Mini ITX upgrade path for FTTH
-
I have been running pfSense on the same Supermicro X7SPA-H-O Intel Atom D510 Mini ITX board for over a decade now with no hickups. My WAN connection has always been a 50/10Mbps DSL line, so system throughput has never really been an issue. I recently upgraded to a FTTH connection allowing 500/500Mbps. With various tweaks I have been able to get NAT routing up to 300Mbps. I think it is time for me to upgrade this trusty router to future proof my setup for the next decade, potentially allowing for 1Gbps NAT routing.
I do run an OpenVPN instance, but I seldom use it, 1-2 users max, I don't really care for it to match NAT routing performance as most of the time I will be limited by the bandwidth from the connection I am using to reach it. IDS/IPS, pfblockerNG, etc. are nice to have but I am currently offloading those services to VMs on another box, overall system capacity is not too much of a concern. For example, I will favor a cheaper 4 core version over a more powerful 8 core of the same platform.
I have a Supermicro 502L-200B 1U chassis which I would prefer to reuse, so I am looking at Mini ITX form factor.
Power consumption is not an issue, but noise is, so I favor a lower TDP. In my current setup I have swapped the original PSU for a PicoPSU with a fanless power brick.
In my research, I have found many different options, and a lot of dated posts regarding FreeBSD compatibility with one or another. It is hard to judge how relevant a 5yo post about a firmware or driver issue is with the latest pfSense release.
Ideally, cost for the board would be under 500 CAD $, but it is a soft limit. I am not dead set on 10GbE interfaces if I can install a PCI-E SFP+ interface or if the board has SFP+ SoC. IPMI is a plus, not a must, as my current setup doesn't have it and I don't find myself often wishing for it. My priority is for stability/reliability first, cutting edge features second.
I am trying to limit to amount of hardware I need to buy, ideally just a mainboard and RAM. The rest I can provide with parts on hand. This is why I prefer embedded platforms.
I have narrowed down my searches to the following platforms:
- Atom C2x58 series (A1sri) : older, but seems stable well supported. Might hit NAT routing limit if I upgrade to 1Gbps+ WAN
- Atom C3x58 series (A2sdi): how much of a performance bump vs the C2x58 series?
More expensive:
- Xeon D (X10SDV / X11SDV): more expensive, runs too hot, fans might get noisy? Also a lot of posts regarding FW revision and compatibility issues, what gives?
- Epyc embedded (M11SDV): more bang for the buck, no Meltdown/Spectre mitigation performance hit. I am more worried about FreeBSD compatibility with this newer platform, even though the price/performance is attractive.
Looking forward to your feedback, thanks!