Need alternative to my Alix or APU? Under $350



  • I am going to have to begin replacing the Alix systems with new hardware due to the performance issues I have been experiencing putting 2.3 on the Alix and APU.

    I need at leat 3 GB$ ports.  The price point on the SG-2440 is outside of my range.  Can anybody provide a solution for a build with 3 ports that is under 350?

    Performance requirements are minimal.

    5-25 users.
    2-4 VPN users
    Internet will not exceed 50/100 down and 50/100 up.




  • Netgate

    @kapara:

    I am going to have to begin replacing the Alix systems with new hardware due to the performance issues I have been experiencing putting 2.3 on the Alix and APU.

    I need at leat 3 GB$ ports.  The price point on the SG-2440 is outside of my range.  Can anybody provide a solution for a build with 3 ports that is under 350?

    Performance requirements are minimal.

    5-25 users.
    2-4 VPN users
    Internet will not exceed 50/100 down and 50/100 up.

    Wait for it.



  • What?


  • Netgate



  • Would you mind sharing what kind of performance issues you have had?

    I'm about to build a pfSense machine based off of an APU2C4, and I hope I haven't made a mistake.



  • APU2C4
    Jetway NF9HG-2930





  • @mattlach:

    Would you mind sharing what kind of performance issues you have had?

    I'm about to build a pfSense machine based off of an APU2C4, and I hope I haven't made a mistake.

    To follow up with my own post, I just installed pfSense on my APU2C4 last night and I am very happy with the performance.

    I've measured iperf performance through it at 595Mb/s, with CPU load ranging from ~20-40%.  Enabling TSO/LRO does not seem to help (in fact it increases CPU load, and marginally lowers throughput speed)

    Either way, this is more than sufficient for my needs with my 150/150 mbit connection.

    Power consumption is fantastic.  At idle it sits at 5.8-6.5W, and loading it up with iperf only raises the consumption to ~6.5-7.2W, both as measured at the wall using my Kill-A-Watt device.

    I'm pretty damned happy with this little device.  Unless Google fiber comes to town, and I suddenly have gigabit internet available to me, it should fit my needs quite nicely.



  • I am referring to my 1st gen APU systems.  I had not realized they have new ones!  ;D

    I used to buy only from Netgate but they have since stopped selling them.  I noticed mini-box.com is selling them now also.



  • @kapara:

    I am referring to my 1st gen APU systems.  I had not realized they have new ones!  ;D

    I used to buy only from Netgate but they have since stopped selling them.  I noticed mini-box.com is selling them now also.

    I've noticed that US retailers have a pretty crazy markup on PC Engines products.

    I got mine shipped directly from PC Engines in Switzerland to the US.  Only took three days, and a complete kit (APU2C4 board, case, AC Adapter, 16GB mSATA SSD) wound up costing $173 shipped.



  • Wow.  Thats great thanks for sharing.



  • On the shopping cart it shows the case is only for APU.1 and not APU.2 is that correct?



  • I got a Mini-PC from Qotom off eBay.  Only dual LAN but they may have models with more LAN ports or it does have a miniPCIe slot, you could add more ports that way.

    Great unit

    • Quad Core Celeron N3150

    • 4GB Kingston RAM

    • 32GB mSata SSD - SanDisk

    Exact model I brought
    http://www.ebay.com.au/itm/262461544164?_trksid=p2057872.m2749.l2649&ssPageName=STRK%3AMEBIDX%3AIT

    I just got it and about to install PfSense on it.  It's cheap enough I can buy a spare for when and if the hardware faults.

    Worth a look.

    Willo



  • I've measured iperf performance through it at 595Mb/s, with CPU load ranging from ~20-40%.  Enabling TSO/LRO does not seem to help (in fact it increases CPU load, and marginally lowers throughput speed)

    500+ MBit/s is shown at the pfSense hardware website, that therefore a CPU with >2,0 GHz is needed.
    So nearly 600 MBit/s is really nice then.

    Either way, this is more than sufficient for my needs with my 150/150 mbit connection.

    For that it is really sufficient enough.

    I'm pretty damned happy with this little device.  Unless Google fiber comes to town, and I suddenly have gigabit internet available to me, it should fit my needs quite nicely.

    Then you will need something with >2,0GHz per CPU or Core as a minimum.

    On the shopping cart it shows the case is only for APU.1 and not APU.2 is that correct?

    Then email them and ask a pre-sales question for that. The case is an elementary part ot the CPU cooling
    and it will be the best to know things such like this earlier and not later.



  • @Willo:

    Exact model I brought
    http://www.ebay.com.au/itm/262461544164?_trksid=p2057872.m2749.l2649&ssPageName=STRK%3AMEBIDX%3AIT

    I just got it and about to install PfSense on it.  It's cheap enough I can buy a spare for when and if the hardware faults.

    That's the unit I've been looking at as well (lots of sellers on aliexpress.com).  It would be great if you could post your experiences with it.



  • hmm.  no AES-NI?  No Intel NICS?  possibly but I would be cautious.



  • @kapara:

    hmm.  no AES-NI?  No Intel NICS?  possibly but I would be cautious.

    Not sure which post you're referring to but the N3150 does have AES (but not Intel NICS).
    http://ark.intel.com/products/87258/Intel-Celeron-Processor-N3150-2M-Cache-up-to-2_08-GHz



  • nice.  Well if you get it I look forward to hearing your experience.  Thanks for the suggestion!



  • The APU.1 case works with the APU.2, it's just not clear from the website.  Very happy with my first pfsense box.

    Here is what I ordered direct from PC Engines, with 2 extra AC adapters, it was $196 including 3 day shipping

    1      apu2c4  APU.2C4 system board 4GB
    1      case1d2u        Enclosure 3 LAN, alu, USB
    3      ac12vus2        AC adapter 12V US plug for IT equipment
    1      msata16d        SSD M-Sata 16GB MLC Phison

    On the shopping cart it shows the case is only for APU.1 and not APU.2 is that correct?

    Then email them and ask a pre-sales question for that. The case is an elementary part ot the CPU cooling
    and it will be the best to know tthings such like this earlier and not later.



  • @TD22057:

    That's the unit I've been looking at as well (lots of sellers on aliexpress.com).  It would be great if you could post your experiences with it.

    I just got it straight from eBay.  Will definitely post experiences.  I think it will be well over specced so speed will not be an issue.

    @kapara:

    hmm.  no AES-NI?  No Intel NICS?  possibly but I would be cautious.

    Definitely AES but no Intel NICS.  They are Realtek RTL-8111 which are supported on FreeBSD so I can't see too many issues, Realtek aren't too bad ;)

    @TD22057:

    Not sure which post you're referring to but the N3150 does have AES (but not Intel NICS).
    http://ark.intel.com/products/87258/Intel-Celeron-Processor-N3150-2M-Cache-up-to-2_08-GHz

    Correct! :)

    I will post experiences shortly.  They are so cheap, I'm thinking of buying another one for redundancy in the unlikely event it fails.

    It came with unactivated Win 7 build which scores pretty well on Windows Experience score, I'm thinking it will fly :)



  • @kapara:

    hmm.  no AES-NI?  No Intel NICS?  possibly but I would be cautious.

    Personally I don't need AES-NI, but I wouldn't build a pfSense box without Intel NIC's, or at the very least Broadcom NetXtreme nics.

    Realtek NIC's are absolute garbage.  it's such a shame that all the most affordable motherboards integrate that trash on board, because if you get one of those boards you're just going to have to disable it, and consume a PCIe slot with a real NIC.



  • Network Card Selection

    Selection of network cards (NICs) is often the single most important performance factor in your setup. Inexpensive NICs can saturate your CPU with interrupt handling, causing missed packets and your CPU to be the bottleneck. A quality NIC can substantially increase system throughput. When using pfSense software to protect your wireless network or segment multiple LAN segments, throughput between interfaces becomes more important than throughput to the WAN interface(s).

    NICs based on Intel chipsets tend to be the best performing and most reliable when used with pfSense software. We therefore strongly recommend purchasing Intel cards, or systems with built-in Intel NICs up to 1Gbps. Above 1Gbps, other factors, and other NIC vendors dominate performance.

    https://www.pfsense.org/hardware/



  • Installed pfSense last night.  Perfect!  NIC detected 100% and operating at 1gbps.  Haven't tested throughput yet.

    Using between 0- 3% CPU and 5% RAM.

    I only have a 30mbps connection to the internet, how can I test max supported throughput?  This is a home scenario so I don't have access to too much infrastructure to fiddle with network infrastructure.

    Willo



  • You could do an iperf test or try testing between 2 pfSense locally though that would not give you real world but just what the port is capable of in an unrealistic scenario.  Still might be useful to see what the maximum throughput is…



  • Agreed.

    There really isn't a good way to test max throughput on a local network.

    You can use iperf -s to set up a test server on a computer attached to the WAN port, and iperf -c <ip address="" of="" other="" machine="">on a machine attached to the LAN port and see what kind of throughput you get, but this still isn't a very good test as it only tests the performance with a single state in the NAT state table.

    If you had access to a gigabit or better connection, I'd have a few machines on the local network hop on different (legal) torrents for something popular (like the largest Ubuntu ISO you can find, or something like that) and see where it peaks.    That should get you to network saturation with many NAT table entries in a hurry, but as mentioned it would require having a WAN connection that can saturate your 1gbit NIC's to get reliable results.

    In the end - however - what really matters is, can your router saturate your current connection, and if that connection is 30Mbit, I'd argue you have absolutely NOTHING to worry about with that box.</ip>



  • Just thought I would update this.

    The box with PFSense installed is still running strong and VERY low usage.  I've installed SquidGuard on it and I have using NZB files I am consistently hitting my 30mbps limit on the internet connection.

    Overall for the pittance I paid for the hardware, I'm very pleased with both the hardware and PFSense.

    Thank you


Log in to reply