Intel Celeron J3355B SoC Benchmarks (VPN & IPS): Budget Buy Performer!
-
Thanks again for the responses, seems like it's a great option and can be had for well under $300 even if you need to buy everything. Qotom and Zotac boxes look decent, but there's something special about building :).
-
You're welcome!
One think I have to say about qotom is that they try to sell their stuff under the guise of it being an official pfSense product, which it is not. I think that's a pretty shitty thing to do.
Their boxes have also never really appealed to me spec wise either. I would buy a used SFF desktop without a HDD off ebay, throw a NIC in it and install to flash drive before I bought a qotom box, but that's just my personal opinion.
-
Love the post and the possibility to build my first pfSense box on the cheap! Just ordered the board (which is rare to find in stock) and now I have to decide about the NIC's and a case. I have Intel EXPI9301CTBLK laying around, so if I use that for WAN and the board's built in NIC for LAN, would that be an acceptable solution?
And what's the smallest case can you guys recommend? I was really hoping I could get away with M350 and PicoPSU. Thanks for any input you can provide! -
IDK about the M350, I've never used one. Does it support PCIe cards (even with a riser card would work)?
Try out the NICs you have and if it doesn't work or causes problems then buy a dual+ port intel.
-
I ran a couple more benchmarks on the J3355B
IDS/IPS on Suricata:
https://forum.pfsense.org/index.php?topic=128572.msg709166#msg709166
@pfBasic:I'll report back with the IDS/IPS performance.
Well, IDS/IPS is certainly taxing but performance is greatly improved when not saturating one core with VPN.
On my J3355B:
I kept my 150/10 connection maxed out for a few minutes by downloading DOTA 2 on Steam.The max CPU I got off the 1 minute RRD's was 61.63% (this pretty well matches up to the top output). At that moment on the RRD graphs it equated to 103.58k pps.
This was using the Open ET & Snort Free rules, paired down to eliminate FP's. It's a home network and it was pretty inactive at the time of the test other than background processes.
Also, suricata, not snort which is single thread only.So IDS/IPS is definitely more CPU intensive than VPN on a modern AES-NI CPU.
That being said, the J3355 is a very low end passively cooled CPU.J3455 would likely get you in the 350Mbps range on suricata.
A G4560 will probably handle just about anything a home user can throw at it short of Gigabit WAN with all the packages or an expectation for line speed VPN.
Synthetic OpenVPN Benchmark FWIW:
https://forum.pfsense.org/index.php?topic=105238.msg709164#msg709164
@pfBasic:FWIW, J3355B:
AES-256-CBC : 291.2Mbps
AES-256-GCM: 302.0MbpsAES-128-CBC: 293.5Mbps
AES-128-GCM: 307.9Mbps#: time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc disabling NCP mode (--ncp-disable) because not in P2MP client or server mode 10.989u 0.015s 0:11.02 99.7% 819+178k 2+0io 0pf+0w #: time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-gcm disabling NCP mode (--ncp-disable) because not in P2MP client or server mode 10.596u 0.023s 0:10.66 99.5% 817+178k 2+0io 0pf+0w #: time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-cbc disabling NCP mode (--ncp-disable) because not in P2MP client or server mode 10.902u 0.015s 0:10.99 99.2% 821+178k 2+0io 0pf+0w #: time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-gcm disabling NCP mode (--ncp-disable) because not in P2MP client or server mode 10.392u 0.015s 0:10.46 99.4% 818+177k 2+0io 0pf+0wThis remains the go-to CPU for the majority of home-use cases and plenty of small commercial setups IMO. Really excellent performance per dollar!
-
Sorry to bump an old thread, but in regards to your final recommendation of the G4560…
I found this: https://www.newegg.com/Product/ComboBundleDetails.aspx?ItemList=Combo.3514464
And am on the verge of pulling the trigger, is there anything that jumps out to you outside of price on why it may be wise to avoid this particular combo?
Thanks in advance!
-
Sorry to bump an old thread, but in regards to your final recommendation of the G4560…
I found this: https://www.newegg.com/Product/ComboBundleDetails.aspx?ItemList=Combo.3514464
And am on the verge of pulling the trigger, is there anything that jumps out to you outside of price on why it may be wise to avoid this particular combo?
Thanks in advance!
This link gives me: Sorry, the combo deal is no longer available.
-
https://www.newegg.com/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=g4560&ignorear=0&N=-1&isNodeId=1
What about that?
It's the "CPU INTEL PENTIUM G4560 3.5GHz, ASROCK B250M mATX, 8G CORSAIR DDR4 2400" combo package.
-
https://www.newegg.com/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=g4560&ignorear=0&N=-1&isNodeId=1
What about that?
It's the "CPU INTEL PENTIUM G4560 3.5GHz, ASROCK B250M mATX, 8G CORSAIR DDR4 2400" combo package.
Will work fine.
-
I'm looking to go from a tired asus rtac66u to a pfsense build which is not too expensive. this sort of setup looks appealing if I can keep the cost down.
I'm hoping someone can point me too a genuine new or used intel nic on ebay uk. The prices im seeing are like £150+
-
"I'm hoping someone can point me too a genuine new or used intel nic on ebay uk. The prices im seeing are like £150+"
I'm in Australia, and finding the occasionally cheap Intel based NIC isnt too hard (search for the something like "i219 dual nic" or "i211 dual nic"), but that is the only easy part about a self build. J3355 and J3455 boards are as rare as hens teeth around here it would seem, and frankly I'm not even sure most PC shops here have even heard of the ITX format.
I really want to build my own, but considering the J3x55 boards need a NIC card, the smallest case I can find is still about 6 times larger then either a Netgate option or a Qotom option, it just seems such a bulky waste of space and money from my end.
I looked at getting a ASRock H370M-ITX/ac (which has dual intel nics built in) but its $185 AU and I still need to add a $70 G4900 CPU ontop of that, plus case, RAM PSU etc… Its just stupidly expensive, and bulky.
If anyone has a line on a SMALL itx case that can take a NIC card I would be most interested to hear (the Coolmaster Elite M110 is the smallest I can get round here, and it can fit graphic cards in it :( ).
-
The SilverStone SST-ML09B is relatively small, but you need a low profile NIC for it.
-
The SilverStone SST-ML09B is relatively small, but you need a low profile NIC for it.
Thanks. I had looked at that one a couple of times, the desktop profile is certainly a better fit in my workspace then the m110 cube/square profile, but it is still the size of a fat DVD player. Its just hard to justify going that route when the alternative is a device that I can sit on my book case like the netgates or qotoms (which is a pity as I like building).
Its probably the smallest case available though if I do talk myself into building :)
-
The SilverStone SST-ML09B is relatively small, but you need a low profile NIC for it.
Thanks. I had looked at that one a couple of times, the desktop profile is certainly a better fit in my workspace then the m110 cube/square profile, but it is still the size of a fat DVD player. Its just hard to justify going that route when the alternative is a device that I can sit on my book case like the netgates or qotoms (which is a pity as I like building).
Its probably the smallest case available though if I do talk myself into building :)
http://www.mini-box.com/M300-Enclosure-w-Bootable-CF-Reader_2
http://www.travla.com/business/index.php?id_product=87&controller=product
There are others, but you tend to be limited less by the expansion card than by the fact that anything that small doesn't use a standard power supply. If you go up a little in width there are more options using sff ps's. For keywords use "mitx case pcie riser" to get one that has the slot horizontal instead of vertical.
