Kaby Lake + pfSense



  • Seeing how Kaby Lake is just released and that it has very interesting upgrades for the lower end (i.e. overclockable i3 and Pentium that now behaves like an i3 of older generations), it looks like building a pfSense machine for Gigabit WAN has gotten much easier!

    What do you all think?



  • @darkarn:

    Seeing how Kaby Lake is just released and that it has very interesting upgrades for the lower end (i.e. overclockable i3 and Pentium that now behaves like an i3 of older generations), it looks like building a pfSense machine for Gigabit WAN has gotten much easier!

    What do you all think?

    Yup, with AES-NI enabled the G series is suddenly the go-to low end chip for higher vpn bandwidth requirements. It will be very interesting to see where they end up pricing the GxxxxT parts.



  • @VAMike:

    @darkarn:

    Seeing how Kaby Lake is just released and that it has very interesting upgrades for the lower end (i.e. overclockable i3 and Pentium that now behaves like an i3 of older generations), it looks like building a pfSense machine for Gigabit WAN has gotten much easier!

    What do you all think?

    Yup, with AES-NI enabled the G series is suddenly the go-to low end chip for higher vpn bandwidth requirements. It will be very interesting to see where they end up pricing the GxxxxT parts.

    Actually AES-NI is enabled for G series in Skylake (and maybe earlier?). But these Kaby Lake Pentiums having 4 threads like Skylake i3s are interesting. I too want to see their pricing too



  • @darkarn:

    Actually AES-NI is enabled for G series in Skylake (and maybe earlier?).

    You're right, I was thinking of the haswell G's (probably because I'm still seeing more of those in small boxes than the skylakes; I wonder if that'll finally change).



  • Interesting to note that it appears intel has dropped ECC support for all KL core i3s :(



  • @isamudaison:

    Interesting to note that it appears intel has dropped ECC support for all KL core i3s :(

    It's becoming harder to find systems that support it properly, even if they do in theory, and data from a lot of big sites suggests ECC is done more out of habit these days than actual necessity. I can't remember the last time I actually had a corrected single bit error on a machine with ECC (whereas 20 years ago on a large busy system they could just be scrolling past in the logs).



  • @VAMike:

    @isamudaison:

    Interesting to note that it appears intel has dropped ECC support for all KL core i3s :(

    It's becoming harder to find systems that support it properly, even if they do in theory, and data from a lot of big sites suggests ECC is done more out of habit these days than actual necessity. I can't remember the last time I actually had a corrected single bit error on a machine with ECC (whereas 20 years ago on a large busy system they could just be scrolling past in the logs).

    That's interesting, I've heard both sides… some people say there's no need for it anymore, and others still swear it's absolutely required for a 24/7 system... I have yet to see any hard evidence either way, though  ???



  • The importance of ECC is directly related to the importance to prevent or detect corruption. My home router does not need ECC. PFSense is an appliance, if it goes down, I can replace it. My file server is a different thing. If ZFS gets corrupted in the wrong place, assuming I have no backups, I can lose everything.

    If you use PFSense in a HA setup, you may need ECC. If the master sustains corruption, that corruption could negatively affect the slave. Or even worse, the master limps along doing some really crazy stuff.

    I've been working with computers for nearly 30 years now, since a weeee child. I've seen what bad memory can do. The oddest things. Maybe it makes your cursor look funny, maybe it makes your audio have periodic distortions, maybe it just makes the close button on all of your windows disappear. If you're lucky, your system crashes. If you're not lucky, some really strange pathological failure could occur, causing all kinds of havoc.



  • @Harvy66:

    Maybe it makes your cursor look funny, maybe it makes your audio have periodic distortions, maybe it just makes the close button on all of your windows disappear. If you're lucky, your system crashes. If you're not lucky, some really strange pathological failure could occur, causing all kinds of havoc.

    Lol i remember those days. Not sure if it's windows 95 related or hardware haha





  • amd ryzen should bring ecc back to the masses. not needed unless your running mission critical or using zfs



  • @messerchmidt:

    amd ryzen should bring ecc back to the masses. not needed unless your running mission critical or using zfs

    and unless you're running memory from the 90s.



  • I won't pin too much hope on Ryzen shaking things up in this sector though; it is more against the high-end gaming crowd that would want Cannonlake.

    But then again, if you are ok with second-hand market, it may make a difference



  • Ryzen with its SHA acceleration could make some noise in the server space I think, as AES+SHA offloading are not really that useful for a typical gaming pc.



  • @chrcoluk:

    Ryzen with its SHA acceleration could make some noise in the server space I think

    I haven't seen any details on what sha acceleration looks like in zen. If they were smart they just implemented https://software.intel.com/en-us/articles/intel-sha-extensions which is currently shipping in goldmont and is slated for cannonlake. In general, just moving to AES GCM is going to give better performance than trying to accelerate AES-CBC + SHAn.



  • @Harvy66:

    If ZFS gets corrupted in the wrong place, assuming I have no backups, I can lose everything.

    That's true, but that's also true with any other filesystem.  I feel a lot better about using non ECC RAM in my personal ZFS implementation after reading this: http://jrs-s.net/2015/02/03/will-zfs-and-non-ecc-ram-kill-your-data/.  I do have several production systems at work running ZFS and of course am using ECC, but I don't think non ECC RAM is the dealbreaker many make it out to be.  And no matter what, ZFS, ECC, whatever, there is no excuse for not having backups.



  • I find that the costs for setting up an ECC RAM capable system can also be used for creating a non-ECC RAM system and a backup system

    I rather go with the latter



  • @Harvy66:

    The importance of ECC is directly related to the importance to prevent or detect corruption. My home router does not need ECC. PFSense is an appliance, if it goes down, I can replace it. My file server is a different thing. If ZFS gets corrupted in the wrong place, assuming I have no backups, I can lose everything.

    If you use PFSense in a HA setup, you may need ECC. If the master sustains corruption, that corruption could negatively affect the slave. Or even worse, the master limps along doing some really crazy stuff.

    I've been working with computers for nearly 30 years now, since a weeee child. I've seen what bad memory can do. The oddest things. Maybe it makes your cursor look funny, maybe it makes your audio have periodic distortions, maybe it just makes the close button on all of your windows disappear. If you're lucky, your system crashes. If you're not lucky, some really strange pathological failure could occur, causing all kinds of havoc.

    I completely agree with this.

    My VM and NAS server definitely has ECC.

    My little pfSense box?  Not worth the hassle.

    Back to Kaby Lake.

    I just built a nice little Kaby Lake i3-7100  pfSense box based on this thread.

    I am very happy with the results.  No OpenVPN benchmarking yet.  ahvent even installed pfSense yet, but I am already seriously impressed.

    Idles at 6.2W at the wall, and maxes out at 46W with all threads (2C/4T@3.9Ghz) loaded in mprime.

    Just stay away from the USB3 ports.  pfSense doesn't seem to like those at all, and the installers will fail unless booted from one of the USB2 ports.


Log in to reply