for pfsense! Do you have any idea or guesses as to when these will be available to buy and at what general price you'd expect?
-
Asus J3455M-E w/ Intel
Celeron Processor J3455As a side note, I like these apollo lake CPUs. They're right in the same ballpark price-wise as the old j1900s & the braswells but with some nice refinements (better crypto, better instruction execution, virtualization, etc). Still want the denverton version so I don't have to buy a GPU, though. :)
Ever since I heard about the denverton server grade atom processor from you I've been very interested. That seems like it would be amazing for pfsense! Do you have any idea or guesses as to when these will be available to buy and at what general price you'd expect?
I'm running pfSense as we speak on AsRock's version of that processor (J3455B-ITX). It's available from Superbiiz for <$80. So far so good though admittedly I haven't thrown anything complicated at it yet (VPN, heavy traffic, etc).
-
Ever since I heard about the denverton server grade atom processor from you I've been very interested. That seems like it would be amazing for pfsense! Do you have any idea or guesses as to when these will be available to buy and at what general price you'd expect?
No clue, intel's been really bad about availability of a lot of these things. The only C3xxx publically announced at this point is the C3338 (https://ark.intel.com/products/97928/Intel-Atom-Processor-C3338-4M-Cache-up-to-2_20) which has a recommended price of $27 compared to the J3455 which has a recommended price of $107
(https://ark.intel.com/products/95594/Intel-Celeron-Processor-J3455-2M-Cache-up-to-2_3-GHz)
But the J3455s are actually on sale for less that $70 and we don't know what the street price will be for something with a C3338 (the C2xxx's always sold at a premium). It doesn't help that intel doesn't seem to know what its long-term strategy is for the silvermont/goldmont line. At any rate if you want to buy something now I wouldn't wait.I'm running pfSense as we speak on AsRock's version of that processor (J3455B-ITX). It's available from Superbiiz for <$80. So far so good though admittedly I haven't thrown anything complicated at it yet (VPN, heavy traffic, etc).
See above. The J3455's apollo lake series is based on the goldmont core just like denverton, but it's a desktop processor just like the J1900's bay trail was the desktop version of the silvermont core in avoton (e.g., c2758). The server version trades in the gpu for things like more cache and integrated network controllers.
-
See above. The J3455's apollo lake series is based on the goldmont core just like denverton, but it's a desktop processor just like the J1900's bay trail was the desktop version of the silvermont core in avoton (e.g., c2758). The server version trades in the gpu for things like more cache and integrated network controllers.
Ah, gotcha, good to know. Still though, if you're looking for something right now, the available J3455 is a nice option, and very affordable. Hard to beat $70-$80 for a fanless integrated quad-core with AES and VT-d support.
-
Ah, gotcha, good to know. Still though, if you're looking for something right now, the available J3455 is a nice option, and very affordable. Hard to beat $70-$80 for a fanless integrated quad-core with AES and VT-d support.
yeah, they look pretty solid. I'm just greedy for more. :)
