New hardware

noplan

@bingo600

i think i'll get a new toy ;) but i think customs declaration & import tax will kill the benefit

but @ netgate i found this

JKnott

@jknott said in New hardware:

@noplan said in New hardware:

but compare it wirh the SG2100 maybe it fits

It's about twice the price of the Qotom I selected.

Hmmm... Somehow I got the idea it was twice the price, but on checking further it appears to be roughly the same. Which would have better performance? The Qotom is an i5 CPU and has Intel NICs, but the Netgate has an ARM CPU and Marvel NICs. Both have 4 GB.

noplan

@jknott

depends on your use case, and on how long u wanna use the "box"
if u are a home/lab user and planning to use the box till it dies go with the netgate box considering the future possibility to go all in with the pfS+ version they are talkin about

and hey its a netgate box vs a china box ;)

dont get me wrong i really dont have a clue what hardware i m gonna buy in the next 6 months

A Former User

@noplan said in New hardware:

and hey its a netgate box vs a china box

Exactly where do you think the Netgate device is manufactured?

JKnott

@jwj

As was the Unifi AP I recently bought. Does the Netgate have those AES-NI instructions?

bingo600

@jknott said in New hardware:

@jwj

Does the Netgate have those AES-NI instructions?

AES-NI is an Intel extension

A Former User

@jknott No. It doesn't. The i5 will crush the ARM device for single thread performance and OpenVPN throughput. Question is, do you need that performance? Netgate box will be more energy efficient.

For what it's worth, I've always seen the 5100 as entry level. Then I cried inside at the price... The LAN<->LAN filtering rates is what I pay attention to. I would want line speed.

JKnott

@bingo600 said in New hardware:

AES-NI is an Intel extension

It's on other CPUs too.

bingo600

@jknott said in New hardware:

@bingo600 said in New hardware:

AES-NI is an Intel extension

It's on other CPUs too.

Please mention just one ARM CPU that has it (AES-NI)

JKnott

@jwj said in New hardware:

No. It doesn't. The i5 will crush the ARM device for single thread performance and OpenVPN throughput. Question is, do you need that performance? Netgate box will be more energy efficient.

The Netgate takes a 12V 2A power supply, which means it runs less than 24W. The Qotom takes 15W, so there's not much difference. As for the AES-NI instructions, it wasn't that long ago that plans were dropped to require them. I don't have much of a need for those, as I only occasionally use the VPN, but I wouldn't want to lose the ability to update the software for the lack of them.

JKnott

@bingo600 said in New hardware:

Please mention just one ARM CPU that has it (AES-NI)

According to that article I linked to, several do.

A Former User

@jknott For sure not an obvious choice. You're going to have to have a think about it.

Also some of the discusion around pfSense+ leads me to believe the REST API is on the roadmap. Will that bring back the AES requirement or will they work around that with the other instructioin sets available on the ARM devices. I have no idea...

What do you see as the lifespan of this device?

noplan

@jwj
couldn't agree more here with @jwj

bingo600

@jknott said in New hardware:

@bingo600 said in New hardware:

Please mention just one ARM CPU that has it (AES-NI)

According to that article I linked to, several do.

Where does it say that an ARM CPU has AES-NI ??

I see this , where it specifically mentions that AES-NI is Intel/AMD only

Other architectures have Crypto instructions too , but not AES-NI

/Bingo

JKnott

@jwj said in New hardware:

What do you see as the lifespan of this device?

Well, based on my other experience, until something significantly better comes along or it dies (as happened with my previous firewall). I'm not one to run out and buy the latest & greatest, unless it yields significant improvement. For example, if a pfsense update had required AES-NI, then I would have bought something that supports it, as the HP computer I was running didn't.

Another example, my current desktop computer case originally had a 32 bit CPU. I've since replaced the mom board a couple of times. The case is so old it's cream coloured, not black (matches my IBM model M keyboard, but not much else). I also recently finally got an AP that support 5 GHz.

BTW, that keyboard is built like a tank and old enough to not have a Windows key.

bingo600

@jknott said in New hardware:

The Netgate takes a 12V 2A power supply, which means it runs less than 24W. The Qotom takes 15W, so there's not much difference.

The CPU TDP is 15W

The NIC's (Phy's) + other electronics also consumes

My Qotom came w. a 12V/5A PSU

/Bingo

JKnott

@bingo600 said in New hardware:

Other architectures have Crypto instructions too , but not AES-NI

So, what does pfsense do with those Crypto instructions? Ignore them? I could be wrong, but I would assume software written for an ARM CPU would take advantage of the ARM instructions.

It's been a while since I've written software, but I seem to recall compilers can link in appropriate libraries for the different target hardware.

A Former User

@jknott said in New hardware:

@bingo600 said in New hardware:

Other architectures have Crypto instructions too , but not AES-NI

So, what does pfsense do with those Crypto instructions? Ignore them? I could be wrong, but I would assume software written for an ARM CPU would take advantage of the ARM instructions.

It's been a while since I've written software, but I seem to recall compilers can link in appropriate libraries for the different target hardware.

There are some threads concerning that. To the best of knowledge it does ignore them at the moment.

I have sent you a private message...

bingo600

@jknott said in New hardware:

@bingo600 said in New hardware:

Other architectures have Crypto instructions too , but not AES-NI

So, what does pfsense do with those Crypto instructions? Ignore them?

If Netgate want their ARM boxes to perform decent w. crypto they probably have enabled the usage of any Crypto instructions available.

I could be wrong, but I would assume software written for an ARM CPU would take advantage of the ARM instructions.

On embedded programming you often have to make sure to use the correct libraries. It's usually done with a couple of compiler switches , that pulls in the correct linker library. Sometimes you even have to set a few bits in the MCU , in order to enable any "Crypto part in the MCU" , often "extensions" are disabled on POR , to minimize power usage.

It's been a while since I've written software, but I seem to recall compilers can link in appropriate libraries for the different target hardware.

Yepp , if being told to do so.

But you were referring to AES-NI
And i replied correctly it was an Intel extension.

/Bingo

A Former User

@jknott said in New hardware:

@jwj said in New hardware:

What do you see as the lifespan of this device?

Well, based on my other experience, until something significantly better comes along or it dies (as happened with my previous firewall). I'm not one to run out and buy the latest & greatest, unless it yields significant improvement. For example, if a pfsense update had required AES-NI, then I would have bought something that supports it, as the HP computer I was running didn't.

Another example, my current desktop computer case originally had a 32 bit CPU. I've since replaced the mom board a couple of times. The case is so old it's cream coloured, not black (matches my IBM model M keyboard, but not much else). I also recently finally got an AP that support 5 GHz.

BTW, that keyboard is built like a tank and old enough to not have a Windows key.

I'm very much the same. For example, my 2015 VW Golf is just about broken in. I'll drive it until it has no value and then replace it.

Buy nice things and use them, don't worry about the new things until your done with the ones you have ;)