Hardware - 1GB Internet and 10GB Lan
-
Hey guys,
I am looking to build a new server and I was looking at the Atom c3858.
I know its not supported, and my other option would be to get a Xeon-D 1541. However the Xeon is older and I am not sure what is the latest CPU (ideally SoC with 10GB-baseT on-board) I can get.
Any suggestions?
I have had a quote for the following:
Barebones System with Atom C3858 and A2SDi-TP8F Board
Samsung 16GB DDR4 2400Mhz UDIMM
Samsung PM953 128GB M.2 PCIe NVMe SSD£ 1,274.34
-
It doesn't matter what your LAN does when it isn't routed and only switched. If you have one machine talking to another on a lan, and they share the same subnet and are connected via a switch, none of the packets ever get to pfSense, they just get switched from one port to another on.. the switch. Which is why it's called a switch.
Anyway, if you're willing to spend 1k+ just get one of the boxes from netgate's shop, they work and are supported.
-
That is like 1800 USD… Yeah get a netgate appliance..
So a SG-8860 would be about half of that budget... While a XG-1537 would be a bit over, slightly - but has built in 10ge support via SFP+ interfaces..
-
Well as good as the Netgate might be, I don't want to be stuck. At least with a server based solution, I could move to another firewall OS if I chose. Also easier to upgrade as needed etc…
Wouldn't you say you get more bang for you buck if you build it?
-
Well as good as the Netgate might be, I don't want to be stuck. At least with a server based solution, I could move to another firewall OS if I chose. Also easier to upgrade as needed etc…
You can do the same on the netgate stuff.
Wouldn't you say you get more bang for you buck if you build it?
Not anymore. Especially with the stuff that comes form china, some of it has a high enough quality. Regarding A-brand hardware, unless you are using toy gamer pc stuff, the pricing is almost no longer worth it since they are all geared towards large quantity buyers only. The last time I still found some value in building from scratch was when SuperMicro just released the X10 series of motherboards, and as they were somewhat late with the Xeon E3's already being out for a while and dropping in price, it was doable to make something competitive.
But now, when you need to do something 'special', it's pretty much cheaper to just get barebones or prebuilt systems. The 1U/2U systems netgate sells are just plain SuperMicro setups with optimised firmware. It's not magic, it's just optimisation and selecting parts. If you have to do that yourself, you have to spend quite a few hours comparing stuff and you may still end up with problems down the line because the number of people using a setup like yours is so small that a whole lot less gets tested for your specifics.
-
"Wouldn't you say you get more bang for you buck if you build it?"
No not really - and you do not support the company providing you with pfsense.
You can install esxi even.. Here is a link to install esxi on sg-4860 for example.
https://www.netgate.com/docs/platforms/rcc-ve-4860/esxi.htmlYou more than likely can do that for other hardware - I just know that link because I have a 4860..
Keep in mind its just a computer as well.. Shoot they even have instructions on installing that distro that will not be named by me here… Maybe they pulled that? It was there the other day and I asked ivor why would they do that ;) But there are install instructions for ubuntu, centos, debian, openbsd, freebsd etc.
edit: To be honest.. If you have a budget that falls in range of pfsense hardware that can do what you want it to do buying other hardware that might save you a couple of bucks is to amount to biting the hand that feeds you. They have 2 pretty powerful boxes that fall into your budget amount.. And from your brief description of your needs fit the bill, that you would not support them by buying their hardware seems crazy to me. And that you would ask about doing such a thing on a pfsense forum - there is one thing if you were on a generic tech board asking about hardware you could run pfsense on. Or say you were building a VM host and were wondering what kind of performance you could expect from running pfsense ce on it.
Buying netgate gets you support of your chosen firewall distro, you are sure its going to work. You are sure that they will support bios updates that could fix/add functionality. And don't forget you get gold, you get a few extras - the aws wizard, the ipsec profile wizard for ios device, etc. And their our some tweaks in the build vs the ce build since they control and know the hardware, etc.
Its a win win win when you get netgate hardware.. Its one thing if say the sg1000 is not up to your needs, and the sg3100 is a 50% more than what you wanted to spend, etc. But I would think the 8860 would do everything you want and is like half your stated budget. And the next model up is just a screaming box for a tad over your stated budget, etc.
-
By the way, you do get some sweet hard-to-get stuff: coreboot (IIRC!) So they won't use the crappy UEFI firmware, but you get coreboot and can load the OS directly from that, or put TianoCore, SeaBIOS or something else in between in case you want to use an OS that doesn't know how to boot from coreboot.
-
well as they say, "you learn something new everyday".
Let me check out the Netgates. Is there any news on PFsense 3.0? I really like the UI and DPI stuff Unifi give you, there doesn't seem to be anything like that on PFSense.
-
well as they say, "you learn something new everyday".
Let me check out the Netgates. Is there any news on PFsense 3.0? I really like the UI and DPI stuff Unifi give you, there doesn't seem to be anything like that on PFSense.
There is Snort or Suricata, that's some real DPI stuff.
