SOHO: Supermicro c2758, c2558, or something else?
-
G'evening ;D
My primary pfSense (Celeron G1620, DQ77KB board) has died. I am now running on my backup, Dell R200, but that sucks up a load of Watts (around 115-120), with pfBlockerNG, 2x WAN (200/40 & 30/3, fail over, traffic shaper) and some LAN/VLAN, Snort on all interfaces, Radius, OpenVPN client (4x).
For the past couple of days I've been reading around 6000 threads here and there for an energy efficient, yet powerful, replacement for the Dell. I by now know everybody speaks highly of Supermicro, so I found the c2558 in a board, yet many people in the divers fora say 'go for the 8 core'. That would be this:
http://www.supermicro.com.tw/products/motherboard/Atom/X10/A1SRi-2758F.cfm
Quite expensive: https://tweakers.net/pricewatch/372582/supermicro-a1sri-2758f-bulk-pack.html
Yet, if it is 'top of the bill', reliable, extremely power efficient, and up to the task for the next 10 years, it will be a justified investment I think.
To go with it could be this case/chassis: https://www.supermicro.com/products/chassis/1u/505/sc505-203.cfm
For around 120 EUR.
All I would need to add is some RAM, and a small SSD. So for around 600 EUR + 1year of Gold (donation for devs) (well, that is a load of money for a router :-[ ) I would be done.
Unfortunately, I still don't know if I would be having 'the latest and greatest', powerful and efficient enough.
[i](Unfortunately, I think SM's site is only made for people who don't really need such a site, since it has around 164000 different product variants ( ;D ) without some handy wizards to understand differences, and for some reason or the other the SM distributors I visited don't bother with a more customer friendly site either).
I also found this (also on this forum): https://www.supermicro.com/products/motherboard/X11/X11SBA-LN4F.cfm
And although it has lower CPU TDP (6W) it is limited on RAM and some other things (https://forum.pfsense.org/index.php?topic=98230.0).
Then of course there is also non-SuperMicro hardware like for example this:
https://www.amazon.com/dp/B01AJEJG1A?psc=1
I don't know if I can get such a thing in Europe, but even that aside, I'm not confident about the long life value of this, and I have no clue how that CPU (Celeron J1900 Bay Trail) compares to the C2758 or C2558 (CPU comparison sites don't tell much about how it will typically live up in a pfSense machine with all my packages).
Would and could anybody perhaps tell me what to buy?
- C2558 or C2758 or something newer/better/more powerful/more energy efficient?
- My SuperMicro selection or something else / better & cheaper?
It's mostly about energy efficient (it's Europe here, that failed EU-continent will tax us to death with energy taxes to keep the failed dream financed, so energy prices will only go up 8) ), and powerful enough for current packages, as well as durability/reliability/quality (I typically buy hardware for at least 10 years, although my current desktop is 9 years old and is probably going to last another 9 years easily ;D ).
Thank you very much for any suggestions :P
Bye,
-
[https://www.voleatech.de/de/pfsense-produkte/]
-
Here's the thing…neither the C2758 or C2558 will handle 10G speeds with extra routing functions. Either of them will handle your current list and higher speeds. So will it be good for 10 years? Maybe, maybe not. Depends on how fast your VPN speed requirements get up to over the next 10 years.
That said, if the only thing you're running on this box is Pfsense and it's associated functions, I'd just save a few bucks and get the C2558. I use a C2558. I even thought about getting the step down, but the price difference was only about $25 at the time and I live in the US, and my electric bill isn't as expensive, so for $25 and a slight increase in power costs, I went for it for the extra processing power. It was only another $80 for the C2758, but a noticeable bump in electric and I think this setup has more processing power than I need currently, so no reason to keep throwing money at it. I'll put that money towards an additional 4Gb of ECC later on(running just fine on 4Gb now as I don't run many packages).
Honestly, you could get something even cheaper, depending on what you're required VPN speeds are. There are a few cheaper setups that'll do just under 200Mb on a VPN session, but they're not dramatically cheaper.
I have to say, I priced out systems that would have performed the same as mine(C2558 in the chassis you listed with 4Gb ECC, 160Gb SSD, extra super micro fans and the hard drive mount) but for about $100 cheaper, but they did NOT offer IPMI. I personally find that feature to be worth the money. I mount all my equipment in my basement and have found it to be a huge convenience for accessing that system remotely as I struggled through a few configuration issues early on. Depending on your physical deployment, it may or may not be worth that much to you for that feature.
-
As far as comparisons: the J1900 is essentially the same CPU as the C2758 or C2558, clocked a little slower and with aes-ni turned off to segment the market. The N3700 is still essentially the same CPU, but tweaked a little and with aes-ni turned back on. The J and N CPUs have built-in 3d graphics (irrelevant) and the C CPUs have a pretty good integrated quad ethernet controller. All of them have about the same performance for networking tasks, scaled to the clock speed. The C2558 is a rangeley, and trades a little clock speed for a quick assist controller. In theory the quick assist could make crypto & compression go really fast, in practice I would take it only if it were free as it's unlikely to ever be utilized well.
With the supermicro stuff you're paying for things like remote management capabilities (and a more solid build). If you want those things it's a good deal, if you don't it's not. The idea of buying something for 10 years is nice, but the reality in this industry is that if you buy something for 1/3 the price and it dies in a few years, the next one you buy for 1/3 the price will be much nicer and you'll still come out ahead. If the issue is reliability, it's cheaper and better to have a failover setup than any one device.
My 2 cents: I wouldn't buy the J1900 it lacks aes-ni and you mentioned VPN. I probably wouldn't buy an avoton or rangely without specific requirements because they just cost too much for the performance at this point. Maybe look at pcengine's APU2 as a value play, depending on the specific VPN bandwidth requirement and planned growth (though you could buy one now, and upgrade in a couple of years and still come out way ahead). For long term VPN growth potential, look instead at skylake or kaby lake processors, maybe i3 or E3. Supermicro has some options there in socketed motherboards if you like them, but there are a lot of others. These will draw more power than the silvermont/goldmont CPUs, but they are pretty power efficient at idle–and if you're running one at full bore the low power machine wasn't going to keep up anyway.
-
Thank you tullnd and VAMike, some very relevant insights :-*
While this is going to take me some time to make up my mind (and my wallet ;D ) I'm for now experimenting with one of my HTPC's, an AMD A10-5700. To my surprise, it only draws 45W with only 1 WAN, and no snort or the other packages. I'm waiting for a new dual nic to put in, so I can create an exact copy of the current Dell (config restore), to see how much it draws and how it performs.
If it stays near 45W, moving to a 30W machine is less interesting ((15W24hrs365days)/1000) = 131kwH. 131 *0,25 EUR = 32,75 EUR / year gain to be made from moving to a new 600EUR machine. Break down point is somewhere near 20 years.
-
@hda:
[https://www.voleatech.de/de/pfsense-produkte/]
These people break about every European law :-[
Minimum legal warranty in the EU is 2 years, but the golden rule is: warranty as long as you may reasonably expect the product to perform. That would be at least 5 years for such a product. Yet, they violate mandatory EU law with their 1 year warranty (should be 2+), and try to charge you extra for warranty you are simply legally entitled to. I think I will not buy from such people, I read this as a big sign on their door: 'don't buy from us, we sh*t on the law' ;)
-
That Supermicro x11 board looks nice from the specs. 4 ports and HDMI. I like the HDMI feature because it can be a media server at a later date if it stops being a router. I have an x10, probably the predecessor and I like it. I have a smallish home network. A few laptops and a lot of misc devices. I didn't know they came out with it until I linked from a reply above. 6 watts is amazing. My x10 uses about 50% more (9 - 10 watts)
The c2xxx boards are a little dated and the outgoing ports are not as varied as I would like. The power is supposed to be good though. Passmark of about 3200 vs 1800 for a j1900/ x10 (both are great for a home router as a stock netgear or asus is probably in the low hundreds). the pentium is about 1800 in the x11. Not bad.
10 years in internet years is too far to plan ahead. Imagine the routers that existed 6 - 7 years ago and ask yourself if you would want to use any.
-
@Mr.:
These people break about every European law :-[
[/quote]While I believe that they are not violating the law (1 year guarantee / two years "Gewährleistung" are normal in Germany), I agree with you that they should display more confidence in their hardware quality and offer additional voluntary guarantee.