Right Mainboard / CPU to use (so many differen opinions…!)
-
Hi there,
i want to build my own Pfsense-System (rackbased). After surfing this forum an the net in general, I'm still not sure what will serve me best (and kind of brain-fragged by the differen opinions).
Requirements:
1. What I wan't to be able to realize with / behind the box
a. Homenet zone for private use
b. DMZ for web server / mail server (not that much traffic)
c. VPN-Entrance for about 5 simultaneous users with OpenVPN. 2-3 should be able to watch videos, served by a synology inside the homenet zone.
d. One Site-to-Site VPN with IPsec (or OpenVPN) for backups (not time relevant)
e. central services: DNS (bind), DHCP, time server, squid/proxy, typical firewall rules2. fibre-channel WAN (200 - 500 Mbit downstream)
3. internal net of home zone is gigabit network
4. appliance will be build inside an 1u rack-case (!)
5. Low power consumptionThese are the boards which seem to fullfill my requirements to some extents.
Jetway NF9HG (Celeron N2930, no AES-NI) - seems to be the most fitting
http://www.jetwaycomputer.com/NF9HG.htmlPro: 4 NICs, CPU often used for Pfsense (?)
Con: no AES-NIMitac PD10AI-N4200 (Pentium N4200, AES-NI)
https://www.technikaffe.de/cpu_vergleich-intel_celeron_n2930-398-vs-intel_pentium_n4200-658Pro: low power consumption, AES-NI
Con: only 2 NICs, further NICs could be added by PCIe x1 and extension cable but (for me) not simple in an 1u caseJetway NF533 (Celeron J1900)
http://www.jetwaycomputer.com/NF533.htmlPro: often used for Pfsense (?)
Con: Board need external power supply, no AES-NIQUESTIONS:
A: Which board / CPU would you recommend? (futher suggestions?)
B: Is AES-NI important in my use case?Thanks a lot for your help!
-
A) https://www.netgate.com/solutions/pfsense/sg-4860-1u.html
B) https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html & https://www.netgate.com/blog/more-on-aes-ni.html -
Some jetway industrial grade boards which are using 6th or 7th generation intel core CPUs if you don't mind the power consumption:
http://mitxpc.com/products.php?cat=164Some xeon-d bare bones with supermicro boards if you are caring about power consumption:
http://mitxpc.com/products.php?cat=165Some xeon/i3 bare bones from supermicro if you don't mind the power consumption:
http://mitxpc.com/products.php?cat=163Atom C3000 series are newer than C2000 series. I search google that SuperServer 5019A-FTN4 bare bone which is using Atom C3758 is $662.
If you don't mind laptop cpu and it has only 2 cores, Qotom Q355G4 or Q330G4 bare bone will have much lower price than above.
(And I have a Q355G4 too.) -
Thanks for the answers!
The Supermicro SuperServer 5019A-FTN4 seems to be a great piece of metal!
But wouldn't this be overkill?
-
pfSense SG-4860 would be matching well or a self made pfSense box with a SuperMicro A1SRi-2758F would be my
personal choice here.The Supermicro SuperServer 5019A-FTN4 seems to be a great piece of metal!
If to high in price, the older Atom C2000 series will be fine enough for 200 - 500 MBit/s for sure.
But wouldn't this be overkill?
In the late month of the year 2017 I would not be buying something without AES-NI and Intel QAT.
It is for sure that there will be at someday new hardware from all vendors and also from Netgate too,
but you search now a box! And for sure a small 2 core Xeon D-15xx will be also in that price range
but owed to the 5 OpenVPN tunnel you should be considering something with more CPU cores.
OpenVPN is not multi cpu core using, but each OpenVPN tunnel is able to run over one CPU
core, and 5 OpenVPN tunnel could be using the 5 CPU cores and one for the WAN interface
might be the counting 6 CPU cores. -
SuperMicro A1SRi-2758F has been in my focus too at first. Got scared away by the bug (which seems to be solved right now).
Topic is solved.
I WILL get the SuperServer 5019A-FTN4…but later :P.
After talking to a collegue, I'll bridge time by using the following setup:
Xeon-E3-1230v2 / 8GB RAM on Board with 2 Gigabit NIC
- HP NC364T 4- Port Gigabit NIC (which will hopefully will work together)
I'll paid around 250$.
Not the most powerful setup, but 8 threads should work for starting a new hobby... 8). Now having a hard time, waiting for Friday!!! :'(
Thanks everybody!
-
Xeon-E3-1230v2 / 8GB RAM on Board with 2 Gigabit NIC
- HP NC364T 4- Port Gigabit NIC (which will hopefully will work together)
Please forget the other stuff there above! You are sorted. Stay with it! Which board do you consider
to go with? It might be the perfect pfSense machine add some RAM and get a mSATA and you will
be using it during the next 5 years and you will remember that conversation here some a day.I'll paid around 250$.
Catch it!
Not the most powerful setup, but 8 threads should work for starting a new hobby… 8). Now having a hard time, waiting for Friday!!! :'(
Install all you need and want that box can handle it I am pretty sure!
AES-NI support - 3,30GHz - 3,70GHz - 4C/8T -
Oops! Sorry!
Actually I meant to say 'have paid'. ;D Board is a MSI MS-S0121. Enclosure is some no name metal. But hey! Who am I to reject this hardware plus two HDDs for that price!?
(the HDDs will be replaced by an 64 GB SSD I have in stock).
Cheers!
-
So your intended use is somewhat close to mine. I'm trying to fully utilize FIOS Gigabit with ipsec/vpn between 2 locations.
Site to Site VPN throughput will probably be biggest determining factor. Have been testing different devices in lab for several weeks. Have made 2 determinations so far.
1. don't try and use non AES-NI hardware if you want good vpn throughput. I maxed out at 350 Mbps in lab on a dual core pentium non aes-ni. And as I think another poster pointed out, I think all new pfsense builds will require AES-NI hardware or something to that effect.
2. Don't think any Atom / Celeron cpu's are going to cut it if you want good throughput and not maxing out utilization.
For my needs I've determined that I'll likely need an i7-3600 or better CPU on both ends to saturate FIOS Gig over ipsec/vpn. Could probably do it with less cpu but I want overhead in case I want to mess around with any additional packages.
Here is a device that I am thinking of getting:
[urlhttps://www.newegg.com/Product/Product.aspx?Item=N82E16856107170&cm_re=jetway--56-107-170--Product]
It's barebones so it needs a processor, memory and storage.
-
So your intended use is somewhat close to mine. I'm trying to fully utilize FIOS Gigabit with ipsec/vpn between 2 locations.
Site to Site VPN throughput will probably be biggest determining factor. Have been testing different devices in lab for several weeks. Have made 2 determinations so far.
1. don't try and use non AES-NI hardware if you want good vpn throughput. I maxed out at 350 Mbps in lab on a dual core pentium non aes-ni. And as I think another poster pointed out, I think all new pfsense builds will require AES-NI hardware or something to that effect.
2. Don't think any Atom / Celeron cpu's are going to cut it if you want good throughput and not maxing out utilization.For my needs I've determined that I'll likely need an i7-3600 or better CPU on both ends to saturate FIOS Gig over ipsec/vpn. Could probably do it with less cpu but I want overhead in case I want to mess around with any additional packages.
Here is a device that I am thinking of getting:
https://www.newegg.com/Product/Product.aspx?Item=N82E16856107170&cm_re=jetway--56-107-170--Product
It's barebones so it needs a processor, memory and storage.
You should also avoid mobile processors if VPN speed is your main criteria as one of the primary attributes of mobile processors is that their speed is capped to ensure a lower TDP. The description for your selection specifies mobile CPUs…
-
You should also avoid mobile processors if VPN speed is your main criteria as one of the primary attributes of mobile processors is that their speed is capped to ensure a lower TDP. The description for your selection specifies mobile CPUs…
Newegg's information is wrong about this bare bone. Here is the web page from jetway which is showing Socket 1151 desktop CPU and SODIMM laptop memory:
http://www.jetwaycomputer.com/JBC153F592.htmlBy the way, this is a very good board except the 16GB memory limit is low if someone want to use IDS/IPS.
