Another Noobie pfSense "What Hardware do I need for 1 GIG FTTH" Thread



  • First off, I appreciate the depth most of the experts on these forums spend answering these types of questions.

    I would guess I have over 40 hours reading threads on these forums (and others smallnetbuilder, tomshardware etc) reading about builds, but I guess the diversity of opinions, configurations and connection speeds – I am overwhelmed and questioning every build I investigate.

    I have used ASUS routers for years on Comcast internet, but in about a month I am moving to a city that has city-wide 1Gbps FTTH with an OTN that has one GbE port.  I feel like we are reasonably intense internet family, as we consistently exceed 700 GB per month on Comcast.  I want to maximize performance at the new home for the following reasons:

    • I work from home 24x7 via VPN - my job involves uploading and downloading hundreds of GB in a typical month over software VPN (I think I have to use corporate provided software for this)

    • We will have 3 semi-pro-tryhard eSports gamers living in the house and I want to provide the best gaming connections possible, and enable simultaneous (up to 3) Twitch live streams (I cant do that today on 6MB Comcast uplink)

    • I always want to improve my security profile, so Snort IDS/IPS is intriguing (but I haven't ever used it or pfSense)

    • I want visibility of data usage by each network device

    However, I would also like to temper performance with electricity consumption (and therefore heat dissipation) a consideration.  I currently pay to air condition the "gaming room" year-round, which the electric company loves and I hate.  Adding another 90W TDP router to the household thermal profile would be disappointing.  I feel like Firewall/NAT and some IDS/packet-inspection shouldn't take crazy hardware - but I guess I honestly don't know.

    I see the following common builds being recommended on the website

    • J1900 and similar micro-computers - cheap, but not sure if 1Gb is out of reach of this hardware costs usually around $180-$200

    • ATOM (Rangely) - like A1SRI-2558F-O  : Seems fantastic TDP, has some type of hardware issue, I estimate cost is $540 for 3+ year old technology

    • Older Intel Xeon Builds :  which I suppose people are buying cheap/used and just burning more electricity and using older technology boards but with server NICS

    • Various builds which feel like gaming desktop builds to me - i5 and better CPUs with all manner of prosumer drives, boards and RAM, I imagine we are talking $400 and up here

    • pfSense official Hardware (with support), especially for noobs like myself (can this manage full 1Gb LAN-WAN?), something like SG-2220 ($300) or SG-2440 ($550)

    Other options, not necessarily recommended on these forums:

    • ATOM (Denverton) - newer low power option, but seems delayed several times and I cannot currently find a motherboard with this processor.

    • Custom Firmwares and high-end Router solutions  :  got burned recently on a custom-firmware, high-end router (lost $350) but I guess for $200 - $400 just go this route

    Can anyone guide me towards the right platform for my specific needs?  I am now leaning towards i3-6100T, on possibly on ASRock H270M-ITX/ac or LGA 1151 Server-type motherboard.  I also have a full ATOM C2558 build figured out but was a little turned off by the recent ATOM defect issue and lack of reliable info on Denverton which would be more current tech.

    I would like to buy something that fits the following important factors:

    • new components with warranty

    • ideal budget would stay below $500, after all it's a router so spending 3x the cost of a prosumer router will be tough

    • lowest TDP possible, low 24x7 power consumption as possible (power cost is 0.093/kWh at new place)

    • must be small enough to fit in and understair internet/mechanicals space (OTN, pfSense Firewall/router and two gigabit switchs have to fit in a relatively small space, maybe 2ft x 2ft x 5ft)

    • optimized for low latency but reasonably intense 20x7 HOME internet usage which is borderline abusive (7AM-7PM for work-related and 3PM-3AM for intense gaming)

    • firewall / LAN-to-WAN at close to wire speeds

    And if you made it clear to this point thank you for taking the time to read my entire post.  :D


  • Banned

    @crw030:

    I feel like Firewall/NAT and some IDS/packet-inspection shouldn't take crazy hardware - but I guess I honestly don't know.

    Firewall/NAT is not that intensive for gigabit, although many will lead you to believe that you need a mid-range gaming CPU to do this. But when you start to inspect all of your packets with an IDS/IPS, that is going to take a bit more power.

    I can't tell you what you'll need for an IDS/IPS @ gigabit speeds, but if you haven't already check out the thread I just put up here:
    https://forum.pfsense.org/index.php?topic=127793.msg705046#msg705046

    This is only in any way useful as a relative comparison, but you can see that a lowly passively cooled celeron can get pretty respectable performance even over a VPN with just firewall / NAT. But turning on IDS/IPS results in a dramatic drop in performance.

    All that to say that if you really want to inspect all of your traffic then it will increase your system cost noticeably.

    @crw030:

    I see the following common builds being recommended on the website

    • J1900 and similar micro-computers - cheap, but not sure if 1Gb is out of reach of this hardware costs usually around $180-$200

    These are too old and not that much cheaper than a current Pentium IMO, but many people love them.

    @crw030:

    • pfSense official Hardware (with support), especially for noobs like myself (can this manage full 1Gb LAN-WAN?), something like SG-2220 ($300) or SG-2440 ($550)

    Official hardware has great support, that's its driving feature. If you want support, buy official hardware. I can't tell you which box is the one you need for your purposes though.

    @crw030:

    I am now leaning towards i3-6100T

    That is probably a great choice for what you described.

    If you decide against IDS/IPS in the long run, a J3455 will probably meet all of your needs @ ~$75 for a SoC. That being said, it won't cut it for IDS/IPS. Additionally, you would have to either cut out the back wall of the PCIe v 2.0 slot or cut your NIC to fit on this board. This is within the PCIe spec (PCI slots didn't have a back wall & the PCIe pinout is designed for this, i340's even have a line on the PCB to indicate the end of the 1x pins), but many people are not comfortable doing this. The choice is up to you if this is the route you take, sir!

    Generally though, a modern Pentium or i3 should do everything you described.
    There's no value in chasing on-board NIC's unless oyu must have very SFF, PCIe v2.0 will max a 4 port NIC @ 1x speeds.
    You can get great NIC's as used server pulls on eBay, I recommend a server pull i340-t4 (~$25).

    If you are really looking to keep the power and heat down, then I recommend not messing around with an IDS/IPS, getting a passively cooled SoC CPU and using a picoPSU with a decent AC/DC converter. Also, boot from either an SSD or USB 2.0 thumb drives. No moving parts, no fans, no noise and little heat.



  • @pfbasic.

    Is that i340-T4 a low profile card (it looks like it is based on random pictures), and how do you make sure to get a non-China knockoff of that card off ebay?

    On the power supply side of things, I am looking at either:

    • a semi-fanless (intelligent) SILVERSTONE SFX ST30SF 300W SFF which would fit my case perfectly, but be operating in suboptimal load range (likely 20-40% load likely under 80% efficient)

    • or doing the PicoPSU 90W or worst case 120W kits, where the DC-DC converter is super efficient (95%) but the connected wart idk how efficient they are, would look like crap but it's in a closet

    Pricewise they are all $45, $52 and $55 so splitting hairs on price there

    On the boot disk system, I thought about USB stick but was afraid I'd wear it out and kill the firewall/router if I accidentally turn something on that writes to disk.  For this I'm considering:

    • Virtium SATA 16 GB Industrial XE StorFly25 - which is expensive ($98!) but supposed to be ultra-durable

    • Transcend MTS800 M.2 2280 64GB (TS64GMTS800)  - while there is a premium for M.2 ($60), it would sure be clean looking install, provided I don't choose a MB without M.2!

    • I'm nervous about USB stick and cheap SSD, after reading in the forums about people killing them _incidentally if I'm just a worrisome nelly, tell me, I can just go with el-cheapo low-profile USB stick  ;)

      On the "dont chase onboard nics", I'm taking that to mean if I am going to buy a good intel PCIe card anyway, I can really get by with a cheap i3 mini-itx MB?_


  • Banned

    @crw030:

    @pfbasic.

    Is that i340-T4 a low profile card (it looks like it is based on random pictures), and how do you make sure to get a non-China knockoff of that card off ebay?

    It is low profile card, you can get it with either low profile or standard bracket and that can be swapped out with one screw.
    https://ark.intel.com/products/49186/Intel-Ethernet-Server-Adapter-I340-T4
    The best way to get a quality card off of eBay is to not purchase a card shipping from China and look for one described as a server pull from a reputable seller. People can always lie but you'll probably be fine. People have reported using the cheap Chinese knockoffs with no ill effects though so I wouldn't worry too much.

    @crw030:

    On the power supply side of things, I am looking at either:
    but the connected wart idk how efficient they are, would look like crap but it's in a closet

    You can find used name brand stuff like EDAC (which is what the site I'm linking sells) with data sheets for cheap. The 60W one they sell is 88% efficient under load.
    http://www.mini-box.com/Power-Supplies-Kits
    http://resources.mini-box.com/online/PWR-ACDC-12V-5A-60W/PWR-ACDC-12V-5A-60W-specs.pdf

    @crw030:

    On the boot disk system, I thought about USB stick but was afraid I'd wear it out and kill the firewall/router if I accidentally turn something on that writes to disk.

    I'm nervous about USB stick and cheap SSD, after reading in the forums about people killing them _To save money I would say that if you already have plenty of RAM (my system runs a lot of packages and my RAM disk is generally using about 800MB of RAM, I don't think I've ever seen it above 1.2GB but I have ~2.3GB dedicated to RAM disk just in case) to put into your system, then use they cheapest install media you can and run a RAM disk to save it from writes. I use USB install and I've left iostat -xw 1 running for quite a while in the background and the system very rarely actually writes to the disk. I'll report when the disks die but I expect it will last me years and the drives cost a few bucks each to replace when the time comes.
    I wouldn't recommend buying more RAM just to do a RAM disk though because that defeats the purpose of cheap install media.
    FWIW, once you get your system configured the way you want it just save the config.xml file to cloud backup or something and it won't matter much if your boot drive fails (no matter what kind of install media you use). If your boot drive fails, just reinstall to a new drive and backup from your config.xml and you're back in business, should only take a few minutes.
    This is incidentally another great use case for installing to a thumb drive. If your boot HDD/SSD fails just throw a flash drive from your keychain onto your pfSense box, reinstall and restore and you're up and running again while you wait on a replacement drive.

    @crw030:

    On the "dont chase onboard nics", I'm taking that to mean if I am going to buy a good intel PCIe card anyway, I can really get by with a cheap i3 mini-itx MB?

    You can get motherboards that have high quality NIC's built in, but most on board NIC's are crap.
    Some people want to chase a motherboard that has good NIC's built in. This is great if you need SFF or get them for a great price, but you'll typically pay a lot more for a motherboard with two onboard intel NIC's.
    i340-t4's are excellent NIC's, low power and can be had for $25 on eBay, so I'm just saying don't beat yourself up trying to find a motherboard with the NIC's you want built in because it doesn't matter._



  • Is there a basic set of tests I could run and metrics I can post (once I get the whole kit assembled and get 1 Gig Internet!) that would productive to share with the community, so others can make an informed decisions whether they need J3355 or i3 (basically what tier to buy in to)?



  • @pfBasic:

    The best way to get a quality card off of eBay is to not purchase a card shipping from China and look for one described as a server pull from a reputable seller.

    Amazon can also be a good source.  Older generation Intel Chipeset (em drivers) from HP, Dell, IBM, Intel are all good and can be had for $25-$45 or so (2 or 4 port) as used server pulls.  I think the I340-T4 is a bit newer than what I'm talking about; the primary advantage of that for a pfSense build would be slightly less power draw due to newer lithography.  It uses the newer igb driver afaik.  Just bringing this up because I don't see any I340-T4 on ebay at the $25 price point :)  But the ~$40 or so I do see for it would make it advantageous over the older cards just for the lower power draw.

    -M


  • Banned

    Yeah $25 is about as good of a deal as I've ever seen. I picked mine up for $30 a few weeks ago.




  • We're driving up demand!  I just bought one and cheapest was $36 + shipping.



  • @crw030:

    We're driving up demand!  I just bought one and cheapest was $36 + shipping.

    That's still a bargain IMO.  Perhaps this means the venerable 82571EB chipset (13 yrs old at this point IIRC) is finally getting replaced by something slightly newer in the sub $50 server pull market  :D


  • Banned

    @whosmatt:

    That's still a bargain IMO.  Perhaps this means the venerable 82571EB chipset (13 yrs old at this point IIRC) is finally getting replaced by something slightly newer in the sub $50 server pull market  :D

    Agreed! IMO the i340 is the best all around NIC for almost everyone.
    It's the most power efficient out the 3 main intel NIC's

    • PRO/1000 PT t-4: 12W (that's like another quad core Celeron!)

    • i350-t4v2:            5W

    • i340-t4:              4.3W

    Both the i340 & i350 are PCIe v2.x, meaning that they can get full quad port gigabit speeds on a PCIe v2.0 slot @ 1x speeds.
    The i350 does have SR-IOV which can be very valuable for VM's, and Ethernet Power Management, but if you don't need those then i340 seems to be the winner to me!

    All can be had for much less if you're OK with a Chinese knockoff


  • Banned

    @crw030:

    Is there a basic set of tests I could run and metrics I can post (once I get the whole kit assembled and get 1 Gig Internet!) that would productive to share with the community, so others can make an informed decisions whether they need J3355 or i3 (basically what tier to buy in to)?

    Absolutely, and it would be greatly appreciated!

    Just post the hardware you end up building out, the connection you are using it on (to include type, i.e. PPPoE), number of clients it serves and packages you use and how you use them. Other details such as IPv4 only, if you have a light or heavy set of firewall rules, etc can be useful.

    After that if you can max out your connection and post CPU usage statistics under load. Same thing if you use VPN.



  • Ok bought, assembled and installed.  Now I need to figure out what testing would be useful to others browsing the forum.

    • ASRock H110M-ITX LGA 1151 Intel H110 HDMI SATA 6Gb/s USB 3.0 Mini ITX  ($60)

    • Intel Core i3-6100T 35W Processor  ($130)

    • 4GB (1 x 4GB) 288-Pin DDR4 SDRAM DDR4 2133 (PC4 17000)  ($27)

    • Silverstone Milo series ML05B Case  ($53)

    • SILVERSTONE SFX Series SST-ST30SF-V2 300W SFX 80 PLUS BRONZE Active PFC PSU  ($50)

    • Used eBay IBM Intel I340-T4 Quad GB  ($37)

    • 3 - SanDisk 16GB Ultra Fit CZ43 USB 3.0 Flash Drive  ($25.80)

    • Misc Shipping:  $22.48

    Total Cost:    $405.27

    Power Consumption (Standby)  : 20.0 W    CPU:  0.05
    Power Consumption (Base Config, routing 1G, no active packages)  :  24.9 - 25.8 W
    CPU Temperature:  40-42 C      CPU:  6% - 8%

    LAN0 - OPT1 iPerf routing ( Desktop Realtek 1GB PCIe -> pfSense Intel (igb3) -> pfSense Intel (igb2) -> Desktop Realtek 1GB PCIe  )    946 Mbit to 949 Mbit
    LAN0 - WAN iPerf routing ( Desktop Realtek 1GB PCIe -> pfSense Intel (igb3) -> pfSense Intel (em0) -> Desktop Realtek 1GB PCIe  )    942 Mbit to 944 Mbit

    Estimating OpenVPN throughput using ( 3200 / execution_time_seconds ) =  371 MBits

    openvpn --genkey --secret /tmp/secret
    time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
    

    Estimating OpenVPN throughput using ( 3200 / execution_time_seconds ) =  374 MBits

    openvpn --genkey --secret /tmp/secret
    time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-cbc
    

    Some bullets about this build.

    • pfBasic recommends the picoPSU, and of course it probably would have worked! This being my first non-PC build I went familiar 300W with autofan, I might still order and try the picoPSU just to see if it saves power

    • This was literally the cheapest micro-ITX board I could find, I took the no-frills approach

    • The Silverstone case was much roomier than the M350 I was considering, the real turnoff for me of a smaller case was I didn't want to have to hack it up first thing to install the i340-T4

    • the i3-6100T comes with stock cooler that is pretty low profile, in this case I would estimate there is 1.25" clearance for another fan mounted on the bracket above the CPU, which could hold a HD if you didn't want to use the 4 SSD drive bays near the PSU

    • I am currently running pfSense off 3-USB3 Sandisk Ultrafit USB drives in a gmirror config, mostly to keep cost down versus SSD

    What can I do next?  Won't have 1G internet until approx 5/1.  Could try routing with Snort or something more intense, route for a few hours to stabilize CPU temp idk.


  • Banned

    A pico-PSU will save you a little bit of pwoer but not enough to justify buying it after you've already got an 80+ PSU. It mainly saves power by not having a fan and operating closer to it's design output on a router. I only saved 7W by switching from an old non-80+ PSU to a picoPSU on my HTPC. The main draw (to me) of the picoPSU is the total lack of noise. It's only valuable to save power as an initial buy, I would probably never recommend purchasing one to save power if you already have a PSU that works.

    As far as benchmarks go, they are all greatly appreciated and a big contribution to this subforum!

    Real world VPN usage & CPU utilization is great!
    Same thing for non-VPN IDS usage/ VPN IDS usage.
    Generally just knowing how hard your CPU has to work to achieve things is valuable, especially at gigabit speeds because not many people have access to that and far less report their performance on it!

    When you get a gigabit connection please let us know how hard your CPU is working to max out VPN, NAT, IDS, etc!



  • That's still a bargain IMO.  Perhaps this means the venerable 82571EB chipset (13 yrs old at this point IIRC) is finally getting replaced by something slightly newer in the sub $50 server pull market

    If you need, must or will absolutely or only use the (em) Driver in pfSense at the WAN port, it should be a chipset that is using
    this driver! And if you fell free to use any Driver from pfSense at the WAN port you may go with any or all other cards.

    •PRO/1000 PT t-4: 12W (that's like another quad core Celeron!)

    (em) driver

    •i350-t4v2:            5W

    igb(4) driver

    •i340-t4:              4.3W

    igb(4) driver

    Intel Chipeset (em drivers) from HP, Dell, IBM, Intel are all good and can be had for $25-$45 or so (2 or 4 port) as used server pulls.

    Some IBM card got their own firmware and are not running well or playing nice together with pfSense until you flashed the original
    Intel firmware on that card and this is not even able to realize!


  • Banned

    @BlueKobold:

    If you need, must or will absolutely or only use the (em) Driver in pfSense at the WAN port, it should be a chipset that is using
    this driver!

    Huh? Why would anyone only use (em) drivers? (em) and (igb) are both supported and work great. PRO/1000 uses em, i3xx uses igb, they both work… I'm not sure I understand what you are saying here?
    @BlueKobold:

    •PRO/1000 PT t-4: 12W (that's like another quad core Celeron!)

    (em) driver

    •i350-t4v2:            5W

    igb(4) driver

    •i340-t4:              4.3W

    igb(4) driver

    I'm not sure why you're listing the drivers for the cards? Both chipsets and drivers work great in pfSense.
    @BlueKobold:

    Intel Chipeset (em drivers) from HP, Dell, IBM, Intel are all good and can be had for $25-$45 or so (2 or 4 port) as used server pulls.

    Some IBM card got their own firmware and are not running well or playing nice together with pfSense until you flashed the original
    Intel firmware on that card and this is not even able to realize!

    I've only ever heard of some IBM cards having some features turned off, never one that outright won't work with pfSense? do you have a reference for this?



  • @crw030:

    Ok bought, assembled and installed.  Now I need to figure out what testing would be useful to others browsing the forum.

    • ASRock H110M-ITX LGA 1151 Intel H110 HDMI SATA 6Gb/s USB 3.0 Mini ITX  ($60)

    • Intel Core i3-6100T 35W Processor  ($130)

    • 4GB (1 x 4GB) 288-Pin DDR4 SDRAM DDR4 2133 (PC4 17000)  ($27)

    • Silverstone Milo series ML05B Case  ($53)

    • SILVERSTONE SFX Series SST-ST30SF-V2 300W SFX 80 PLUS BRONZE Active PFC PSU  ($50)

    • Used eBay IBM Intel I340-T4 Quad GB  ($37)

    • 3 - SanDisk 16GB Ultra Fit CZ43 USB 3.0 Flash Drive  ($25.80)

    • Misc Shipping:  $22.48

    Total Cost:    $405.27

    Power Consumption (Standby)  : 20.0 W    CPU:  0.05
    Power Consumption (Base Config, routing 1G, no active packages)  :  24.9 - 25.8 W
    CPU Temperature:  40-42 C      CPU:  6% - 8%

    LAN0 - OPT1 iPerf routing ( Desktop Realtek 1GB PCIe -> pfSense Intel (igb3) -> pfSense Intel (igb2) -> Desktop Realtek 1GB PCIe  )    946 Mbit to 949 Mbit
    LAN0 - WAN iPerf routing ( Desktop Realtek 1GB PCIe -> pfSense Intel (igb3) -> pfSense Intel (em0) -> Desktop Realtek 1GB PCIe  )    942 Mbit to 944 Mbit

    Estimating OpenVPN throughput using ( 3200 / execution_time_seconds ) =  371 MBits

    openvpn --genkey --secret /tmp/secret
    time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
    

    Estimating OpenVPN throughput using ( 3200 / execution_time_seconds ) =  374 MBits

    openvpn --genkey --secret /tmp/secret
    time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-cbc
    

    Some bullets about this build.

    • pfBasic recommends the picoPSU, and of course it probably would have worked! This being my first non-PC build I went familiar 300W with autofan, I might still order and try the picoPSU just to see if it saves power

    • This was literally the cheapest micro-ITX board I could find, I took the no-frills approach

    • The Silverstone case was much roomier than the M350 I was considering, the real turnoff for me of a smaller case was I didn't want to have to hack it up first thing to install the i340-T4

    • the i3-6100T comes with stock cooler that is pretty low profile, in this case I would estimate there is 1.25" clearance for another fan mounted on the bracket above the CPU, which could hold a HD if you didn't want to use the 4 SSD drive bays near the PSU

    • I am currently running pfSense off 3-USB3 Sandisk Ultrafit USB drives in a gmirror config, mostly to keep cost down versus SSD

    What can I do next?  Won't have 1G internet until approx 5/1.  Could try routing with Snort or something more intense, route for a few hours to stabilize CPU temp idk.

    Theorycrafting from this do you think a i3-7320 might be able to do 900-1000 MBits with a similar build? I was having fun trying to spec something similar that could.

    https://pcpartpicker.com/list/xpfT3F


  • Banned

    No, at least not on a single client. I don't know of any build that can max a gigabit connection at VPN speeds.

    You could probably do it with a modern low end quad core running four instances in a gateway group so long as each core can hit 250Mbps(maybe a dual core if gateway grouping works well with HT). But that configuration has limitations and only certain types of traffic will be able to max out the connection. And I don't even know if that would work.

    I think that's its an OpenVPN limit, not a hardware limit that makes gigabit VPN so difficult to attain.

    Really it's all just anecdotal evidence at this point though. I don't know of any references of someone with a Gigabit connection trying to max pfSense OpenVPN performance on single and/or multiple instances. So if you end up giving it a shot please report back with your findings!



  • Omigosh long time away, back and forth moving and so forth - but now pfSense has been running on Gigabit for about 30 days and I've been routing everything through it – seems like a ROCK!

    Second, wired speed test results (first seemed to be limited by laptop network card at 700/900)

    I managed to setup OpenVPN but I don't have a very good 2nd connection to test out the maximum speed.  I need time to warm up a neighbor so I can iPerf over OpenVPN from gig-to-gig to determine the max pfSense single-connection speed (minus packet-inspection) and also need to flip on inspection and check load.  No hiccups so far with 6 computers, bunch of wi-fi stuff (smartphones, ipads, laptops) and Direct TV stuff all networked together.  Found out lots of websites seem to have a download cap though.

    One thing that stinks is I have to shutdown pfSense to install the UPS which arrived a couple weeks ago.  There goes my 30 days of solid up-time!



  • Recommendations for anyone planning to use this type of configuration for themselves

    1. I am probably the sorriest I went with the TDP crippled version of the processor.

    • My pfSense box runs at near-idle almost all the time.  My bet is the regular processor would draw about the same in this state but have more headroom

    • I use the pfSense local display so rarely, I wish I had investigated the serial port version and maybe gone the no-graphics-at-all route

    2.  Considering the system is always near-idle, I probably should have followed some advice and used a more appropriately sized picoPSU.

    • It wouldn't really have saved any money (they are about the same price as the SFF)

    • But I suspect it would have been more efficient at near-idle.

    • And I would have had alot more space in the case for drives or cooling or something.

    Other than that I am stupid happy with this as compared to even the best consumer routers I have ever owned.

    I have it paired with an AC2200 Nighthawk X4 WiFi Range Extender (Model: EX7300) for whole house coverage.



  • I'm running a q1900b-itx which has an embedded j1900 and it handles 1gbit just fine. I've not set up a vpn yet. But heavy torrenting, streaming, gaming etc. does not exceed 20/30% cpu usage. Do note i don't have FTH. We have a dslam (i think some might call them nodes?) in the building and ethernet cables goes straight from the switch to a wan ethernet plug in the wall in every apartment. But it's kinda similar, just that we don't have any modems. We plug directly into the ISP switch that's located in the dslam.



  • You definitely save money with that configuration.  Just motherboard & CPU alone is $110 cheaper than my configuration.

    I guess I wanted to have the best possible experience and be able to tinker with several pfSense options.  Several competent pfSense people did recommend those single-board setups, provided you can avoid using CPU intensive features.  I suppose if I ever start playing with packet inspection that's when my overbuilt configuration will start to shine.

    I'm still awful happy spending $400 (although to add wireless bumps it another $130), my last several consumer routers have each run $200-$300 range and the FTH provider was recommending another $200 upgrade because my RT-N66U would only provide about 836 Mbps (in their tests).

    I have setup a permanent OpenVPN connection between an old ASUS router and pfSense so I can hopefully record some cameras over it to keep an eye on a distant property, but without exposing the cameras to the internet and all that goes with that.


  • Banned

    If buying a powerful router for cheap is the goal then you won't beat eBay (read: used systems from any source).

    eBay is full of used end-of-lease workstations without HDD's containing i3-i5's that have AES-NI for <$100.
    Buy one of those and install to either a pair of thumb drives or a cheap SSD.
    Add an eBay i340-tX and you can have a very powerful system for ~$100.

    The only real downside is power usage, but without a HDD it really won't be that much higher, probably ~10W or less delta in most comparisons to systems with comparable performance. Translates to ~$8-18/yr in the CONUS for a 24/7/365 box.

    This combo would cost you about $125-150 after tax & shipping depending on where you live (CONUS) and gets you an i5 with a passmark a little better than an i3-7100 for about 15W hotter TDP and it even comes with a HDD & 6GB of RAM. That's a whole system for about the same price as an i3-7100 after tax+shipping.

    http://www.ebay.com/itm/HP-Compaq-Pro-4300-SFF-Intel-Core-i5-3470S-2-90GHz-6GB-RAM-500GB-HDD/152562008743

    http://www.ebay.com/itm/49Y4232-IBM-49Y4231-I340-T2-2-Port-Network-Adapter-/172454305241?hash=item282713ddd9:g:wxQAAOSw6DtYWuxp

    Bottom line is if you want performance for cheap then buy used. You simply will not beat the price/perf. ratio.



  • @pfBasic.

    I figured the savings in electricity would be more substantial.  I don't have one of those old architecture setups to slap on the kill-a-watt meter, but even if the difference was substantial (like several tens of watts difference at idle) it would definitely take years to payoff the difference in price (used vs new).



  • @pfBasic:

    If buying a powerful router for cheap is the goal then you won't beat eBay (read: used systems from any source).

    eBay is full of used end-of-lease workstations without HDD's containing i3-i5's that have AES-NI for <$100.
    Buy one of those and install to either a pair of thumb drives or a cheap SSD.
    Add an eBay i340-tX and you can have a very powerful system for ~$100.

    The only real downside is power usage, but without a HDD it really won't be that much higher, probably ~10W or less delta in most comparisons to systems with comparable performance. Translates to ~$8-18/yr in the CONUS for a 24/7/365 box.

    This combo would cost you about $125-150 after tax & shipping depending on where you live (CONUS) and gets you an i5 with a passmark a little better than an i3-7100 for about 15W hotter TDP and it even comes with a HDD & 6GB of RAM. That's a whole system for about the same price as an i3-7100 after tax+shipping.

    http://www.ebay.com/itm/HP-Compaq-Pro-4300-SFF-Intel-Core-i5-3470S-2-90GHz-6GB-RAM-500GB-HDD/152562008743

    http://www.ebay.com/itm/49Y4232-IBM-49Y4231-I340-T2-2-Port-Network-Adapter-/172454305241?hash=item282713ddd9:g:wxQAAOSw6DtYWuxp

    Bottom line is if you want performance for cheap then buy used. You simply will not beat the price/perf. ratio.

    pfBasic, I just wanted to thank you for turning me on to the idea of buying a used SFF + intel NIC.  I was planning to build a much more expensive low-power box to replace my aging supermicro atom d515 that's been chugging along for years, but it was not nearly up to the task of routing a new 1Gbit/s connection.  I found a dell SFF with about the same specs as the HP you listed for $120 and an i340-t2 for $20.  Easily handles the fast connection and power is relatively low at ~40W idle.  As you said, can't beat the price/perf ratio.

    Thanks again.


Log in to reply