Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Kaby Lake + pfSense

    Hardware
    9
    18
    16306
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      darkarn last edited by

      Seeing how Kaby Lake is just released and that it has very interesting upgrades for the lower end (i.e. overclockable i3 and Pentium that now behaves like an i3 of older generations), it looks like building a pfSense machine for Gigabit WAN has gotten much easier!

      What do you all think?

      1 Reply Last reply Reply Quote 0
      • V
        VAMike last edited by

        @darkarn:

        Seeing how Kaby Lake is just released and that it has very interesting upgrades for the lower end (i.e. overclockable i3 and Pentium that now behaves like an i3 of older generations), it looks like building a pfSense machine for Gigabit WAN has gotten much easier!

        What do you all think?

        Yup, with AES-NI enabled the G series is suddenly the go-to low end chip for higher vpn bandwidth requirements. It will be very interesting to see where they end up pricing the GxxxxT parts.

        1 Reply Last reply Reply Quote 0
        • D
          darkarn last edited by

          @VAMike:

          @darkarn:

          Seeing how Kaby Lake is just released and that it has very interesting upgrades for the lower end (i.e. overclockable i3 and Pentium that now behaves like an i3 of older generations), it looks like building a pfSense machine for Gigabit WAN has gotten much easier!

          What do you all think?

          Yup, with AES-NI enabled the G series is suddenly the go-to low end chip for higher vpn bandwidth requirements. It will be very interesting to see where they end up pricing the GxxxxT parts.

          Actually AES-NI is enabled for G series in Skylake (and maybe earlier?). But these Kaby Lake Pentiums having 4 threads like Skylake i3s are interesting. I too want to see their pricing too

          1 Reply Last reply Reply Quote 0
          • V
            VAMike last edited by

            @darkarn:

            Actually AES-NI is enabled for G series in Skylake (and maybe earlier?).

            You're right, I was thinking of the haswell G's (probably because I'm still seeing more of those in small boxes than the skylakes; I wonder if that'll finally change).

            1 Reply Last reply Reply Quote 0
            • I
              isamudaison last edited by

              Interesting to note that it appears intel has dropped ECC support for all KL core i3s :(

              1 Reply Last reply Reply Quote 0
              • V
                VAMike last edited by

                @isamudaison:

                Interesting to note that it appears intel has dropped ECC support for all KL core i3s :(

                It's becoming harder to find systems that support it properly, even if they do in theory, and data from a lot of big sites suggests ECC is done more out of habit these days than actual necessity. I can't remember the last time I actually had a corrected single bit error on a machine with ECC (whereas 20 years ago on a large busy system they could just be scrolling past in the logs).

                1 Reply Last reply Reply Quote 0
                • I
                  isamudaison last edited by

                  @VAMike:

                  @isamudaison:

                  Interesting to note that it appears intel has dropped ECC support for all KL core i3s :(

                  It's becoming harder to find systems that support it properly, even if they do in theory, and data from a lot of big sites suggests ECC is done more out of habit these days than actual necessity. I can't remember the last time I actually had a corrected single bit error on a machine with ECC (whereas 20 years ago on a large busy system they could just be scrolling past in the logs).

                  That's interesting, I've heard both sides… some people say there's no need for it anymore, and others still swear it's absolutely required for a 24/7 system... I have yet to see any hard evidence either way, though  ???

                  1 Reply Last reply Reply Quote 0
                  • H
                    Harvy66 last edited by

                    The importance of ECC is directly related to the importance to prevent or detect corruption. My home router does not need ECC. PFSense is an appliance, if it goes down, I can replace it. My file server is a different thing. If ZFS gets corrupted in the wrong place, assuming I have no backups, I can lose everything.

                    If you use PFSense in a HA setup, you may need ECC. If the master sustains corruption, that corruption could negatively affect the slave. Or even worse, the master limps along doing some really crazy stuff.

                    I've been working with computers for nearly 30 years now, since a weeee child. I've seen what bad memory can do. The oddest things. Maybe it makes your cursor look funny, maybe it makes your audio have periodic distortions, maybe it just makes the close button on all of your windows disappear. If you're lucky, your system crashes. If you're not lucky, some really strange pathological failure could occur, causing all kinds of havoc.

                    1 Reply Last reply Reply Quote 0
                    • I
                      IggyB last edited by

                      @Harvy66:

                      Maybe it makes your cursor look funny, maybe it makes your audio have periodic distortions, maybe it just makes the close button on all of your windows disappear. If you're lucky, your system crashes. If you're not lucky, some really strange pathological failure could occur, causing all kinds of havoc.

                      Lol i remember those days. Not sure if it's windows 95 related or hardware haha

                      1 Reply Last reply Reply Quote 0
                      • D
                        darkarn last edited by

                        The possibility of cheap Gigabit builds are REAL guys!

                        http://forums.hardwarezone.com.sg/hardware-clinic-2/pentium-g4560-costs-%2464-fights-core-i5-2500k-%24270-5549108.html

                        1 Reply Last reply Reply Quote 0
                        • M
                          messerchmidt last edited by

                          amd ryzen should bring ecc back to the masses. not needed unless your running mission critical or using zfs

                          1 Reply Last reply Reply Quote 0
                          • V
                            VAMike last edited by

                            @messerchmidt:

                            amd ryzen should bring ecc back to the masses. not needed unless your running mission critical or using zfs

                            and unless you're running memory from the 90s.

                            1 Reply Last reply Reply Quote 0
                            • D
                              darkarn last edited by

                              I won't pin too much hope on Ryzen shaking things up in this sector though; it is more against the high-end gaming crowd that would want Cannonlake.

                              But then again, if you are ok with second-hand market, it may make a difference

                              1 Reply Last reply Reply Quote 0
                              • C
                                chrcoluk last edited by

                                Ryzen with its SHA acceleration could make some noise in the server space I think, as AES+SHA offloading are not really that useful for a typical gaming pc.

                                pfSense 2.6.0 - ISP AAISP UK

                                1 Reply Last reply Reply Quote 0
                                • V
                                  VAMike last edited by

                                  @chrcoluk:

                                  Ryzen with its SHA acceleration could make some noise in the server space I think

                                  I haven't seen any details on what sha acceleration looks like in zen. If they were smart they just implemented https://software.intel.com/en-us/articles/intel-sha-extensions which is currently shipping in goldmont and is slated for cannonlake. In general, just moving to AES GCM is going to give better performance than trying to accelerate AES-CBC + SHAn.

                                  1 Reply Last reply Reply Quote 0
                                  • W
                                    whosmatt last edited by

                                    @Harvy66:

                                    If ZFS gets corrupted in the wrong place, assuming I have no backups, I can lose everything.

                                    That's true, but that's also true with any other filesystem.  I feel a lot better about using non ECC RAM in my personal ZFS implementation after reading this: http://jrs-s.net/2015/02/03/will-zfs-and-non-ecc-ram-kill-your-data/.  I do have several production systems at work running ZFS and of course am using ECC, but I don't think non ECC RAM is the dealbreaker many make it out to be.  And no matter what, ZFS, ECC, whatever, there is no excuse for not having backups.

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      darkarn last edited by

                                      I find that the costs for setting up an ECC RAM capable system can also be used for creating a non-ECC RAM system and a backup system

                                      I rather go with the latter

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        mattlach last edited by

                                        @Harvy66:

                                        The importance of ECC is directly related to the importance to prevent or detect corruption. My home router does not need ECC. PFSense is an appliance, if it goes down, I can replace it. My file server is a different thing. If ZFS gets corrupted in the wrong place, assuming I have no backups, I can lose everything.

                                        If you use PFSense in a HA setup, you may need ECC. If the master sustains corruption, that corruption could negatively affect the slave. Or even worse, the master limps along doing some really crazy stuff.

                                        I've been working with computers for nearly 30 years now, since a weeee child. I've seen what bad memory can do. The oddest things. Maybe it makes your cursor look funny, maybe it makes your audio have periodic distortions, maybe it just makes the close button on all of your windows disappear. If you're lucky, your system crashes. If you're not lucky, some really strange pathological failure could occur, causing all kinds of havoc.

                                        I completely agree with this.

                                        My VM and NAS server definitely has ECC.

                                        My little pfSense box?  Not worth the hassle.

                                        Back to Kaby Lake.

                                        I just built a nice little Kaby Lake i3-7100  pfSense box based on this thread.

                                        I am very happy with the results.  No OpenVPN benchmarking yet.  ahvent even installed pfSense yet, but I am already seriously impressed.

                                        Idles at 6.2W at the wall, and maxes out at 46W with all threads (2C/4T@3.9Ghz) loaded in mprime.

                                        Just stay away from the USB3 ports.  pfSense doesn't seem to like those at all, and the installers will fail unless booted from one of the USB2 ports.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post