Which CPU / Mobo for enthusiast home network

  • Hey Guys,

    I know these kinds of questions are asked over and over again and I am sorry for bringing it up yet again BUT at this point i have no idea what is going on anymore.

    For the last couple of years, building pfsense box came up my mind again and again but it always came down to the question "which CPU / mainboard or hardware configuration do i need". There are so many different possibilities to choose from and meanwhile it feels like I read every hardware recommendation post on these forums and even reddit like twice.

    Some information of what i want to do or want to be able to do:
    In general I want to build a proper network perimeter firewall, mostly because with the setup i have currently there is always something that seems off. So this project should help me in terms of security but of course for learning as well.
    This is gonna be for my home network which is connected to a 400mbits/40mbits cable connection with only a few clients. Full fiber 1gbits/1gbits are more and more common where I live so the system that I build should be able to handle this kind of throughput as well. Based on what I read over and over again it seems to me that when it comes to routing gbits (routing only) it might not even matter and probably all CPU´s that came out in the last decade would be able to handle it. But of course this system wont do routing only.

    I definitely want to use packages such as snort, clam-av and squid. (deep packet inspection would be cool but might not even be feasible with more and more sites featuring HTTPS and certificate pinning?)
    So i guess it comes down to the packages installed and running and it seems like that the mentioned ones are especially hungry when it comes to hardware (might consider suricata instead of snort because of single/multi threading, maybe you can provide a recommendation on this as well

    Up until now i never really felt the need to use VPN connections but of course I might in the future.

    Hardware wise it should of course consume as little power as possible and this is why I was really interested in Intel Atom (c2xxxx and c3xxxx) or maybe even xeon d 15xx. So of course the question is which of those platforms would cut it? Id probably go for c3xxxx but with issues for support of these platforms it doesn´t make sense.

    So in the end the questions, based on the information above and the listed packages, use cases, which platform would you propose or recommend. At this point I am open for everything, maybe there are chips that will get the job done easily and wont cost like 600 bucks. On the other hand I always love having some air to breath when it comes to hardware, making it just a little more future proof. So the main focus should be "bang for the watt" when it comes to power consumption and budget could be up until 700-800 for the whole system (is it really necessary to spend that much on a router, or rather "security appliance" that protects the assets in my network? ;).

    I would really appreciate honest feedback and experience.


  • Do u have a generic old PC sitting around that u can load Pfsense and play with? That way (1)U know what you want loaded, (2)Then u have a base line whether u need more cpu power/ram/storage.

    I used an old PentiumIII single core, PassMark 500, 55 watt, as my play box, and after a couple of months playing with it, I knew what my target was then moved to a dedicated 10 watt box Atom E3845 PassMark 1500.

    Gigabit speed am thinking an i3 cpu to be perfectly comfy, in a dedicated box <20 watts.

  • Well when it comes to "spare" parts i only have my old desktop pc which is running on the  LGA1155 platform and features a i7-2600k so not the best solution when it comes to low power consumption :)
    Another option would be to run it within a VM but this would serve testing and "playing around" needs. So in the end I would need to get dedicated hardware.

  • LAYER 8 Global Moderator

    And have you even looked at the offerings from netgate and get an official appliance?  The SG-3100 prob be a nice fit.. And they are coming out with some new stuff.

    When I went away from running on my VM, went with the sg-4860 and call tell you does everything I want without breaking a sweat..  And uses nothing for power..

    You have made no comment to budget…  When you compare up the bost of building your own or buying some china box..  How much are saving?  If any.. And buying an appliance gets you gold, you are supporting the product your using to keep them going and new stuff. And you can be sure its going to work flawless, etc.

  • Yes i check the offers and they seem great but to me, prices seemed to be bit high for what you get. The sg-4860 you mentioned features the C2558.
    Does it still make sense to buy the c2xxx chips in 2018 especially if you had to compare it to the c3xxx (which is not fully supported yet..) and the xeon d-5xxx?
    Working as a system engineer i love to build stuff and tinker with it ;) So the question is not only if you save or spend more money if you DYI but would you get newer hardware that is maybe in the same range and has more power.
    Do you have any details regarding new stuff coming to the market and when?

    Budget wise it should be well within 400 - 600 bucks (there is some wiggle room of course).

  • I'd suggest looking at J3355 based motherboards. Same basic architecture as denverton but you'd put in a generic multiport NIC and avoid dealing with the driver issues there. Should come in well under your budget.

  • Unless you have a special case, getting a bare board and CPU doesn't really make sense anymore.

    The two populair china choices work well (qotom, minisys), as do the entry level Netgate boxes. All of them are small, don't use a lot of energy, and can do all the things an enthusiast home network could need and more.

  • LAYER 8 Global Moderator

    I have no insider info if that was the question on new stuff coming out.. But I do catch bits and pieces here on the forum that others that do not frequent it as much as me might have missed… Ivor for example mentioned this the other day...

    "We will have exciting update soon for those who wish to upgrade from 2220. "

    As to c2xxx vs c3xxx -- not building a gaming rig ;)  Not all that worried about squeezing the best possible bang for the buck here..  It was the appliance that looked best for my wants/needs.. Is why went with the 4860.. I did not want a 1U system (just don't have room).  Also thought about the SG3100, which would of been nice to play with as well - but zero need for the switch ports.  Since was getting a sg300-28 vs the -10 model I had.. So got switch ports coming out my you know what.  What I wanted was those those few extra router interfaces to spread vlans across, etc.

    Sure you can save a few bucks here, maybe get a bit extra umph for your $ etc.. Yeah we all like the latest and greatest xyz on the market, etc.  But when it comes down to the router/firewall for your home/lab that is going to run for 3+ years more than likely does it really matter all that much?  You buy ABC and 3 months later its old news ;)  The big thing also is you support pfsense/netgate for those few extra bucks you might spend.. And guess what you know its going to work!  Not have to worry about oh XYZ hardware in this diy box likes to cause a kernel panic, etc.

    The 4860 is just a bit over your budget, and the 3100 is below your budget... So to me you have 2 options right now you could pull the trigger on..  Or wait and see what new fun stuff they are going to announce..

  • I'd just do what a lot of the china buyers do: get the cheap powerful box and get a pfSense Gold subscription, even if you don't think you need it. It's only 99 per year.

  • Don´t get me wrong, i´d totally squeeze out the money for the SG-4860. If it has enough power run the mentioned packages and doesn't require me to tweak/mess around with the settings to get it stable its worth it.
    My issue is that, me living in Switzerland, the prices for these appliances are crazy. Saw an offer from one of the Netgate partners at 1200CHF. And for this price I can easily get a high end gaming rig CPU/MB/RAM combo ;) this is essentially why I was asking.
    I didn't check offers in Germany or other European countries but shipping and importing (depending on the price of course) into Switzerland is always something to factor in.

    On a side note: I saw that the XG-7100 is running a C3558 and will be ready for shipping in march from what I could gather from the website. Does this mean that a solution for this chip will be available soon as well or is this system equipped with extra NICs to work around this issue?

    Or wait and see what new fun stuff they are going to announce..

    Might be the best option in this case.

    The Xeon D chips seem to be great as well but of course power consumption is way higher..

  • LAYER 8 Global Moderator

    Why can you not just buy direct.. I do believe they will ship overseas..

    I show exchange rate currently
    750 USD =704.080CHF

    And then you pay for shipping..

Log in to reply