Best non-Intel Quad port NICs ?
-
What are the best Gigagbit quad port NON-INTEL NICs, preferably ones that support SR-IOV?
Is there anything reliable and great out there ?
-
Maybe some older Broadcom devices?
Any reason you don't want Intel NICs? It's hard to really recommend anything else.
Steve
-
@stephenw10 Why?
-
Because the Intel driver support is better than anything else. The Broadcom support was considered second best in older versions but recently that's debatable. The Chelsio NICs are also well supported but are only 10G. They also have a load of off-loading features that pfSense doesn't use (but still use power and cost money!).
Steve
-
@stephenw10 Wow thanks for the info. Some non-Intel are more accessible in my local market. Intel vulns/backdoors and lack of updates alongside most of thier NICs being counterfit made me consider looking at alternatives.
Any particular Broadcom chipsets/models of quad port NICs (1Gb or 10Gb) that support SR-IOV and are fast/relaible ?
-
@srytryagn said in Best non-Intel Quad port NICs ?:
@stephenw10 Wow thanks for the info. Some non-Intel are more accessible in my local market. Intel vulns/backdoors and lack of updates alongside most of thier NICs being counterfit made me consider looking at alternatives.
Any particular Broadcom chipsets/models of quad port NICs (1Gb or 10Gb) that support SR-IOV and are fast/relaible ?
With Intel ME and AMD PSP on every motherobard, the last thing you should worry about is backdoors on Intel NICs.
-
Udate-a-bility-> If the firmware is not updated and vulnerable was thinking that it might not be a good idea to to use it for an edge device, i.e/ a very trusted firewal. Perhaps some Broadcomss or modern intel.
to your point -> do you mind expanding on that ? Is there a mitigation? Thought that was only an issue for " pro" amd and that intels had a way to shut off in bios.`
-
@srytryagn said in Best non-Intel Quad port NICs ?:
Udate-a-bility-> If the firmware is not updated and vulnerable was thinking that it might not be a good idea to to use it for an edge device, i.e/ a very trusted firewal. Perhaps some Broadcomss or modern intel.
Those are extremely rare cases that NIC needs a firmware update to fix a critical security issue. Im with @stephenw10 on this one. Stick with Intel. You will save yourself from unnecessary headaches.
to your point -> do you mind expanding on that ? Is there a mitigation? Thought that was only an issue for " pro" amd and that intels had a way to shut off in bios.`
There is no mitigation. Every Intel and AMD motherboard manufactured after 2006 has a embedded chip that runs modified closed source version of MinixOS that has low level DMA access. DMA access means.
- Full access to the contents of your RAM.
- Full access to your storage.
- Full access to your I/O devices. It can capture keystrokes, mouse movements, take screenshots...etc.
It basically owns your system completely from the moment you turn it on. It boots first, so its completely irrelevant what operating system you use.
Intel calls this "feature" Intel Management Engine, and AMD calls it PSP which is short for "Platform Security Processor". There were several attempts to remove ME/PSP but intel/AMD made it impossible. When your system is done with POST, CPU microcode checks for the presence of ME/PSP and makes a handshake through a custom encrypted protocol. If the handshake fails, a timer in CPU is triggered and system reboots after 30 minutes. Basically, if you somehow remove ME/PSP your system will be stuck in permanent reboot loop state until full ME/PSP functionality is restored.
There are very limited number of motherboards and old laptops where ME can be fully or partially disabled. You can find more info about this here.
