Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mini ITX upgrade path for FTTH

    Hardware
    1
    1
    266
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sycodal
      last edited by

      I have been running pfSense on the same Supermicro X7SPA-H-O Intel Atom D510 Mini ITX board for over a decade now with no hickups. My WAN connection has always been a 50/10Mbps DSL line, so system throughput has never really been an issue. I recently upgraded to a FTTH connection allowing 500/500Mbps. With various tweaks I have been able to get NAT routing up to 300Mbps. I think it is time for me to upgrade this trusty router to future proof my setup for the next decade, potentially allowing for 1Gbps NAT routing.

      I do run an OpenVPN instance, but I seldom use it, 1-2 users max, I don't really care for it to match NAT routing performance as most of the time I will be limited by the bandwidth from the connection I am using to reach it. IDS/IPS, pfblockerNG, etc. are nice to have but I am currently offloading those services to VMs on another box, overall system capacity is not too much of a concern. For example, I will favor a cheaper 4 core version over a more powerful 8 core of the same platform.

      I have a Supermicro 502L-200B 1U chassis which I would prefer to reuse, so I am looking at Mini ITX form factor.

      Power consumption is not an issue, but noise is, so I favor a lower TDP. In my current setup I have swapped the original PSU for a PicoPSU with a fanless power brick.

      In my research, I have found many different options, and a lot of dated posts regarding FreeBSD compatibility with one or another. It is hard to judge how relevant a 5yo post about a firmware or driver issue is with the latest pfSense release.

      Ideally, cost for the board would be under 500 CAD $, but it is a soft limit. I am not dead set on 10GbE interfaces if I can install a PCI-E SFP+ interface or if the board has SFP+ SoC. IPMI is a plus, not a must, as my current setup doesn't have it and I don't find myself often wishing for it. My priority is for stability/reliability first, cutting edge features second.

      I am trying to limit to amount of hardware I need to buy, ideally just a mainboard and RAM. The rest I can provide with parts on hand. This is why I prefer embedded platforms.

      I have narrowed down my searches to the following platforms:

      • Atom C2x58 series (A1sri) : older, but seems stable well supported. Might hit NAT routing limit if I upgrade to 1Gbps+ WAN
      • Atom C3x58 series (A2sdi): how much of a performance bump vs the C2x58 series?

      More expensive:

      • Xeon D (X10SDV / X11SDV): more expensive, runs too hot, fans might get noisy? Also a lot of posts regarding FW revision and compatibility issues, what gives?
      • Epyc embedded (M11SDV): more bang for the buck, no Meltdown/Spectre mitigation performance hit. I am more worried about FreeBSD compatibility with this newer platform, even though the price/performance is attractive.

      Looking forward to your feedback, thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.