Gigabit ISP builds at different price points, wattage, and performance (inside!)

Msuix

Hey all,

I've recently upgraded to a 1gbps symmetrical (not pppoe) service from my ISP, and I've been mulling over different possible builds at different price points / wattages / performances. I've already dug around on the forums and gotten the gist of different builds to accomplish this goal, all relative to what will be done with it. I'm making this thread to get a bit more nuanced opinion on the matter from more experienced users with pfsense as it will be my first time.

Stats:

• 1gbps symmetrical service
• 4-10 devices on network at any given point: gaming, file syncing, streaming
• will be connecting an Amplifi HD and using that as a switch / wifi ap.

Needs:

• full utilization of isp throughput at all times
• basic nat / firewall
• ability to L2L ipsec tunnel (not openvpn) at minimum of 300mbps

Wants:

• low power / heat / noise (none ideally)
• Small physical footprint. I know I could buy a ~$120 SFF office pc on ebay and get a decent quadcore, but thats big, noisy, and high wattage.
• light packetshaping for realtime traffic (calls, etc). lowering priority of bulk downloading.
• would be cool to setup surricata / snort and utilize other packages, solely for learning and fun.

I realize there are many ways to accomplish this, and "all of the above" might require a good 50-60w+ desktop CPU and that's okay to know.

Here are some builds i've put together at different price points, each would accomplish part or all of the Needs/Wants - but i'm trying to be efficient with spend. Can you point out the overkill? Trying to min-max:

Price - Build Name (wattage) [ Multithreaded passmark score | singlethreaded passmark score] {#cores}

$253 - J3355B Build (15w) [1289 | 859 ] {2-Core}
ASRock J3355B-ITX                         $55
Gskill 4GB (2x2GB) 1600 SODIMM $40
Transcend 32GB mSATA SSD         $38
Silverstone SG13B                         $40
80wPicoPSU + 60w adapter                 $40
Intel I340-T4 (4xGbe) PCI-E         $40

$377 - Core i5-5250U Build (25w) [ 3608 | 1440 ] {2-Core} <–Basically a Qotom Q355G4
ThunderSpeed TK550G                         $277
RAM Corsair 8GB (2x4GB) 1600 SODIMM $62
HDD Transcend 32GB mSATA SSD         $38

$379 - Core i3-7100 Build (51w) [5847 | 2229 ] {2-Core}
Intel Core i3-7100 (3.9GHz)         $100
ASRock H270M-ITX/ac Mini-ITX         $89
G.SKILL 8GB (2x4GB) DDR4-2133 $76
BiWin 60GB M.2 Sata SSD                 $40
M350S + PicoPSU 60w DC Power         $69
LP4 to P4 Power Adapter                 $5

$395 - Core i3-7100T Build (35w) [ 5168 | 1930 ] {2-Core}
Intel Core i3-7100T (3.4Ghz)         $116
ASRock H270M-ITX/ac Mini-ITX         $89
G.SKILL 8GB (2x4GB) DDR4-2133 $76
BiWin 60GB M.2 Sata SSD                 $40
M350S + PicoPSU 60w DC Power         $69
LP4 to P4 Power Adapter                 $5

$475 - Core i3-8100 Build (65w) [ 8177 | 2092 ] {4-Core} <– as pointed out by Harvy66
Intel Core i3-8100 (3.6Ghz)         $129
ASRock Z370M-ITX/ac                $135
G.SKILL 8GB (2x4GB) DDR4-2133 $76
BiWin 60GB M.2 Sata SSD                 $40
M350S + PicoPSU 84w DC Power         $90
LP4 to P4 Power Adapter                 $5

$480 - Core i5-7500 Build (65w) [ 8091 | 2119 ] {4-Core}
Intel Core i5-7500 (3.4GHz)         $180
ASRock H270M-ITX/ac Mini-ITX         $89
G.SKILL 8GB (2x4GB) DDR4-2133 $76
BiWin 60GB M.2 Sata SSD                 $40
M350S + PicoPSU 84w DC Power         $90
LP4 to P4 Power Adapter                 $5

$496 - Core i5-7500T Build (35w) [ 7180 | 1861 ] {4-Core}
Intel Core i5-7500T (2.7GHz)         $217
ASRock H270M-ITX/ac Mini-ITX         $89
G.SKILL 8GB (2x4GB) DDR4-2133 $76
BiWin 60GB M.2 Sata SSD                 $40
M350S + PicoPSU 60w DC Power         $69
LP4 to P4 Power Adapter                 $5

$500 is getting kind of steep. Ideally I think the T models (35w) are a good midground in performance, with the J3355B being more of a probably 1gbps wan, but not much else type of build. I read pfbasic's tests regarding 300mbps openvpn so that's promising, however would that be able to do 300mbps openvpn at the same time as other bandwidth maxing out the linespeed? probably not on the J3355B.

Looking it over, its a small premium (~$20) to pay to shrink the tdp on the i5 build from 65w to 35w, while not losing that much in performance. In addition to that, the $253 to $377 jump doubles the single core performance, so unless the J3355B can meet my needs (and some of my wants), then i think i'll be going with one of the i3 builds. the 7100T is pretty tasty to me, 35w-ish and still nearly 2k on the single-threaded score. It's essentially +100% performance over the J3355B for +50% of the money. Hm..

Another note, the i5-5250U build is so close in price to the i3-7100(and T) builds that i'd prefer the better performance and modern architecture over the box from china. I also dont (need) a switch on this device, so the 2x intel gbe on the core i3/5 builds is fine.

There's also the denverton chips starting to become available, I was looking at the supermicro board (Atom C3558) 2.2Ghz [ 2538 | 876 ] {4-cores}. I reckon it would run me about $280 for the board / chip and an addition $170 for ram / ssd / case / psu so ~$450. Seems steep for that level of performance.

Thanks in advance for the comments!

Guest

A Qotom Q355G4 will do, even the i3 model.

Harvy66

Wow, no mention of the $120 3.6ghz quad-core i3-8100?

Msuix

@Harvy66:

Wow, no mention of the $120 3.6ghz quad-core i3-8100?

You are absolutely right! Let me add it. Thanks!

EDIT: After adding the new entry, it seems the choice optimally comes down to either:

$395 - Core i3-7100T Build (35w) [ 5168 | 1930 ] {2-Core}
or
$475 - Core i3-8100 Build (65w) [ 8177 | 2092 ] {4-Core}

I wish the i3-8100T was out. As far as single threaded performance is concerned, I would choose the $395 i3-7100T @ 35w over the quad. As far as overall bang for the buck, the i3-8100 is definitely both the deal and performance sweet spot - though 65w is hefty for my tastes. Still undecided!

Guest

You may want to focus in U and J series builds. The U-series i3 and i5 setups often have about 15W under normal load, even less when idle. Comparing a 15W build to a 35W model is more than twice the power cost while not really getting you much more in terms of performance or options.

Also, keep in mind that upgrades are rather rare. Most often people will add in some RAM or a bigger disk when they want to do extensive logging or maybe add IDS/IPS packages. The CPU and NICs are often untouched from the initial setup unless there is something like a bandwidth limitation based on the NICs themselves (sometimes people will add a 4-port GbE NIC and put it in a LAGG with a managed switch for faster inter-subnet routing and firewalling).

Any embedded build that has a fast enough CPU with room to spare, and already has at least two Intel GbE NICs will probably do as long as you can install anywhere between 4GB and 16GB RAM and have at least one SATA port with at least 3Gbit bandwidth (SATA2). It's when you are going to do line-rate Suricata or Snort where you have to get some really special attention to the main board and CPU.

stephenw10

Keep in mind that the Thermal Design Power given in Watts for each CPU does not indicate the power consumption in comparable conditions. It shows you what size heatsink/fan you will need at maximum load.

If your cost calculation includes a 30W electricity consumption reduction between a T and non-T variant in an always on system you will be paying more than you think. The actual power consumption of each doing the same work will likely be far closer.

Steve

VAMike

yeah, the main difference between a low power chip and a regular chip is that the low power chip is throttled and can't run as fast. at idle, they're about the same. the only reason to care is if you're designing a system than can only dissipate N watts and you want to make sure the TDP never exceeds N.

Guest

Ah yes, that is true. Especially post Core2Duo-era.

bingo600

Isn't the 7100 and other of the new ones prone to the HT bug, if the bios isn't updated ?
If yes , make sure to get a MoBo where you trust that Bios updates will arrive.

I know i dropped a chinese i7 (esxi playtoy), because i didn't trust the Bios was new enough, or ever getting updates.

Now i'm considering an i5 NUC  w. 32G Ram instead (Ought to get updates) , but has a FAN  :-
https://www.intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc7i5bnh.html

CPU
https://www.cpubenchmark.net/cpu.php?cpu=Intel+Core+i5-7260U+%40+2.20GHz&id=2993

I wish the Qotom i5 would take 2 x 8G , then that would prob be enough for an esxi beginner.

/Bingo

Nex-DFM

Are you cooling the CPU with a heatsink? Is that included?

I forgot that CPUs come with a stock heatsink. Whoops!

sparkman123

@johnkeates:

You may want to focus in U and J series builds. The U-series i3 and i5 setups often have about 15W under normal load, even less when idle. Comparing a 15W build to a 35W model is more than twice the power cost while not really getting you much more in terms of performance or options.

Any suggestions on how to find U compatible motherboards? For instance, when I search for "i3 7100u" the only results I get back are for a couple laptop motherboards which cost close to $200

Guest

@sparkman123:

@johnkeates:

You may want to focus in U and J series builds. The U-series i3 and i5 setups often have about 15W under normal load, even less when idle. Comparing a 15W build to a 35W model is more than twice the power cost while not really getting you much more in terms of performance or options.

Any suggestions on how to find U compatible motherboards? For instance, when I search for "i3 7100u" the only results I get back are for a couple laptop motherboards which cost close to $200

That is because those pretty much are laptop CPU's. You won't find them on standard motherboards, pretty much only on embedded and industrial stuff, or the Qotom and MiniSys boxes we already mentioned. There is a small number of ITX board that have them as well, but I have no idea if Intel even allows people to buy they SoCs to put on motherboards with PCIe slots for example.

sparkman123

@johnkeates:

That is because those pretty much are laptop CPU's. You won't find them on standard motherboards, pretty much only on embedded and industrial stuff, or the Qotom and MiniSys boxes we already mentioned. There is a small number of ITX board that have them as well, but I have no idea if Intel even allows people to buy they SoCs to put on motherboards with PCIe slots for example.

What about the LAN NIC types on these mini-pcs? For example, I've seen quite a few threads discussing how bad RealTek LAN adapters are for pfsense. This thread is a good case in point:

https://forum.pfsense.org/index.php?topic=128098.0

There is no mention of what kind of LAN NICs these boxes have in the tech specs, so it's hard to know if they use stock Intel, RealTek or something worse.

Guest

@sparkman123:

@johnkeates:

That is because those pretty much are laptop CPU's. You won't find them on standard motherboards, pretty much only on embedded and industrial stuff, or the Qotom and MiniSys boxes we already mentioned. There is a small number of ITX board that have them as well, but I have no idea if Intel even allows people to buy they SoCs to put on motherboards with PCIe slots for example.

What about the LAN NIC types on these mini-pcs? For example, I've seen quite a few threads discussing how bad RealTek LAN adapters are for pfsense. This thread is a good case in point:

https://forum.pfsense.org/index.php?topic=128098.0

There is no mention of what kind of LAN NICs these boxes have in the tech specs, so it's hard to know if they use stock Intel, RealTek or something worse.

The boxes in the Qotom thread all use Intel cards. Mostly the I2xx series.