Pfsense : looking for low cost / low consumption Hardware
-
Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
Sure, here you go:
[…]
They aren't 4 port GBE out of the box, you would have to buy a PCIe NIC.So you said "sure", then admitted there isn't such a thing. It's generally possible to cobble a bunch of parts into a solution cheaper than buying an integrated product, but it's apples and oranges. Your 4 port NIC by itself draws almost as much power as an integrated solution. If you're happy with it that's great, but it's not even close to being the same thing. It sounds like you're using it as a HTPC, which is what that part is designed for. You can make it work as a network device, and it's certainly a cheap way to get in with intel's current lineup, but it's an awkward fit. The reason I'm so excited about the c3xxx series is that it seems like intel might finally ship a product tuned for networking applications that's priced sensibly. Think about it: the celeron j's and n's are what people are using for budget networking builds, and every one of those has a 3d graphics accelerator on it that's not used at all. You're paying for the R&D and the silicon for a graphics card, and intel still prices them cheaper than parts that don't include it. (It's nice to be a monopoly and set prices based on your personal whims.) If you want a board with IPMI you'll pay for two graphics cards if you go with a celeron solution. That's nuts. So you're right that the c2xxx chips are unattractive from a pricing standpoint, and for no really good reason except intel being arbitrary–but in pretty much every other way, they're more sensible for a firewall. If you value the end result (a compact integrated box) then you'll pay for it, and if you don't you won't. And we can all hope we see the c3xxx's in volume soon.
-
Yeah, the Celeron build is certainly a compromise over a dedicated one. But for many the initial buy in for the dedicated pfsense boxes can be prohibitive, making the celerons and pentiums very attractive despite their drawbacks.
I do hope that the hardware you're talking about comes out at a low price point and is readily available, that would be awesome!
-
Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
JeGr in the german section of this forum did that already.
https://forum.pfsense.org/index.php?topic=104714.msg583760#msg583760There's no free lunch/you get what you pay for/… and someone has to pay the developers. They are employed and need lunch themselves.
-
Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
JeGr in the german section of this forum did that already.
https://forum.pfsense.org/index.php?topic=104714.msg583760#msg583760There's no free lunch/you get what you pay for/… and someone has to pay the developers. They are employed and need lunch themselves.
I've seen NCA-1010, never have seen solid benchmarks. It looks like it's about the same performance as an APU2 for a little bit more money. (Although even that's a guess because I haven't found many sites actually selling them.) So not a game changer–I assume if someone is unhappy with the APU2 they either want so spend significantly less than ~$150 or get significantly better performance. It would be nice to see more options in this space also, of course.
-
Asus J3455M-E w/ Intel
Celeron Processor J3455
8gb ram (4gb x2) - whats on sale
120gb ssd - whats on sale
matx case and 200w psu+ (don't buy a crappy psu)
intel dual nic card from ebay
case fan or two -
Asus J3455M-E w/ Intel
Celeron Processor J3455
8gb ram (4gb x2) - whats on sale
120gb ssd - whats on sale
matx case and 200w psu+ (don't buy a crappy psu)
intel dual nic card from ebay
case fan or twoKeep in mind that the board have a x16 PCIe slot operating at x1 and most (if not all) NIC's operates at x4! I have been struggling myself to find one mini-ITX board with enough NIC's or with a real x4 PCIe!
@VAMike pointed that most AMD mini-ITX boards have a real x4 PCIe however not sure about enough "horse power" with these AMD APU's! -
Keep in mind that the board have a x16 PCIe slot operating at x1 and most (if not all) NIC's operates at x4! I have been struggling myself to find one mini-ITX board with enough NIC's or with a real x4 PCIe!
For a dual gigabit card it doesn't actually matter: PCIe v2 gives 500MByte/s on a x1 slot. The cards have a x4 because you need x4 to get more than 250MByte/s on PCIe v1. So assuming your new system has PCIe v2 (pretty likely) as long as you can plug in a dual port card it won't be constrained by the bus bandwidth. (Quad port is a different story, you need the x4 for either PCIe v1 or v2, or would be very slightly constrained on v3 x1.)
-
I started with one of these the first time
https://www.amazon.com/Firewall-Micro-Appliance-PFSense-barebones/dp/B01GIVQI3MThe company that was shipping them from China doesn't appear to be selling them anymore (hence the above link to a different vendor).
Works perfect. I put in 8GB of RAM and a 60GB mSATA Card. Quite happy with it. I'm using all 4 interfaces (WAN,LAN, DMZ and a Guest network). iperf showed throughput through the interfaces at 975Mbit. (which is pretty good with gig interfaces). Use it for VPN and standard firewall routing. CPU temp was a touch higher than I wanted so I mounted a fan on top of it running off the USB port. (note - the CPU temp was still well within specs it wasn't that hot but ran 10 degree cooler with the fan on it)
I went to build a second one for a small business that I consult for but I ended up getting a different box (it was a dual core instead of a quad core and physically it was bigger). They apparently changed it on the Amazon page and didn't note it til later.
https://www.amazon.com/gp/product/B019Z8T9J0/
A couple of things about this box. Even with a dual core instead of a quad core, it cpu load doesn't show up higher (a few percent) than the quad core. It runs quite a bit cooler (bigger heat sink) so I no longer felt the fan was even needed (again, it was likely not needed on the first box, I just think "cooler is better")
However I had a hell of a time with the interfaces. They don't match the numbers of the front and whenever I would reload pfsense from scratch it seemed like they would move (first eth0 would be the second from the left, then it would be the far left). Very strange. Ultimately I just marked the interfaces with a label maker and forgot about. Other than that, it was functionally just fine and perhaps I got a bad one, but it works. In this case I only use two of the interfaces (outside/inside) so I decided it wasn't worth shipping the thing back to China for a replacement. But I did like the first box better, but for the money the second one worked just as well and it was pretty cheap and fast.
Just my 2 cents. Good luck.
-
Asus J3455M-E w/ Intel
Celeron Processor J3455As a side note, I like these apollo lake CPUs. They're right in the same ballpark price-wise as the old j1900s & the braswells but with some nice refinements (better crypto, better instruction execution, virtualization, etc). Still want the denverton version so I don't have to buy a GPU, though. :)
-
Asus J3455M-E w/ Intel
Celeron Processor J3455As a side note, I like these apollo lake CPUs. They're right in the same ballpark price-wise as the old j1900s & the braswells but with some nice refinements (better crypto, better instruction execution, virtualization, etc). Still want the denverton version so I don't have to buy a GPU, though. :)
Ever since I heard about the denverton server grade atom processor from you I've been very interested. That seems like it would be amazing for pfsense! Do you have any idea or guesses as to when these will be available to buy and at what general price you'd expect?
-
Asus J3455M-E w/ Intel
Celeron Processor J3455As a side note, I like these apollo lake CPUs. They're right in the same ballpark price-wise as the old j1900s & the braswells but with some nice refinements (better crypto, better instruction execution, virtualization, etc). Still want the denverton version so I don't have to buy a GPU, though. :)
Ever since I heard about the denverton server grade atom processor from you I've been very interested. That seems like it would be amazing for pfsense! Do you have any idea or guesses as to when these will be available to buy and at what general price you'd expect?
I'm running pfSense as we speak on AsRock's version of that processor (J3455B-ITX). It's available from Superbiiz for <$80. So far so good though admittedly I haven't thrown anything complicated at it yet (VPN, heavy traffic, etc).
-
Ever since I heard about the denverton server grade atom processor from you I've been very interested. That seems like it would be amazing for pfsense! Do you have any idea or guesses as to when these will be available to buy and at what general price you'd expect?
No clue, intel's been really bad about availability of a lot of these things. The only C3xxx publically announced at this point is the C3338 (https://ark.intel.com/products/97928/Intel-Atom-Processor-C3338-4M-Cache-up-to-2_20) which has a recommended price of $27 compared to the J3455 which has a recommended price of $107
(https://ark.intel.com/products/95594/Intel-Celeron-Processor-J3455-2M-Cache-up-to-2_3-GHz)
But the J3455s are actually on sale for less that $70 and we don't know what the street price will be for something with a C3338 (the C2xxx's always sold at a premium). It doesn't help that intel doesn't seem to know what its long-term strategy is for the silvermont/goldmont line. At any rate if you want to buy something now I wouldn't wait.I'm running pfSense as we speak on AsRock's version of that processor (J3455B-ITX). It's available from Superbiiz for <$80. So far so good though admittedly I haven't thrown anything complicated at it yet (VPN, heavy traffic, etc).
See above. The J3455's apollo lake series is based on the goldmont core just like denverton, but it's a desktop processor just like the J1900's bay trail was the desktop version of the silvermont core in avoton (e.g., c2758). The server version trades in the gpu for things like more cache and integrated network controllers.
-
See above. The J3455's apollo lake series is based on the goldmont core just like denverton, but it's a desktop processor just like the J1900's bay trail was the desktop version of the silvermont core in avoton (e.g., c2758). The server version trades in the gpu for things like more cache and integrated network controllers.
Ah, gotcha, good to know. Still though, if you're looking for something right now, the available J3455 is a nice option, and very affordable. Hard to beat $70-$80 for a fanless integrated quad-core with AES and VT-d support.
-
Ah, gotcha, good to know. Still though, if you're looking for something right now, the available J3455 is a nice option, and very affordable. Hard to beat $70-$80 for a fanless integrated quad-core with AES and VT-d support.
yeah, they look pretty solid. I'm just greedy for more. :)
-
Ah, gotcha, good to know. Still though, if you're looking for something right now, the available J3455 is a nice option, and very affordable. Hard to beat $70-$80 for a fanless integrated quad-core with AES and VT-d support.
yeah, they look pretty solid. I'm just greedy for more. :)
It looks like products are in production with Atom C-3338, set to ship 5 March. It's a 2-bay diskless ReadyNAS box @ $450.
https://www.amazon.com/NETGEAR-ReadyNAS-Attached-Diskless-RN42200-100NES/dp/B01N4FXY9II'm not really familiar with what these boxes usually go for so can't really guess at what that might mean for a possible supermicro board price wise?
-
It looks like products are in production with Atom C-3338, set to ship 5 March. It's a 2-bay diskless ReadyNAS box @ $450.
https://www.amazon.com/NETGEAR-ReadyNAS-Attached-Diskless-RN42200-100NES/dp/B01N4FXY9II've seen that, but you seem to be paying for NAS functionality & a cool LCD screen so I don't know how that would translate into a product aimed at the networking space.
-
It looks like products are in production with Atom C-3338, set to ship 5 March. It's a 2-bay diskless ReadyNAS box @ $450.
https://www.amazon.com/NETGEAR-ReadyNAS-Attached-Diskless-RN42200-100NES/dp/B01N4FXY9II've seen that, but you seem to be paying for NAS functionality & a cool LCD screen so I don't know how that would translate into a product aimed at the networking space.
It wouldn't at all, it's just a product that the c3338 is actually shipping in.
-
I went to build a second one for a small business that I consult for but I ended up getting a different box (it was a dual core instead of a quad core and physically it was bigger). They apparently changed it on the Amazon page and didn't note it til later.
https://www.amazon.com/gp/product/B019Z8T9J0/
A couple of things about this box. Even with a dual core instead of a quad core, it cpu load doesn't show up higher (a few percent) than the quad core. It runs quite a bit cooler (bigger heat sink) so I no longer felt the fan was even needed (again, it was likely not needed on the first box, I just think "cooler is better")
However I had a hell of a time with the interfaces. They don't match the numbers of the front and whenever I would reload pfsense from scratch it seemed like they would move (first eth0 would be the second from the left, then it would be the far left). Very strange. Ultimately I just marked the interfaces with a label maker and forgot about. Other than that, it was functionally just fine and perhaps I got a bad one, but it works. In this case I only use two of the interfaces (outside/inside) so I decided it wasn't worth shipping the thing back to China for a replacement. But I did like the first box better, but for the money the second one worked just as well and it was pretty cheap and fast.
I've had an awful time with one of these. I had the 'ports moving' issue. The really did seem change - although to be clear eth0 is far left and eth1 is far right with 2 and 3 in the middle. Also took me a while to figure out autodetect doesn't work. BIOS does let you blink LED and shows MAC which helped a lot. Despite figuring this much out, PF only works right if I don't change any settings or packages. Suricata inline gives errors despite supposed support for igb, rules fire when turned off, I can watch DHCP hand out wrong IP despite static config. Either I completely dont get pfsense or there are some wonky counterfit parts in this box.
-
Thanks to all of you, I have advanced in my reflection, and it is a pleasure to share this with you.
I have edited my first message for clarity, and post here also a reply.**Idealy :
- 4 ~ 6 Ethernet ports (6 will be very better in my case)
- Fanless (or very quiet)
- Low power consumption (Atom, DDRL, or another technology)
- CPU Maybe 2 ~ 4 core Should be good**
I would like to be able to reply to every message, but I will only make a few quotes.
The following models seem very well :
SG-2440 pfSense
Security Gateway Appliance
SG-4860 pfSense Security Gateway ApplianceThe price are "less good" for a low/middle cost solution …
Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?And
@awontroba:My guess is that the SG-2440's $549.00 price tag includes some of the price of the support it comes with.
From https://store.pfsense.org/SG-2440/
pfSense Incident Based Support via email, chat or phone. Each purchase includes two complimentary incidents.
From https://portal.pfsense.org/members/signup/per-incident-signup
pfSense Per-Incident Support (2 Incidents) $399.00 for one yearIndeed the support is included in the price, if it was possible to make a purchase without support or with limited support this would be perfect.
I just set up a pfsense box on
https://www.amazon.com/QOTOM-Q310G4-Barebone-Industrial-Celeron-Fanless/dp/B01JLQP7KQ
QOTOM-Q310G4 2016 New Barebone 4 LAN Industrial Intel Celeron 3215U 1.7G Dual Core Mini PC,1 RS232,HD Video,1080P Fanlesshttp://www.qotom.net/goods-127-Q310G4+4+LAN+Mini+PC.html
With Intel Celeron Processor 3215U (2M Cache, 1.70 GHz, Broadwell) (2 core)
https://ark.intel.com/fr/products/84810/Intel-Celeron-Processor-3215U-2M-Cache-1_70-GHzhttps://www.amazon.com/Firewall-Micro-Appliance-PFSense-barebones/dp/B01GIVQI3M
Firewall Micro Appliance With 4x Gigabit Intel LAN Ports, Barebone
Quad Core Celeron J1900 Bay Trail 2.0GHz, 2MB L2 Cache
4 Gigabit ethernet Intel NIC ports
Fanless and silent operation
Barebones for maximum customizability (no RAM or mSATA)All look very nice !!!
IBM PRO/1000 PT 4-Port Server Adapter W/ LP Bracket - 45W1959
http://www.databug.com/45W1959-p/45w1959.htmThis can make an interesting alternative!
Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
JeGr in the german section of this forum did that already.
https://forum.pfsense.org/index.php?topic=104714.msg583760#msg583760
There's no free lunch/you get what you pay for/… and someone has to pay the developers. They are employed and need lunch themselves.On the fact of having what one has on pay, I understand perfectly, however it also happens that the price is not necessarily revealing and pledge of quality. Being able to make a solution is at the same time a Pleasure (the pleasure of creating), but it is also the opportunity to make the choice reflected.
For the link to various comparisons:
https://forum.pfsense.org/index.php?topic=104714.msg583760#msg583760
I will study this carefully.For the moment, My favorite is :
Qotom Q190G4 Intel Celeron Processor 3215U Dual Core Processor Barebone Mini PC
http://www.qotom.net/goods-133-Q190G4N+Mini+PC+4+LAN.html
With Intel Celeron Processor J1900 (4 core)
https://ark.intel.com/fr/products/78867/Intel-Celeron-Processor-J1900-2M-Cache-up-to-2_42-GHz
https://www.amazon.com/gp/product/B019Z8T9J0/Thanks to all your many messages.
I remain open to any suggestion before throwing my devotion and my unconditional love on the material that I will select ;) -
J3455M microATX board sounds like it fits the bill. ~$85
https://www.amazon.com/Celeron-Quad-Core-fanless-MicroATX-Motherboard/dp/B01LYCDG4HUse 1x i340-t4 for 4 ports
There are two more physical x1 slots:
You can either put two intel gigabit PCIe physical x1 NIC's in these two slots to get your total of 6, or you can cut out the back wall of the slots and put in one or two i340-t2 (or t4). PCIe v2.0 will max 4 gigabit ports simultaneously at x1 speeds.But most people are not comfortable modding and if this is for a customer definitely don't do that, just get physical x1 cards and use them.
There are obviously other options out there but this one is cheap and easy!
