• I'm thinking of getting one of these J1900 computers for use with pfsense. What sort of performance can I expect with it? I'll be getting a 500/20 Mb connection in a couple of days and want to be sure what I get can handle it. I understand that this CPU doesn't have AES-NI support, but that's not important to me, so long as pfsense doesn't require it. I'm the only user, as my dog & cat haven't shown much interest. ๐Ÿ˜‰

  • LAYER 8

    i like the review of that product ๐Ÿ˜‚ ๐Ÿ˜‚

    I bought one of these Qotom miniPCs. It lasted 2 weeks, then went up in smoke

    Randomly the 2280 SSD just decided to nose dive one day and my whole network went down with no ability to recover the config file for PFSense since it was stuck in UFS read only mode, and I tried absolutely everything. I opened it up and it doesn't me that it is a really cheap no name brand SSD inside

    Hardware cannot be detected with PFsense or OPNsense as claim by others. It work well with Untangle without wifi.


  • @kiokoman did you buy a Qotom? or one of the many variants?

    I have a small HO with 7 PCs, 2 MediaBoxes, 1 BluRay, 1 Dreambox, 1 NAS, 1 Printer, 4 cameras, VOIP phones connected to 120Mg cable.
    Runs like a charm and has done so for 3yrs.

    I use 2 x VPN connections for all traffic by default, with only exceptions over WAN.
    Snort, pfblocker, nut and ntopng (temporary disabled due to fill /var directory )

    my Quotom has 8Gb ram and 32Gb drive. 3% disk usage, 40deg, CPU 8% - typical. it is formatted as EFI boot and ZFS.

    • note my qotom is v2 h/w and i previously had a YanLing with v1 h/w that ran at 52deg and was unstable. I don't recommend YanLing as the service was non-existent. But Qotom have been great in my experience.

    In summary, i think you had a case of bad luck.

  • Netgate Administrator

    I think you mean J1900?
    The Celeron J1900 performance is surprisingly bad given it's age and clock speed.
    Single thread performance seems particularly so, there have been a number of threads here where PPPoE users struggled to get the throughput they needed.
    Probably fine if you don't have a PPPoE WAN.

    I would still look for something newer though, that's a 7 year old CPU at this point. There are many newer, better options.

    Steve


  • @stephenw10 yes YanLing have a 3160 which supports AES, but i wouldn't touch them. JKnott says he is the only user, so i would argue the J1900 is more than enough. I have no probs with my performance. my clients show 100Mg over the VPN or 120Mg over WAN. there is more often than not at least 3 people streaming from youtube at any one time in my household.

  • LAYER 8

    @gwaitsi
    no, i don't give money to thieves


  • @kiokoman different horses, different courses. i've had no problems


  • @stephenw10

    So, it wouldn't be suitable for 500 Mb? As I mentioned, encryption performance is not an issue for me, as I only use my VPN occasionally.

    I'll have to see how my current firewall holds up. It an old HP dx5150, which dates back 15 years or so.


  • @JKnott i think it would be fine


  • @JKnott Depending on the specific CPU in the dx5150 it'll range from about the same performance as the J1900 to slightly faster for single-threaded work (J1900 wins 4x on stuff that parallelizes). So I'd suggest trying it on the dx5150. If the performance is fine, the J1900 will do the same thing but smaller and with less power consumption. If the dx5150 can't keep up, the J1900 won't be a huge upgrade and you'll need something newer than silvermont architecture.

  • Netgate Administrator

    Yup that.

    Everything else aside if you are buying something new buy something actually current. The only reason to get a J1900 would be if it was very cheap. ๐Ÿ˜‰

    Steve


  • @stephenw10 said in J1900 performance:

    Yup that.

    Everything else aside if you are buying something new buy something actually current. The only reason to get a J1900 would be if it was very cheap. ๐Ÿ˜‰

    Unfortunately, the J1900 solutions still tend to be compellingly cheaper than alternatives, presumably because the CPU supply is apparently bottomless. Goldmont solutions run rings around them, but 3 years after release the availability is still low and the pricing consequently high. The lack of availability also impacts the available configurations (e.g., finding solutions with multiple NICs instead of multiple HDMI ports & wifi can be challenging, especially at a given price).


  • @JKnott
    The Qotom is also availabel with a more powerful i5 mobile CPU at aprox the same price. The mobile CPUs have an effective power management, so that it will take rarely more power than the J1900 if it isn't really needed.
    So why want you buy such an old CPU today.

    I purchased a Qotom with an i5-4200U about three years ago and it does its job as my home router since that time well. The average power consumption is at circa 7 W, though its TPD is 15 W.


  • @JKnott

    I have 2 x Qotom i5-5250U (4-port) at home , 8G Ram + 64G M2.
    They do 1Gb wo. problems (iPerf tested)

    But i switched to Qotom i3-7130U (6-port) at work , primarily due to the higher clock frequency. At work they're doing multiple OVPN tunnels, and OVPN is single threaded, where higher CLK means more throughput.

    My Q's came with windows preinstalled , and i booted one up for fun (worked). The rest was immediately installed w. pfSense from USB stick.

    I'd stay away from the J1900

    /Bingo


  • @viragomann i5-4200U is itself 7 years old, based on a 9 year old architecture. They tend to be at least 30-40% more expensive than the J1900 solutions, and at that point I don't see it as really compelling over a much newer part for just a little bit more. (Haswell has AES-NI, but it's a much older and less efficient/slower implementation, lacks sha extensions, etc.) So if I'm not making the J1900 value play, I'd rather have (e.g.) a C3558 or i3-7100U than an i5-4200U for just a little bit more. YMMV.


  • @VAMike
    The i5-4200U is that one I purchased 3 years ago. It won't be available anymore today, but you may get a newer i5.
    An i3-7100U may be a good choice as well.


  • @viragomann yes, there are a lot of newer and higher performing devices than J1900. The point was that the J1900 hangs around because for much of the world they are the cheapest option by a margin large enough to be significant if someone's on a budget. (For US customers an APU2 is cheaper, but internationally might cost 2x the J1900.) If the J1900 is fast enough for what you're trying to do, it can be hard to justify spending more whether or not you get more. Personally, my home firewall spends most of its life sitting around mostly idle, and if I got a faster one it would just be more idle. (For the record, it isn't a J1900, and I'm not speculating in J1900 futures. :) )


  • @VAMike
    What about the missing AES-NI instructions on the J1900 (and future proofing)
    I know it's not a pre-req for 2.5 anymore, but ...

    I would rather pay a little more for a i3-7100U , than getting a unit that migbt be obsolete in 2 years.

    But as you say , if there is a really tight budget .. The J1900 wound prob. do for a year or two.

    /Bingo


  • @bingo600 If you are doing straight firewalling, no vpn, then crypto performance is meaningless. If you're doing something that does require crypto performance, than that would obviously be a factor.

    In general, "future proofing" in this industry is a waste of money. If you can buy something that lasts 2 years (and realistically, there's probably no reason a J1900 firewall couldn't last 5 years, or 10 years unless you suddenly get a major bandwidth boost--home firewall just isn't a hard problem) it'll almost certainly be cheaper to buy something better later when you need it than it is to buy that same level of performance now. And there's a really good chance that whatever drives you to need to upgrade a few years down the line is something you couldn't/didn't anticipate now, so you'd have to buy another one even if you had overspec'd today. This is even more true for highly integrated devices than for larger builds, because incremental upgrades tend to be really hard. For example, if your big future ISP upgrade requires a 2.5 or 5gbps interface and your SBC router only has 1gbps interfaces, it doesn't matter if the CPU powerful enough to do 10gbps--you're going to end up needing a new device. Or maybe the hot thing will be some kind of 6G internet that you can only really take advantage of if you plug an adapter in via USB 3.8gen57 or thunderbolt and you're stuck with old school USB 3.0. (High speed external adapters tend to not be a focus area for current-gen mini-pc routers...)

    In the end, if getting an i3-7100U works for you, great, get that. My pushback is against the notion that anyone who doesn't must be stupid.


  • @VAMike said in J1900 performance:

    If you are doing straight firewalling, no vpn, then crypto performance is meaningless. If you're doing something that does require crypto performance, than that would obviously be a factor.

    I'm a bit confused here.
    While your statement above is correct, i was under the impression that the early announcement of 2.5 with the AES-NI requirement.
    Would have prevented you from upgrading to 2.5.

    IMHO that would have meant that we're not talking about crypto performance anymore. But about being able to use (upgrade to) the latest pfSense software.

    /Bingo


  • @bingo600 there was a later announcement that AES-NI would not be required. I bought an E3845 because of that, and gave it away as the newer J1900 h/w run much cooler and didn't make any difference for me and small family. JKnott did say he was the only user, so hard to imagine how he will stress the box more than my small home/office environment.


  • I just got my 500/20 Mb modem set up. I get 559.79 down and 21.63 up. Did my message appear faster? ๐Ÿ˜‰


  • @JKnott said in J1900 performance:

    I get 559.79 down and 21.63 up on a 500/20 Mb service.

    Hey... that's cheating!

    :)


  • @VAMike
    it'll almost certainly be cheaper to buy something better later when you need it than it is to buy that same level of performance now

    Seeing the trends during this past 6 months of COVID madness, where even the el-cheepo worlds most crappy 360p webcams got a 10x price hike in the March timeframe, I would say for sure there is no such electronics that hasnt faced a significant price increase due to high demand. So its a naive thing to say prices will go down in the future. I would say the opposite: anything that you can buy today at a reasonable price, will only be more expensive next year, because of vendor greediness.


  • @soder said in J1900 performance:

    @VAMike
    it'll almost certainly be cheaper to buy something better later when you need it than it is to buy that same level of performance now

    Seeing the trends during this past 6 months of COVID madness, where even the el-cheepo worlds most crappy 360p webcams got a 10x price hike in the March timeframe, I would say for sure there is no such electronics that hasnt faced a significant price increase due to high demand. So its a naive thing to say prices will go down in the future. I would say the opposite: anything that you can buy today at a reasonable price, will only be more expensive next year, because of vendor greediness.

    Well, it's fairly easy to see that the costs for various fw/router products haven't increased by 10x, so the rest of your point is simply unfounded.


  • @VAMike webcams prices did, so your conclusion against the generic continuous price increase I said in the 2nd part is not applicable. Not arguing, but routers wont be cheaper next year.


  • @soder said in J1900 performance:

    @VAMike webcams prices did, so your conclusion against the generic continuous price increase I said in the 2nd part is not applicable. Not arguing, but routers wont be cheaper next year.

    Well, if you weren't just bits on the internet I'd take your bet. You keep arguing based on a temporary supply/demand driven price spike which is basically a strawman argument and I'm arguing based on specing/buying computer hardware for decades. Also you're kind of glossing over a key point: price points will tend to be somewhat stable, but price for a given level of performance drops as capabilities are improved on new products. And with that I'm done the back and forth.


  • @akuma1x said in J1900 performance:

    @JKnott said in J1900 performance:

    I get 559.79 down and 21.63 up on a 500/20 Mb service.

    Hey... that's cheating!

    :)

    Here's what I get today.

    My ISP has generally provided better than advertised performance. Also, I got this as part of a bundle to upgrade to IPTV and in the process my bill will decrease by about $60-70 per month.


  • The Qotom Q515G6 with the Celeron 3865U is well worth the extra cost IMO. It's a much newer generation, supports AES-NI, has much better IPC, uses less power in practice and generates less heat.


  • @bradsm87 said in J1900 performance:

    The Qotom Q515G6 with the Celeron 3865U is well worth the extra cost IMO. It's a much newer generation, supports AES-NI, has much better IPC, uses less power in practice and generates less heat.

    According to this, it does not support AES-NI.



  • @bingo600

    That page I linked to is one of those d*mned annoying sites that won't stay still. When I first linked to it, on a Google search, the page that appeared it said it wasn't supported. Search on Qotom Q515G6 and take the first link.

    Don't the people who develop those horrible sites understand that it makes it useless for trying to nail down info? They must be one of those "form over function" idiots who think a pretty site is more important than a useful one.


  • @JKnott

    No you misunderstod my post.
    The page you links to says AES-NI : NO

    But the page i linked to : Intel Processor specs - Says AES-NI: YES

    So either the Chinese have made a "Clone" where they destroyed AES-NI ๐Ÿ˜ต
    Or they "again" have no clue whet they're "Cut & Past'ing" on their product pages.

    /Bingo

  • Netgate Administrator

    They could have disabled it in the BIOS. Or maybe via a pin. Or maybe used CPUs from bin Z that have failed an AES test. ๐Ÿ˜‰
    But probably just copy pasta.

    Steve


  • That machine will do 500/20 and gigabit on the LAN side without issue. Even though the hardware is old, its more than powerful enough to handle routing traffic and doing basic firewall duty. However, for the ~100 dollars less you can get a used office machine on ebay with an i5, or if youre lucky i7, 4th or 5th gen + a 4 port intel NIC, and at the benefit of having standard hardware and a standard form factor should something go wrong or you want to upgrade in the future (10gbe nic or something like that). But of course it wont be as small or absolutely silent, and it will draw a few cents more power every month.
    If space and power consumption arent factors, i'd go with a used PC since it wins on every other quality.


  • The Q515G6 does support AES-NI. It is a mistake on the web site. Iโ€™ve used about 6 of them now. The Aliexpress listings state that they do too.


  • @bradsm87 Have you tried a Q515G6 with a PPPoE WAN link and if so what throughput did you get?

    I was looking at one of those myself and wondering if it can do 1 Gb/s PPPoE.

    BTW I agree that it's a better buy than the J1900 box.


  • @thegriffin Iโ€™m quite sure it would have no issue there. I just did a multi-threaded speed test saturating my 400/50 connection and CPU usage peaked at 17%.

    I donโ€™t have another internet connection with a fast enough upload speed to test VPN throughput but I suspect it would near saturate the connection with AES128-GCM too. Itโ€™s an extremely fast appliance. Iโ€™ve used many of the J1900 ones in the past and the 3865U is much faster and runs cooler.


  • @bradsm87 Thanks for the info. Does your ISP use PPPoE? As there is a specific problem with it that impacts throughput.

    For OVPN, according to a Youtube test running pfSense in a different brand box, the 3865U does about 330 Mb/s which is pretty good and enough for my use. For sure it supports AES-NI.

  • Netgate Administrator

    It's close to double the single thread performance in a synthetic benchmark:
    https://www.cpubenchmark.net/compare/Intel-Celeron-J1900-vs-Intel-Celeron-3865U/2131vs3034

    The J1900 was surprisingly bad at PPPoE though. There were some threads where it chocked out at ~500Mbps. I think with tweaking it get's closer to 700Mbps. So....

    No way to know for sure without testing though.

    Steve