Atom C2758 vs Xeon D-1528
-
Dear folks,
I went through a lot of threads in order to build my new pfsense box.
When I got it correctly, the C2758 will offer an OpenVPN throughput of roughly 100 Mbit/s (depending on multiple factors).
Right now this will saturate my needs.
However, many threads mention that the new Xeon D boards are very powerful and require only a little more power than the Rangeley Atoms.
The point I'm thinking about (and not coming to a decision) is if it's worth to spend more money into the Xeon D? It will be a more expensive setup and it will increase the yearly power bill.
Right now I'm happy with an OpenVPN throughput of 100 Mbit/s. Since internet speed connectivity gets faster and faster, however, I would be happy with a box that can handle the speeds of let's say 500 Mbit/s as well in future - maybe in 5-10 years? In case OpenVPN gets full support for AES-NI and multithreading it might be possible to handle this speeds with Rangeley Atoms… But well, this is guesswork...
Therefore, right now I'm dealing with two different opinions:
- Buy Atom C2758 and keep it as long as possible. As soon as it can not saturate the internet connectivity, buy a new box (that may be even more powerful and more power-saving than the Xeon D nowadays). However, this requires a complete new investment in - who knows - 5 years?
- Buy Xeon D-1528 and keep it even longer than the Atom C2758. However, in this scenario some of the power of the Xeon D will be unused at the beginning, since for the first 5 years a OpenVPN throughput of 100 Mbit/s would be enough. The remaining power would be required afterwards, when the internet connectivity speeds increase. However, there might be a chance that in 5 years there's a new potential hardware on the market which will serve this required remaining power more efficiently, more power-saving. You know what I mean? ;)
Basically, I'm a bit unsure if it's more wise to invest in C2758, saving a bit money on power bill, but having to buy a new pfsense box earlier OR invest more money in Xeon D, spending a bit more money on power bill, but having the possibility to keep this box for a long time?
I really would appreciate any feedback and any opinion... I'm very precarious which way to choose...
-
Do you plan on using other services like Snort or Squid? Those also should be taken into account.
-
Sorry, I forgot to mention that point.
I would like to use following packages:
NUT package
Snort package
Iperf package
Vnstat packageIm not quite sure yet, but most probably squid and HAVP will follow. Since it is my first pfsense box, I still have to read more about it to consider if it's worth using it.
VPN is done via OpenVPN
Thanks for your help!
-
Why not use IPSec VPN? It should have better VPN performance then OVPN.
-
For the time being i would like to stay at OpenVPN. I'm optimistic that features like harware support AES-NI and multithreading-support get implemented :)
Cheers!
-
Hello Scampicfx,
I was wondering if you had made a decision and purchase yet? I'm looking at the same 2 options you are for future pfsense box.
-
Dear Simon,
i decided to stay at Atom Rangeley plattform due to two main factors:
- lower power bill: especially under load the Xeon-D requires more power than the Atom!
- cheaper plattform: The Atom Rangeley hardware plattform is not that expensive as the Xeon-D.
I hope to save some money due to these two factors. The Atom box would be enough for now and most probably for at least the next 5 years! If required, I will purchase a new box in future, but right now I'm feeling more happy to buy a box which consumes only the watts actually required. :)
When calculating the actual price per watt I think, this is the most cheapest / efficient solution for my demands!
PS: I decided to buy Chassis 505-203B. This allows upgrade options for Xeon-D and future plattforms from Supermicro. I had a short talk to a tec represantive and he told, there will be future motherboards which will be still compatible to this chassis.
-
Dear Simon,
i decided to stay at Atom Rangeley plattform due to two main factors:
- lower power bill: especially under load the Xeon-D requires more power than the Atom!
- cheaper plattform: The Atom Rangeley hardware plattform is not that expensive as the Xeon-D.
I hope to save some money due to these two factors. The Atom box would be enough for now and most probably for at least the next 5 years! If required, I will purchase a new box in future, but right now I'm feeling more happy to buy a box which consumes only the watts actually required. :)
When calculating the actual price per watt I think, this is the most cheapest / efficient solution for my demands!
Thank you for the quick reply. I would also love the Xeon but its almost double the cost in the end :) I think i might stick with the C2758.
With all the extra packages you are running, is your CPU being pushed at all?
-
I can't give you a comment on cpu usage right now since the box right now is only connected at 10 Mbit/s connection (and this results in 0,1% cpu usage - 1,2%). The box will be transferred to 100 Mbit/s connection shortly - i will post again when i have some cpu usage data available :)
-
@Scampicfx: I can't speak about your prices but we had an offer for D-1518s (18 not 28) that wasn't that much higher then the C2758. Of course, the need a bit more power, but compared to the old firewalls they replaced, anything would be cheaper in terms of power usage ;) Combined with the rich options of interfaces (6xGbps 2xSFP+) that was a no-brainer to take die Xeon-Ds.
Do you wanna run Snort or anything at all on these? We have a C2758 on the office Gigabit line and so far, we have fed it everything (speedtest hit with almost 950MBit/s while holding open a 100MBit/s OpenVPN line) without it every stressing out. So I'd be surprised if you got it to even itch a bit ;)
-
Thanks for your reply ;) Right now that's all what I need: To be capable of pushing 100 Mbit/s via OpenVPN, plus some plugins :) So thanks for your comment, really looking forward to it :)
-
Best of luck althoug I doubt you'll need it ;)
Attached a screen of our internal C2758. I was running a linespeed test via the openVPN tunnel and at the same time another test via WAN (on a slow device and against a host that wasn't up for 1gbps throughput, otherwise WAN would be much higher).
The slow openVPN isn't the C2758 at fault but the other end, which is an pcEngines APU1(!) on a 100MBit/s line. As you see, CPU isn't a problem at all and even the APU1 could deliver around 40-50Mbps (but their CPU is stressed out then). The WAN I can bringt up to 900 and more MBit/s but I have yet to see CPU usage go over 20%. As the load shows, not even one core is maxed out.