Another hardware question - please advise
-
This has been routinely posted in this forum. I am sorry for posting it again.
I have networked the entire house with CAT6. Two UAP AC pro drive wifi at home. It is a large house. I purchased Cisco Managed Switch to VLAN the network connections.
My broadband speed is 300/20. I work from home a lot. I want to get a suitable hardware to install Pfsense with 4 gigabit lan.
I will be deploying OpenVPN to route as much as traffic including my work traffic as possible. Although my speed is 300/20, I want to maximise the VPN as much as possible and preferably closer to gigabit, considering that I won't be procuring another hardware for the next few years and also for future proofing a bit.
I have narrowed down to three options:
-
Dell R210 II with Xeon E3-1240-v2
-
HP Z220 that has 2 x E3 1240 v2
-
Build Kabilake i3 7100 or i5 7500
Get a used 4 port intel Lan i-340 or i-350 from ebay.
Dell and HP cost £300 plus VAT. A new system would cost £700 or max £800 inc VAT.
I thought, Dell server is a better choice.
Please advise.
Thanks.
-
-
Definitely option 3
I would recommend the i3-7100, even it is way overkill for your needs. You don't need a xeon so better to get modern low end CPUs than EOL xeons.
I don't think you can get gigabit speeds on a single instance of OpenVPN on any machine. From what I understand it's a software limitation not hardware.
A G3950 will do what you are describing for ~$60.
Stepping up from that G4620 ~$95
Up again i3-7100 ~$120It just depends on what you want to spend.
The i3-7100 does have TSX-NI, that might help you out on the 4Gb LAN, but idk?Make sure you get a motherboard that has either:
A built in Intel Gigabit NIC for your WAN
or
At least two PCIe slots supporting 4Gb speeds (anything PCIe v2.0+ with an x4 sized slot)If you want 4Gb LAN, you'll have to put all four of the i3xx NICs in a LAGG to your switch so you'll need minimum 5 NICs.
-
I know things are more expensive over there, but are you saying £7-800 to build a new Kaby Lake system? ???
Just on a quick amazon search you can definitely build it for ~£400, including the i340-t4 and I'm sure you can do better than that if you shop around.
So unless VAT is 100% I don't think you'll hit £800. -
Thank you.
I do want to install Suricata as a part of the solution. How does the specs would change then please?
PCPartPicker part list / Price breakdown by merchant
CPU: Intel Pentium G4560 3.5GHz Dual-Core Processor (£54.93 @ Amazon UK)
CPU Cooler: Noctua NH-L9i 33.8 CFM CPU Cooler (£41.59 @ Amazon UK)
Motherboard: ASRock B250M Pro4 Micro ATX LGA1151 Motherboard (£80.99 @ Amazon UK)
Memory: Crucial 8GB (2 x 4GB) DDR4-2133 Memory (£59.99 @ Amazon UK)
Total: £237.50
Prices include shipping, taxes, and discounts when available
Generated by PCPartPicker 2017-04-20 13:18 BST+0100Case and PSU : I want an ability to rackmount, if required or keep it as a desktop. I have no space for a vertical case in my cupboard.
https://www.scan.co.uk/products/logic-case-2u-rackmount-standard-chassis-6x-35-hdd-bays-2x-525-bays-4x-80mm-fans-2x-front-usb-20-7x- : £65
https://www.scan.co.uk/products/450w-corsair-sf450-high-performance-80plus-gold-full-modular-sli-crossfire-single-rail-37a-plus12v-e : £ 85I have a sandisk mSATA (5 years old but unused). I want to use it with the following:
https://www.scan.co.uk/products/lycom-st-168m-msata-ssd-to-25-sata-drive-converter-with-25-frame : £13.00.
4 Intel i-350.
http://www.ebay.co.uk/itm/Intel-i350-1Gb-s-Quad-Port-RNDC-R1XFC-/381060857850?hash=item58b8ff3ffa:g:~YMAAOSwdzVXqf5K £ 70.
does this work with the parts please?
Total : £470.
How does this spec would perform vs options 1 or 2, for VPN and Suricata please?
The options 1 or 2 give me a slight higher TDP (65w vs 54w) but gives me 4 cores and 8 threads. Cost difference is £110 more for Kabi Lake G4560, £160 more for i3 7100 and £230 more if i5 7500, assuming I do not need any additional fans and no compatibility issues of the selected components.
Thanks,
-
My broadband speed is 300/20. I work from home a lot. I want to get a suitable hardware to install Pfsense with 4 gigabit lan.
This can also be done with the following both boxes:
- APU2C4 ~250 Euro (silent, no turning parts)
- Jetway NF9HG-2930 ~350 Euro (silent no turning parts)
I will be deploying OpenVPN to route as much as traffic including my work traffic as possible. Although my speed is 300/20, I want to maximise the VPN as much as possible and preferably closer to gigabit, considering that I won't be procuring another hardware for the next few years and also for future proofing a bit.
Then something together with an Intel Xeon E3 (AES-NI) would be one of the best options here to go.
Dell and HP cost £300 plus VAT. A new system would cost £700 or max £800 inc VAT.
Before you spend £700 - £800 please have a look on that unit here!
-
Supermicro Superserver SYS-E300-8D ~741 Euro
-
2 x 8 GB ECC DDR4-2133MHz RAM ~100 Euro
-
120 GB mSATA SSD ~60 Euro
-
Supermicro Superserver SYS-E200-8D ~895 Euro
-
2 x 8 GB ECC DDR4-2133MHz RAM ~100 Euro
-
120 GB mSATA SSD ~60 Euro
CPU: Intel Pentium G4560 3.5GHz Dual-Core Processor (£54.93 @ Amazon UK)
- ASUSQ87T
- Jetway NF952-Q170
Could be also interesting boards for you if you want to have a look over it.
-
@BlueKobold:
I will be deploying OpenVPN to route as much as traffic including my work traffic as possible. Although my speed is 300/20, I want to maximise the VPN as much as possible and preferably closer to gigabit, considering that I won't be procuring another hardware for the next few years and also for future proofing a bit.
Then something together with an Intel Xeon E3 (AES-NI) would be one of the best options here to go.
???, Why exactly would an E3 Xeon be so much better at VPN than an i3-7100? Because it costs 4+ times as much $$? OpenVPN is single threaded, so you aren't getting any benefit from the multiple cores that xeons are usually so valued for. i3-7xxxx and Xeon E3-1280v6 (the most expensive current E3) are both the same architecture, have the same base clock, and the same AES-NI. So as far as OpenVPN is concerned, you would pay ~$500 more for the E3 and get 300MHz more in burst clock….
Is there something magical about a Xeon in this application that I'm missing here?I do want to install Suricata as a part of the solution. How does the specs would change then please?
Do you want to inspect your 4 gigabit LAN traffic or just the WAN?
IDS/IPS is very CPU intensive. If you are planning to inspect 4 gigabits of LAN traffic, that's about the only real reason I can see to get a xeon. You'll need a monster to do that, especially if you are upgrading to gigabit WAN, that's 5 gigabit of traffic to inspect. I have no frame of reference for that. But I can tell you that I've seen suricata get up to ~20% CPU on suricata alone in top on my i5-2400 on a 150/10 WAN. Assuming that scaled linearly (it almost certainly doesn't but also the real scale is probably not in your favor) it would take 125% of an i5-2400 to inspect one gigabit of traffic.
Granted, modern architecture CPUs will certainly see an improvement, but still it's a lot of traffic to inspect. -
Also, what are your VPN Expectations on gigabit WAN?
Probably ~6-700Mbps on a single instance is about your limit with today's CPUs without doing something extreme from what I've read. Someone on here got ~600Mbps with an i3-7100 on a single instance.
Consistent OpenVPN throughput is basically a function of "Base Clock + Architecture + AES-NI"If you want Gigabit OpenVPN WAN you'll need to setup a gateway group. A current generation Pentium+ CPU will handle this with two instances.
Suricata is going to be your choke point.
-
@BlueKobold:
Then something together with an Intel Xeon E3 (AES-NI) would be one of the best options here to go.
VPN, Suricata and future proofing (not going to buy another one for a few more years and my requirements could change upwards) are the reasons why I was looking for a used xeon server as options 1 or a workstation as option 2; I thought building a new xeon would take my cost closer to £7-800, if not £1000. I do like the xeon build, although I am not sure if the used xeon in options 1 and 2 are worth taking (as it is an EoL).
Thanks for the heads up on supermicro. I did consider Xeon D1518 and priced in xeon E3-1245 v5 costing £285. This xeon enables graphics by default. I am not sure what the motherboard choices would be in this, which could be a challenge.
Also, what are your VPN Expectations on gigabit WAN?
I would be happy with 700 plus. I am aware spending more on the CPU is going to give only a diminishing return on the VPN side.
Do you want to inspect your 4 gigabit LAN traffic or just the WAN?
A gig to start with. But, would like to keep that possibility down the line. I know, I won't replace this for a few more years unless this fails.
The IDS/IPS is one of the reasons for going down the Xeon route.
-
yeah you'll want a xeon if you want to eventually inspect a total of 5 gigabits of traffic.
-
Yeah. It gives me 4 choices:
- Dell 1U Xeon E3 1240 v2 costing £300 inc VAT. It comes with 4 gigabit lan. I need to add a HDD on a SATA drive. This is R210 II
- HP Z220 E3 1240 V2 costing £360. I need to add an SSD and a 4 port lan
- LENOVO Thinkstation E2 SFF Xeon E3-1230v3 3.3GHz, 8GB RAM, 128GB SSD, K600. It is £300. I need to add 4 ports NIC.
- Custom Build Xeon E3 V5.
All the three are from Ebay and the Lenovo is from Germany with a pretty heavy return postage, if faulty. VAT is paid at the time of delivery.
I would appreciate further comments and recommendations. Thanks
-
I'd do the R210 II. You'll also need to add a 5th gigabit LAN port for 4Gb LAN + your WAN.
Use an SSD, even a cheap one over a HDD.
-
Choice 4 is:
PCPartPicker part list / Price breakdown by merchant
CPU: Intel Xeon E3-1230 V5 3.4GHz Quad-Core Processor (£226.80 @ Alza)
CPU Cooler: Noctua NH-D15 82.5 CFM CPU Cooler (£75.95 @ CCL Computers)
Motherboard: Gigabyte GA-X150M-PRO ECC Micro ATX LGA1151 Motherboard (£98.32 @ BT Shop)
Memory: Crucial 8GB (2 x 4GB) DDR4-2133 Memory (£58.06 @ CCL Computers)
Storage: ADATA Premier SP550 120GB 2.5" Solid State Drive (£49.37 @ Amazon UK)
Video Card: EVGA GeForce GT 710 2GB Video Card (£39.48 @ Ebuyer)
Power Supply: Silverstone Strider Platinum 550W 80+ Platinum Certified Fully-Modular ATX Power Supply (£99.95 @ Amazon UK)
Total: £647.93
Prices include shipping, taxes, and discounts when available
Generated by PCPartPicker 2017-04-20 20:06 BST+0100Adding a case plus Quad NIC would cost an additional £150 assuming all parts are compatible. The total is at least £800.
BlueKoBold's supermicro server is most likely a better choice than building one, if the modern architecture is better. I am a little confused now.
-
I'd do the R210 II. You'll also need to add a 5th gigabit LAN port for 4Gb LAN + your WAN.
Use an SSD, even a cheap one over a HDD.
Sorry. I did not see this. I will sure contact the seller to explore Lan options. Perhaps, go without Lan from the seller and put an intel i-340 or i-350 pulled from the server, assuming R210 II gives me an ability to add to sets of Lan cards.
From performance wise, leaving the cost difference for the time being, are there any advantages of Supermicro Superserver SYS-E300-8D over R210 II sporting xeon e3-1240 v2 please? In terms of CPU benchmark Xeon D1518 scores 4700 points vs E3 1240V2's 9200+.
-
Total: £647.93
Prices include shipping, taxes, and discounts when available
Generated by PCPartPicker 2017-04-20 20:06 BST+0100Would be also a really nice pfSense box and strong enough for all things, all packets and surely 1 GBit/s at the WAN port.
But based on the Gigabyte Mainborad there where incompatibilities with their BIOS in the past and so I would be carful
to get on of this ones!Adding a case plus Quad NIC would cost an additional £150 assuming all parts are compatible. The total is at least £800.
The SYS-E300-D8 is offering 4 Cores and 8 Threads together with 2 x Intel i210 LAN Ports, 4 x Intel i350 LAN Ports and on top of this
2 SFP+ Ports connected to the SoC and one IPMI Port on top of all of this! And another QuickAssist or Network Card if needed.BlueKoBold's supermicro server is most likely a better choice than building one, if the modern architecture is better. I am a little confused now.
Might be enough for many things and future proof, OpenVPN 2.4 is multi core threated and it is using AES-NI too, perhaps
a nice thing for many peoples, I swear on IPsec and AES-NI where a SG-4860 can push nearly +/+ 500 MBit/s over the tunnel.If here the main part is not really pointed to the maximum OpenVPN throughput, it could really be that the Qotom J1900
4-core - 4 x Intel LAN build - 8GB RAM, 120GB mSATA- 10 watts - $260 will do the job also.Sorry. I did not see this. I will sure contact the seller to explore Lan options. Perhaps, go without Lan from the seller and put an intel i-340 or i-350 pulled from the server, assuming R210 II gives me an ability to add to sets of Lan cards.
All can be bought refurbished and from eBay for less and cheap, its only a firewall and not a PC.
From performance wise, leaving the cost difference for the time being, are there any advantages of Supermicro Superserver SYS-E300-8D over R210 II sporting xeon e3-1240 v2 please? In terms of CPU benchmark Xeon D1518 scores 4700 points vs E3 1240V2's 9200+.
Core is not Core and CPU is not likes all other CPUs, but the D-15x8 SoC is power saving and strong.
-
OpenVPN 2.4 is not multithreaded.
There is no chance of running IDS/IPS at the multi gigabit level on a j1900, even if no VPN were required at all.
-
Thanks guys. Very helpful inputs and recommendations.
OpenVPN 2.4 is not multithreaded.
There is no chance of running IDS/IPS at the multi gigabit level on a j1900, even if no VPN were required at all.
Agree. j1900 does not suit the IDS/IPS requirement.
It is clearly Xeon, choosing between R210 II, SM Sys-E300-8D and custom built Xeon E3-v5. All three would fit, although I need to be careful with E3-v5 mobo. I am a little lost for the choice. The SM spec is tempting as it contains 2 10G SFP costing almost double.
I will think a little between these three. Any comments in terms of their relative performance advantage will be greatly appreciated.
-
Just the cheapest thing that can do everything you want it to do is probably your best bet.
-
I am going to think a little to decide the cheapest versus Sys300-8D vs xeon E3-1230 v5 build.
I am sorry. I keep asking.
How does this stake? Is it good for the purpose please?
HP ProLiant DL360e Gen8 (SFF Drives)
-
Xeon E5-2450L EightCore 70w TDP
-
4 x 4G DDR3 RAM
-
4 x GB HP Ethernet 366i (essentially intel i350, I guess)
-
2 usb 2.0 ports
-
2 PCIe - can add additional Lan, 4GB or 10GB Fibre Channel ports
These costs £475.00.
Dell R210 II costs £300 plus SSD (£60) + Intel i350 Lan (£100-£125).
I Need to get an SSD or get SATA-mSATA tray to use my old Sandisk mSATA -
-
1.8 GHz is pretty slow for VPN.
When you are comparing xeons for this build, the most important factor are price and architecture. You don't need anymore cores than the standard 4, but lower clock speeds will hurt your per instance VPN throughout.
Especially on old hardware like that, 1.8GHz from 2012 will be an OpenVPN dog compared to even a cheap modern Celeron.
-
Especially on old hardware like that, 1.8GHz from 2012 will be an OpenVPN dog compared to even a cheap modern Celeron.
Thank you. This is very helpful.
Please forgive me for asking. From architecture perspective, how would E3-1240V2 (3.4GHz, 8MB Cache)-still an EOL in Dell R210 II-stake against D1518 (2.2 GHz, 6MB Cache) please? I know the latter is still a modern architecture. I do not want to sound rude for comparing two different architecture, especially a popular Xeon D family. I am just trying to understand.
This is important for me to understand as I want to decide (i) buy the EoL Xeon as the old R210 II would still cost me closer to £500 after adding an SSD, GB quad NIC, etc or (ii) pay more and get/build a xeon E3-1200 v5 or get the Sys-300-D8.
I am sorry, I keep asking than deciding! :)