A Question on Network Cards, and my choice of hardware….
-
Hi
I have read many posts on the use of both Realtek and Intel LAN cards and can appreciate that the subject can be a little contentious.
But I'm in a position where I am starting to add hardware to my basket to consider a pfsense based PC platform over that of the desktop software client for my PC, Using AirVPN as my provider.
Previously I had my Netgear R7000 router flashed with a AsusWRT-Merlin firmware and used the OpenVPN client and policy based rules to decide what traffic went where. But, even with it overclocked, the router wasn't up to the throughput required for my 80Mb connection.
In my setup the router is the obvious wired connection to the Internet BUT it is then connected (wired) to a Gigabit switch and all my internal LAN traffic runs through the house on CAT5E via similar switches and cabling, either external grade for outside the property or flat good quality cables internal.
So in terms of traffic the router only handle what the throughput can maximise via the Internet.
My R7000 router would be intended to be an AP for wireless connections, again connected to a switch and controlled from there.
The above might not be the most elegant approach but my router has never been used to control internal traffic for my LAN and so to my point…
Does it matter if I use Realtek onboard LAN connectors considering my throughput will be limited to my 80Mb Internet connection....?
The maximum throughput for the router will be the same on the both the WAN and LAN connection.As I am completely new to all of this I'm not sure if any of the above might have limitations but, as long as the appropriate low powered hardware is bought, then it should be a reasonable introduction to the world of a pfsense controlled hardware router.
I am considering a ASRock J4205-ITX Apollo Lake SOD/U3/4S3 M-ITX Motherboard. (Only one Realtek onboard this motherboard but others I have seen have two)
The memory I have already (2x4GB DIMMS)
Already have a suitable PSU
The case Thermaltake Core V1 Mini ITX Cube Case with Fan
SSD drive, already have spare.I was considering a IBM Intel I340-T2 Dual-Port 1GbE PCI-E Server Network Interface Adapter 49Y4232 but they seem a little scarce at the moment on eBay for the UK. The one seller selling them cheaply does not inspire me after phoning them and also noting their feedback, but that might work out if needed. I didn't particularly want the older Pro 1000 dual LAN cards.
Thanks for any advice or opinions :)
-
The J4205 has almost no practical advantage over a J3455. The J4205 has an upgraded GPU which is totally useless on a firewall, and it has a 300MHz higher burst frequency, which you probably will not notice in practical application. That being said if it just happens to be available and the 3455 isn't, then go for it.
One more thing on both of those chips though, I don't know which boards you are looking at but the ones I've seen in ITX form factor only have Physical PCIe x1 size slots. You can cut out the back wall of the slot or the correct pins off of the card, but most people aren't interested in doing this. I'm assuming you aren't interested in this and in that case would recommend you go with either the micro-ATX sized boards, or buy a J3355B ITX board, it will do everything you're describing and it's ~$55.Also, for any of those ITX form factor boards, you'll need SO-DIMM (204 pin) RAM.
As far as the NICs go, for 80Mbps you probably won't have an issue with the realteks. But the probably is why everyone just recommends using Intel, because you won't have any issues with a PRO/1000 or i3xx. If you are looking for low power then it's probably worth it to you to hold out for an i340 as they use about half the power of a PRO/1000.
In the configuration you posted, unless you are maxing out a gigabit of throughput on your LAN regularly then you best bet is:
i340 port 1: WAN (to modem)
i340 port 2: LAN (to your switch, then connect your Wireless AP to your switch)
Realtek port: Guest wifi or something you don't need reliability onAgain, you may very well be able to use the Realtek without issue but too many people have had issues with them to recommend them (since you already are planning on having the hardware on hand to just use a dual port intel NIC).
-
Thanks for your reply. What you have written now makes sense to me, as I had seen posts about the need to cut the back wall off a port or pins off a card, now I understand why.
I also did not appreciate the SO-DIMMS being needed. I have spare sets of std DDR3 memory.
I had mentioned ITX but can now appreciate, apart from size, some benefits of the M-ATX board….
ASRock J3455M Apollo Lake 2xD3/2xS3/G M-ATX Motherboard - Grey https://www.amazon.co.uk/dp/B01MPXJLDU/ref=cm_sw_r_cp_apa_KF-4ybKGN9XENASRock J3455M Apollo Lake 2xD3/2xS3/G M-ATX
Point taken about the brand of cards, I might just hold out to see if the i340 becomes available.
If I did go for that M-ATX board I would need to use the on board NIC and an old Pro 1000 single LAN card until I got an i340 dual LAN. Is it easy enough to swap out cards and connections whist maintaining the pfsense install.?
Thanks again.
-
Yeah, pfSense in my experience is almost hardware agnostic in this sense. I've pulled a harddrive with pfSense installed on it from one machine and plugged it into another machine that shared 0 common components and it worked great.
In order to switch out your NIC, you'll just have to reassign the interfaces when you boot back up. It will prompt you in the console on boot, so plug a monitor into it when you do the swap.
EDIT: there is an issue (I believe it's specific to a certain version of pfSense in specific configurations) where the reboot will appear to hang when reinstalling packages. I don't think that it applied to what you are doing, but if it does look like your system is hanging while installing packages just walk away and make a cup of coffee, it rectifies itself after ~20 minutes.
Again, I don't think this applies to what you're describing but I thought I'd mention it since it's a really easy fix but can be very frustrating if you don't know to just give it time. Sorry to be so ambiguous.
-
Thanks that is just what I wanted to read..!
Also…..
Just read about the dual core ASRock J3355B-ITX 2DDR3(SOD)/2S3/GL M-ITX Motherboard.
Doesn't matter about being dual core for my needs and it is ITX and has a full size PCI-e slot.
Excellent as I would prefer the small firm factor albeit i would need to buy SO-DIMMS.
Thanks again
-
Yeah those are great boards, I have one for an HTPC and have tested it out on pfSense with great results.
If you'd rather buy RAM than have a larger board then I think it would be great for you.
For your needs, with an i340 you could even virtualize it with ESXi and run pfSense and an HTPC on any of the Apollo Lake boards! ;)
-
Although it would be "down the road" the virtualization was something that I knew a i340 could offer me.
Whilst we do enjoy our Odroid C2 for our media needs I can appreciate what virtualization could offer with that ITX board and i340.Thanks yet again.
-
ASRock J3355B-ITX 2DDR3(SOD)/2S3/GL M-ITX Motherboard.
Thermaltake Core V1 Mini ITX Cube Case
Crucial 8 GB Kit (4 GB x 2) DDR3L 1866 MT/s (PC3L-12800) SODIMM 204-Pin Memory
Ordered
Thanks again
-
Congratulations, please let us know how it works out for you and ask any questions you may have about configuration!
-
My hardware arrived and with what I had already the build includes….
ITX cube case, didn't use the case fan.
ASRock J3455M Apollo Lake 2xD3/2xS3/G M-ATX
8GB SO-DIMM memory, way too much I know.
Old SSD drive
Be-Quiet 80+ Gold 500w PSU, from an old build.
i340 T2 Intel dual port LAN card from eBay.It took me a while to figure out that pfsense would not boot from the USB drive as the BIOS is in UEFI mode and so compatibility mode needs to be enabled. You would not believe how many times I created several sticks to find that one out...!
Install was uneventful, in other words it worked....! All connected now with my PPPoE connection and DHCP enabled for the LAN.
My R7000 is now in AP mode for wireless.
The box is very very quiet. I can't even hear a PSU fan, if it is running. As there are no other fans it should be as near silent as possible. It is in a well ventilated area.
My next major challenge will be.....
https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/#entry40138
how to set up pfsense to use as a client for my AirVPN connection.
I have read the above guide and I'm a little overwhelmed at the moment....!
As yet I'm continuing to use their desktop client for just my PC to use the VPN connection, hopefully that might improve one day...!
-
Just keep asking questions here! The forum is here to mitigate feeling of being overwhelmed. I can't help with specifically AirVPN, but I'm sure others can!
-
Thanks :)
As you have one of those motherboards, I have asked this in the Asrock forums but not got a response as yet….
Before installing pfsense I decided to let it boot to the SSD I had fitted, it happened to have a Windows 10 x64 build installed. All went well.
This allowed me to test the board out beyond what I would otherwise know by using pfsense.
What I noticed was if I used CPU-Z and CPU-Temp I could stress the CPU load to 100% and this would raise the CPU frequency to 2400mhz, 24x100.
But as this CPU is rated by Asrock to be 2500mhz I assumed I would have seen 25x100 to equate that maximum speed...?
Have you noticed this...?
Thanks
-
My hardware arrived and with what I had already the build includes….
ASRock J3455M Apollo Lake 2xD3/2xS3/G M-ATX
this CPU is rated by Asrock to be 2500mhz
IDK if ASRock mistyped something somewhere but Intel is the place to go for CPU specs,
-
J3455 is 1.5GHz burst to 2.3GHz
-
J3355 is 2.0GHz burst to 2.5GHz
Did you get a J3355?
Either way, when you're speccing out your system use the base frequency to evaluate the kind of performance you can get.
Burst frequency will only happen when the conditions are right and only for a short period.
If you keep your computer in a hot room you might never see much of any bursting happening because the CPU doesn't have the thermal overhead for it.
If you were to keep the computer in an ice cold room or use excellent cooling on it you would see it hitting its full burst frequency a lot because it would have so much thermal overhead. -
-
My hardware arrived and with what I had already the build includes….
ASRock J3455M Apollo Lake 2xD3/2xS3/G M-ATX
this CPU is rated by Asrock to be 2500mhz
IDK if ASRock mistyped something somewhere but Intel is the place to go for CPU specs,
-
J3455 is 1.5GHz burst to 2.3GHz
-
J3355 is 2.0GHz burst to 2.5GHz
Did you get a J3355?
Either way, when you're speccing out your system use the base frequency to evaluate the kind of performance you can get.
Burst frequency will only happen when the conditions are right and only for a short period.
If you keep your computer in a hot room you might never see much of any bursting happening because the CPU doesn't have the thermal overhead for it.
If you were to keep the computer in an ice cold room or use excellent cooling on it you would see it hitting its full burst frequency a lot because it would have so much thermal overhead.sorry I did not explain it well enough….
I did get the J335 and it is noted as 2Ghz but its burst rate should be up to 2.5Ghz, as you also noted :)
But when I stressed it I then find it will show as 2.4Ghz and CPU-Temp will show it as 100x24.
This should show as 2.5Ghz and 25x100 if it was to meet the spec of 2.5Ghz. The CPU was cool and not being throttled at the time due to heat.
-
-
Yeah I don't know why it wouldn't hit the top burst frequency.
There is probably a whole set of criteria for how Intel handles turbo boost and I don't know what it is.
It also might be a windows thing? I really don't know. -
Yeah I don't know why it wouldn't hit the top burst frequency.
There is probably a whole set of criteria for how Intel handles turbo boost and I don't know what it is.
It also might be a windows thing? I really don't know.No worries and many thanks
The point that CPU-Temp was able to show the multiplier at 24 and thus only 2.4Ghz is something set by Asrock, there is no manual override with this board for the clock frequency. I'm hoping that they will come back to me on that one within their forums and I've also contacted an Asrock rep.
If I get a reply from either I'll post back here
As a side note my AirVPN connection is now up and going.
But somewhere I'll have to figure out why the firewall within pfsense is blocking my Usenet clients from connecting on ports 119 and ports 563.
-
I did get the J335 and it is noted as 2Ghz but its burst rate should be up to 2.5Ghz, as you also noted :)
But when I stressed it I then find it will show as 2.4Ghz and CPU-Temp will show it as 100x24.
This should show as 2.5Ghz and 25x100 if it was to meet the spec of 2.5Ghz. The CPU was cool and not being throttled at the time due to heat.
Did you stress it with a single thread or multiple? It's my understanding that the max boost speed would only apply if a single core is stressed, and then only if power and thermal limits allow it. If it's boosting to 2.4GHz on all cores then I'd say you're doing pretty well.
-
Point taken about the cores.
Considering that I have managed to get pfsense working now with my VPN connection and at around 75Mb the CPU is showing around 20% load all seems good.
Just to satisfy my curiosity it would be interesting what Asrock will have to say. I still suspect that it is the BIOS limiting the CPU to a 24x multiplier. Which could be for thermal reasons due to the passive cooler fitted.
-
my Asrock J3455-ITX is doing the same as your J3355, during multicore stress testing in prime95.
it should hit 2.3GHz, but I'm only seeing 2.2GHz (multiplier x22)
-
That's interesting. I wonder if it is a Asrock / BIOS means of thermal or stability control as I would doubt that it would be an Intel limitation.
Asus also use some of these chips in similar boards but I haven't read about their limitations.They have not replied here….
http://forum.asrock.com/forum_posts.asp?TID=4787
... When I asked that question.
I do feel kinda cheated...! Lol