J1900 performance
-
That machine will do 500/20 and gigabit on the LAN side without issue. Even though the hardware is old, its more than powerful enough to handle routing traffic and doing basic firewall duty. However, for the ~100 dollars less you can get a used office machine on ebay with an i5, or if youre lucky i7, 4th or 5th gen + a 4 port intel NIC, and at the benefit of having standard hardware and a standard form factor should something go wrong or you want to upgrade in the future (10gbe nic or something like that). But of course it wont be as small or absolutely silent, and it will draw a few cents more power every month.
If space and power consumption arent factors, i'd go with a used PC since it wins on every other quality. -
The Q515G6 does support AES-NI. It is a mistake on the web site. I’ve used about 6 of them now. The Aliexpress listings state that they do too.
-
@bradsm87 Have you tried a Q515G6 with a PPPoE WAN link and if so what throughput did you get?
I was looking at one of those myself and wondering if it can do 1 Gb/s PPPoE.
BTW I agree that it's a better buy than the J1900 box.
-
@thegriffin I’m quite sure it would have no issue there. I just did a multi-threaded speed test saturating my 400/50 connection and CPU usage peaked at 17%.
I don’t have another internet connection with a fast enough upload speed to test VPN throughput but I suspect it would near saturate the connection with AES128-GCM too. It’s an extremely fast appliance. I’ve used many of the J1900 ones in the past and the 3865U is much faster and runs cooler.
-
@bradsm87 Thanks for the info. Does your ISP use PPPoE? As there is a specific problem with it that impacts throughput.
For OVPN, according to a Youtube test running pfSense in a different brand box, the 3865U does about 330 Mb/s which is pretty good and enough for my use. For sure it supports AES-NI.
-
It's close to double the single thread performance in a synthetic benchmark:
https://www.cpubenchmark.net/compare/Intel-Celeron-J1900-vs-Intel-Celeron-3865U/2131vs3034The J1900 was surprisingly bad at PPPoE though. There were some threads where it chocked out at ~500Mbps. I think with tweaking it get's closer to 700Mbps. So....
No way to know for sure without testing though.
Steve
-
@thegriffin my current ISP is just IPoE/DHCP so I can’t help you there.
-
Thank you both. Yep there's no way to know for sure until the box is here and even if it does make it to 1 Gb/s with a basic config it may struggle with a more complex one on top of the PPPoE issue (which it wouldn't with IPoE).
At the moment I can't justify an i3/i5 for a home firewall/router so I had decided to squeeze some more life out of my aging Asus AIO until next year.
I was also looking at their new 8 NIC boxes (4 x I211AT + 4 x I350) and 8th gen Intel CPUs of which the i3/i5 are a worthwhile upgrade over 7th gen.
-
Well, the HP computer I was running pfSense on died, so I'll have to get something. Today I came across this: https://www.aliexpress.com/item/32864883139.html?gps-id=pcStoreLeaderboard&scm=1007.22922.122102.0&scm_id=1007.22922.122102.0&scm-url=1007.22922.122102.0&pvid=95b54977-2a52-4283-90d5-89784c1471b7&spm=a2g0o.store_home.smartLeaderboard_819228523.32864883139
At the moment, I'm using a Linksys WRT54GL & OpenWRT. Boy, is it slow, about 35 Mb down! It's also IPv4 only. It's about 540 Mb/s slower than what I was getting with pfSense on that HP computer.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@jknott are you saying the Quotom is significantly slower, or the linksys/openwrt is slower. If you mean the Quotom, the J1900 is a Quad Core system, where as the link you provided is for dual core systems.
The N3160 would be the newer version supporting AES
https://www.aliexpress.com/item/1005001510522500.html?spm=a2g0o.productlist.0.0.1cc77f2dQx5UvI&algo_pvid=42cfd0b7-04d1-45bf-a0e9-67003baac53e&algo_expid=42cfd0b7-04d1-45bf-a0e9-67003baac53e-0&btsid=0b0a182b16101780984958676ebf55&ws_ab_test=searchweb0_0,searchweb201602_,searchweb201603_or the i5-8250 for slightly more up market
https://www.aliexpress.com/item/1005001813291053.html?spm=2114.12010612.8148356.12.511b33e9w3Cnpd -
@gwaitsi
AFAIK the WRT54G has a 400MHz MIPS processor, and using their default firmware. I had around 30Mb/s speed through it, when in use. That was ok back in 2004 when it was released.
The Qotom will outperform it by a factor 10 or more.
I'm using the i3-7100U at work, w 64GB disk + 8 GB Ram
Excellent OpenVPN performance (that i need at work)
https://www.aliexpress.com/item/32970672528.htmlBut they seem to have gotten a notch up in price, ISTR i payed ~330$ last summer.
I like my "home" Qotoms" too , but would prob go for the 6-Port i3-7100, if i had to get a new one.
Both of my tested models will do 1Gbit/s wo. probs.
-
I'm also considering the Netgate SG-1100. Will it support 500 Mb download? Also, are updates for it free? Or do they require a subscription or service plan?
tnx jk
-
I have an Supermicro X10SBA paid 110$ in 2018.
I run pfSense on Proxmoc with 2 cores and 2 GB of RAM with pfBlock NG and it never uses more than 50% of RAM and less than 30% of CPU.
I have a cable 100/30.
Pretty satisfied.
-
That appears to be just a mom board, with memory, disk, cabinet etc. extra. There are other Qotom devices available that may be better. For example the one I linked to has those AES NI instructions used for encryption. Also, is that $110 U.S.? The device I linked to is in $Cdn.
-
@jknott said in J1900 performance:
That appears to be just a mom board, with memory, disk, cabinet etc. extra. There are other Qotom devices available that may be better. For example the one I linked to has those AES NI instructions used for encryption. Also, is that $110 U.S.? The device I linked to is in $Cdn.
Yes, it was 110 C$ and yes, it was just the board.
I bought that to build an Hakai music server (https://www.lejonklou.com/forum/viewforum.php?f=10&sid=7061995857ec1c9230394738b3f17fab) but I abandonned the project.
In a pandemic situation, one is in need of projects so I decided to try pfSense and replace my DD-WRT router.
My only downside with this board is that it has only two NICs.
If I were in search of new H/W specific for pfSense, I would probably go the Protecli way or even a Netgate product to encourage the development.
-
@ninthwave said in J1900 performance:
My only downside with this board is that it has only two NICs
Those Qoton systems have 4 NICs and the Netgate, 3. However, if the Netgate requires some support program just to get updates, I won't bother with it.
The old computer was a HP 5150, which I bought refurb around 10 years ago, for $200. I originally ran Linux on it for my firewall router, but when my ISP started providing IPv6 and required support for DHCPv6-PD, to get the prefix, I switched to pfsense. For 6 years previous, I got IPv6 via a 6in4 tunnel, which worked will with Linux.
-
I was referring to the Linksys, as I don't have a Qotom yet. It was a HP 5150 computer that failed.
-
A lot of intriguing info here. I’m am looking to jump to Pfsense but not sure what hardware to go to yep. I have fiber to the home (1Gb/1Gb) and my FW does all my PPPOE. I currently have a J1900 Supermicro running Sophos UTM and with only firewall running, I have seen as high as 980 down and up. That was the NIU plugged right into my FW handling PPPOE wan side then into a TP Link managed switch then my PC all links Gb. I don’t run IPS or IDS as that cuts speed in half.
So two questions. What is the PPPOE issue referenced above?
And what hardware for PfSense can handle FW/IPS/IDS and maintain near Gb line speed?
Thanks!
W -
Short answer: Any Intel Core CPU with an Intel NIC. IMHO
Long answer:
I am using an old PC with an Intel 4 port NIC. Speed tests do not see a real difference behind pfSense or just my ATT router. I am not running any packages, just some rules.fiber -> ATT Router -> pfSense = about 980 up and down @20% CPU.
Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
AES-NI CPU Crypto: NoUsing proper placement of PCs I did push it to around 1.7Gb, but ran out of desire to test further. Still did not make it busy.
-
It's this: https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nics
The igb NICs in the J1900 could normally have 4 queues and all 4 cores servicing them. But with PPPoE all frames are sent to the same queue so only one core can service it. The single core performance of the J1900 is not that special. You won't see 1G over PPPoE using it with anything FreeBSD based.
Steve
