Any new hardware planned for 2021?
-
@mwastart said in Any new hardware planned for 2021?:
I'm worried though, that Netgate is biased against AMD architectures.
Nope... I hope so
AMD is starting to "eat" Intel.
Xeon vs. Epyc
https://www.theregister.com/2021/02/24/digitalocean_premium_droplets_amd/I have been using the AMD Epyc embedded series for a long time, -
no question with pfSense.Synology has just switched to:
https://www.amd.com/en/products/embedded-ryzen-v1000-series
https://www.synology.com/en-global/products/RS1221+Wonderful solution with 2x10Gig Ethernet
So there are opportunitiesBTW:
Of course my desktop pc:
Xeon W-1270 + Intel W480E chipset
Supermicro mini-ITX X12SCV-LVDS-O -
@akuma1x Totally agree on this one - I have 8 5100s and love them, they have been rock solid, but I have to use shelves for them. I have 4 of the 7100 units, they are solid as well, but i hate the switch based interfaces
-
In my opinion they need a “perfect” home appliance. That would be a mix of features across the current appliance range:
1: A modern powerfull 4 core ARM processor - MUCH lower power usage than Intel/AMD - both idle and loaded. Something with the equivalent horsepower of the 5100’s Atom processor today.
2: 4GB RAM
3: Same Size, Looks and ports as the SG-2100
4: However: No switched ports, so it would be 5 discrete NIC’s instead, one of which is SFP/RJ45 dual personality.
I would pull the trigger on one of these immidiately.
-
@keyser said in Any new hardware planned for 2021?:
1: A modern powerfull 4 core ARM processor - MUCH lower power usage than Intel/AMD - both idle and loaded. Something with the equivalent horsepower of the 5100’s Atom processor today.
I like ARM too, but there are some limitations.. At least with ARM 32 bits:
- Snort has problems with it, they had to compile a new packet, that runs slower due to signal 11 errors, if I remember correctly, it was related to memory mapping.
- Suricata is now using RUST language, which is incompatible with ARM, so some features won't work.
- Some packages like Snort/Suricata/Pfblockerng are not working in 21.02_1 due to php interpreter issues, they are working to fix it but not sure how long it will take.
So I would say, if you go with ARM, at least go with ARM 64 bits.
Due to the above, I still prefer to get Intel or AMD if available.4: However: No switched ports, so it would be 5 discrete NIC’s instead, one of which is SFP/RJ45 dual personality.
I like the switch ports :)
-
@mcury said in Any new hardware planned for 2021?:
I like the switch ports :)
Switches and the VLAN option to make them behave as discrete came up in an unrelated thread recently...is there a meaningful difference in performance if configured that way?
(said in general) When comparing to bare hardware realize Netgate has to include support costs in their pricing as well.
-
@steveits said in Any new hardware planned for 2021?:
Switches and the VLAN option to make them behave as discrete came up in an unrelated thread recently...is there a meaningful difference in performance if configured that way?
Correct me if I'm wrong, but this is my current understanding on how it works.
I have 3 of my 4 ports in my SG-3100 here using PVID 100.
So, traffic between these ports in VLAN100 are not bottle necked by a single 1Gbps port.
Also, traffic between these ports are not going through the SOC.If you use a discrete port, you are now taking that port out from the switch, and using it with routing capabilities, which means that the port would have an IP and it would be the gateway of that specific network.
Kindly note that I wasn't aware of the "VLAN option to make them behave as discrete" thread until now, so I could be wrong on how it works.
-
The 2100 and 3100 have a 2.5 Gbps uplink from the switch to the chip...see the 3100 image here. So if I followed, I think what you're describing would still go through the SOC/software but the uplink would hide that a bit (two 1 Gbps ports talking to each other with .5 left over). Willing to admit I'm wrong there. :)
The Netgate method I linked seems similar...it basically says "make all traffic on port 4 a VLAN" so now, while still going through the switch, the traffic is on its own VLAN and thus logically separated from the traffic on the other 3 switch ports. Repeat for each port and all four are treated as separate networks.
I use them as switched though. :)
-
@steveits The switch is a switch - so like with alle other switches:
1: If the switch is not in VLAN 801.2q mode, The ports acts as accessports by default and the traffic is just switched - no need to pass it into the CPU/uplink unless it’s destined for other devices (off current L2).
2: If you configure them as “discrete ports”, and put the switch in 802.1q mode, the ports are each configured as accessports in a given VLAN (usually unique) that is tunneled to the SOC on the uplink. (Note, you can have more than one port in the same VLAN tunnel), and all frames will have to pass through the uplink to be evaluated and routed across VLAN’s.
There is a performance difference between 4 switched ports (backed by a 2.5Gbps uplink port to the SOC), and four real NIC discrete ports. Not only is 2.5Gbps the theoretical throughput of routed traffic to/from the 4 switched ports - as opposed to 4Gbit for 4 individual interfaces but:
More importantly, small pfSense appliances does not have powerfull enough CPU cores to have a single core evalutate pfFilter rules (simple firewall rules) at Gbit wirespeed.
Since a interface queue is not properly multithreaded, the single CPU core performance becomes the bottleneck for throughput on each interface (aka - the switch uplink in this case).FX: The SG-1100 that only has switched ports (All ports are seen on one uplink) has a max pffilter throughput of about 460Mbit.
The SG-2100 which has the same CPU as the SG-1100, but has a discrete NIC, and 4 switched ports through a Uplink, will do about 680Mbit in pfFilter if the traffic is passed from a switch port to the real NIC. This is because it has 2 queues - each can use its own CPU core, whereas the SG-1100 has only one Queue (the uplink), and is therefore mostly limited to one CPU core. -
@audian Hi, do you have any announcements yet?
-
@prtonguy77 Well there was the 6100...
