Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best non-Intel Quad port NICs ?

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 863 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      srytryagn
      last edited by

      What are the best Gigagbit quad port NON-INTEL NICs, preferably ones that support SR-IOV?

      Is there anything reliable and great out there ?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Maybe some older Broadcom devices?

        Any reason you don't want Intel NICs? It's hard to really recommend anything else.

        Steve

        S 1 Reply Last reply Reply Quote 1
        • S
          srytryagn @stephenw10
          last edited by

          @stephenw10 Why?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Because the Intel driver support is better than anything else. The Broadcom support was considered second best in older versions but recently that's debatable. The Chelsio NICs are also well supported but are only 10G. They also have a load of off-loading features that pfSense doesn't use (but still use power and cost money!).

            Steve

            S 1 Reply Last reply Reply Quote 0
            • S
              srytryagn @stephenw10
              last edited by

              @stephenw10 Wow thanks for the info. Some non-Intel are more accessible in my local market. Intel vulns/backdoors and lack of updates alongside most of thier NICs being counterfit made me consider looking at alternatives.

              Any particular Broadcom chipsets/models of quad port NICs (1Gb or 10Gb) that support SR-IOV and are fast/relaible ?

              N 1 Reply Last reply Reply Quote 0
              • N
                nimrod @srytryagn
                last edited by

                @srytryagn said in Best non-Intel Quad port NICs ?:

                @stephenw10 Wow thanks for the info. Some non-Intel are more accessible in my local market. Intel vulns/backdoors and lack of updates alongside most of thier NICs being counterfit made me consider looking at alternatives.

                Any particular Broadcom chipsets/models of quad port NICs (1Gb or 10Gb) that support SR-IOV and are fast/relaible ?

                With Intel ME and AMD PSP on every motherobard, the last thing you should worry about is backdoors on Intel NICs.

                S 1 Reply Last reply Reply Quote 1
                • S
                  srytryagn @nimrod
                  last edited by

                  @nimrod

                  Udate-a-bility-> If the firmware is not updated and vulnerable was thinking that it might not be a good idea to to use it for an edge device, i.e/ a very trusted firewal. Perhaps some Broadcomss or modern intel.

                  to your point -> do you mind expanding on that ? Is there a mitigation? Thought that was only an issue for " pro" amd and that intels had a way to shut off in bios.`

                  N 1 Reply Last reply Reply Quote 0
                  • N
                    nimrod @srytryagn
                    last edited by

                    @srytryagn said in Best non-Intel Quad port NICs ?:

                    @nimrod

                    Udate-a-bility-> If the firmware is not updated and vulnerable was thinking that it might not be a good idea to to use it for an edge device, i.e/ a very trusted firewal. Perhaps some Broadcomss or modern intel.

                    Those are extremely rare cases that NIC needs a firmware update to fix a critical security issue. Im with @stephenw10 on this one. Stick with Intel. You will save yourself from unnecessary headaches.

                    to your point -> do you mind expanding on that ? Is there a mitigation? Thought that was only an issue for " pro" amd and that intels had a way to shut off in bios.`

                    There is no mitigation. Every Intel and AMD motherboard manufactured after 2006 has a embedded chip that runs modified closed source version of MinixOS that has low level DMA access. DMA access means.

                    • Full access to the contents of your RAM.
                    • Full access to your storage.
                    • Full access to your I/O devices. It can capture keystrokes, mouse movements, take screenshots...etc.

                    It basically owns your system completely from the moment you turn it on. It boots first, so its completely irrelevant what operating system you use.

                    Intel calls this "feature" Intel Management Engine, and AMD calls it PSP which is short for "Platform Security Processor". There were several attempts to remove ME/PSP but intel/AMD made it impossible. When your system is done with POST, CPU microcode checks for the presence of ME/PSP and makes a handshake through a custom encrypted protocol. If the handshake fails, a timer in CPU is triggered and system reboots after 30 minutes. Basically, if you somehow remove ME/PSP your system will be stuck in permanent reboot loop state until full ME/PSP functionality is restored.

                    There are very limited number of motherboards and old laptops where ME can be fully or partially disabled. You can find more info about this here.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.