New PF system for home (atom/zacate vs low power sandy bridge)



  • Hi,

    I'm looking to build a new PF firewall for home. I may actually run OpenBSD instead of PFSense, but this forum seems to be the only one specialized in PF related hardware expertise. I was curious about your opinions on this build.

    CPU: Intel G620T
    Motherboard: Intel S1200KP
    PSU: PicoPSU 80W
    Case: M-350

    • Why I didn't chose Atom (Intel Atom D525) or Zacate (AMD E-350)
      I'm well aware that a low end Atom or Zacate processor can handle the basic load of firewalling and a couple of VPNs. I'm concerned that I may want to add functionality to this system in the future, and that is where this gets tricky. I can't upgrade those motherboards. However the low price ($90) of the ASRock E-350 was tempting, but it only has one NIC. I need a 2nd NIC, so I'd have to get a bigger case that allows expansion cards. I'd like to avoid that. Supermicro makes a dual NIC Atom D525 board (Supermicro X7SPA-HF-D525) but at $240 USD, I'm not really saving much here. The Atom/E-350 route seems overpowered for firewalling, but underpowered for adding anything else.

    • Why I chose a Sandy Bridge CPU
      From everything I've read lately, the low power Sandy Bridge CPUs like the Pentium G620T and i3-2100t all seem to have similar power consumption to an Atom or E-350. The added bonus is that I can always upgrade to an i5 (such as i5-2390T) if I feel I need AES-NI to speed up VPNs. In addition, I can even upgrade to a Xeon E3-2130 if I want all of the i5 plus more cache and more threads for an ESXi server that can run my PF firewall along with other things. So I feel like I have lots of room for growth. The new Intel S1200KP board has 2x builtin Intel NICs and will support all of the Sandy Bridge CPUs. I've seen really low power consumption rates on this CPU and the D67/H67/H61 chipsets.

    My estimates for the SuperMicro D525 system come out to $335 for the motherboard, 2gb RAM, m-350 case and pico-psu. For $40 more, I can get the S1200KP mini-itx server board and low end Sandy Bridge CPU G620T, 8GB RAM, m-350 case and pico-psu at approx $375.

    Any comments about my conclusions here?

    PS. By the way, the DH61AG is a nice board, but I'd like to have the 2nd NIC builtin to keep the footprint small. Thus the S1200KP.



  • My point exactly. Why waste money on under powered CPU when you can have 10 times more powerful for $50 more plus it's close to low-end CPU's in power consumption. Plus you can convert it to a full blown desktop later if required without changing motherboards.



  • I agree completely. I want to build a pfsense box with either a Celeron G530 or Pentium G620 (just don't get the G440 no EIST for power savings on idle). I don't see the point in the "T" version for the extra cost, since you can always undervolt/underclock yourself and the wattage difference is very small. For me it would be either the G530 or G620, but I don't see the extra $20 being worth it for the G620 either. The performance gain also looks minimal.

    I would also axe the MITX build and just go Micro ATX for the extra slots. You can grab an Intel board so you get an intel NIC included and grab another for $30. This will allow for more expandability while keeping the box small.

    Intel Pentium G530 - http://www.newegg.com/Product/Product.aspx?Item=N82E16819116409
    Intel Micro ATX - http://www.newegg.com/Product/Product.aspx?Item=N82E16813121504
    Intel PCIe NIC - http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033
    120w 19v Adapter (for more efficiency) - http://www.ebay.com/itm/New-19V-AC-Adapter-Power-Supply-Cord-FSP-FSP120-AAB-/120684505747?pt=Laptop_Adapters_Chargers&hash=item1c195b6a93
    Wide Input Pico PSU - http://www.ebay.com/itm/PicoPSU-120-WI-25-/250884190302?pt=PCA_UPS&hash=item3a69dcf05e

    See this review for why I chose the 19v power adapter.
    http://www.jonnyguru.com/modules.php?name=NDReviews&op=Story&reid=207

    You also need to decide if that extra cost for efficiency is really worth it when you can use a CX430 for $25 shipped or a Pico for $65-83 depending on the adapter used. The 12v models have even less efficiency advantage over ATX power supplies. Idling at 20-30 watts, is going to make those efficiency numbers almost meaningless.

    http://www.newegg.com/Product/Product.aspx?Item=N82E16817139026

    The whole thing could be built for under $300 especially if you have a case/memory/HD-SSD for it.



  • This peaked my interest more and I also found these 2 ATX power supplies that will be similar in power effiency to the Pico if not better for nearly the same price.

    FSP Group AURUM GOLD 400W
    http://www.newegg.com/Product/Product.aspx?Item=N82E16817104096

    or

    SeaSonic X series SS-400FL 400W Modular and Fanless
    http://www.newegg.com/Product/Product.aspx?Item=N82E16817151097

    The second is $12 more after rebate for fully modular design. I think if you can find either of these for a low price it would be the best option so far for all out efficiency. :D



  • There is an 82579 NIC on the S1200KP which might not work in pfSense 2.0 unless the drivers have already been backported from FreeBSD 8.2 to the current release.  Aside from that, the Sandy Bridge is a good idea if you're willing to shell out the extra dough for the setup.



  • @rekd0514:

    I would also axe the MITX build and just go Micro ATX for the extra slots. You can grab an Intel board so you get an intel NIC included and grab another for $30. This will allow for more expandability while keeping the box small.

    I'm trying to keep this box small and compact, thus the Mini-ITX case. I don't have any use for the extra slots when I have dual Intel NICs. I'm curious what Micro-ATX case you are looking at. All the cases I've looked at seemed like they were designed for NAS boxes and so I stayed away from those and focused my search on Mini-ITX.



  • @dreamslacker:

    There is an 82579 NIC on the S1200KP which might not work in pfSense 2.0 unless the drivers have already been backported from FreeBSD 8.2 to the current release.  Aside from that, the Sandy Bridge is a good idea if you're willing to shell out the extra dough for the setup.

    Thanks for the reminder. I do have a confession. I'm going to run OpenBSD 5.0 on this box, not PFSense.  In OpenBSD 5.0 those NICs are supported

    Why am I posting in the PFSense forums? Well, PF comes from OpenBSD and this is the only forum focused on PF(sense) with a hardware section. With the exception of specific driver issues, everything else is relevant. I found the hardware forums useful, so I figured I'd post some info once I built my firewall. Most other forums that talk about mini-itx and low power CPUs are focused on HTPC's and talk about SATA ports and expansion. It's hard to find reviews and comments on boards with multiple NICs, firewall throughput, etc.



  • atleast you got bsd part right ;)



  • @jms703:

    I'm trying to keep this box small and compact, thus the Mini-ITX case. I don't have any use for the extra slots when I have dual Intel NICs. I'm curious what Micro-ATX case you are looking at. All the cases I've looked at seemed like they were designed for NAS boxes and so I stayed away from those and focused my search on Mini-ITX.

    Why not a case like this design if you are against tower cases.

    http://www.newegg.com/Product/Product.aspx?Item=N82E16811163112



  • That is still too big.

    Thermaltake Element Q
    http://www.newegg.com/Product/Product.aspx?Item=N82E16811133093

    This one is the smallest you can use for a i3/i5 mini-ITX and still keeping a sanity on the temperatures inside.





  • You can try the In-win BM639, which can be used in both tower and desktop configuration:
    http://www.newegg.com/Product/Product.aspx?Item=N82E16811108225

    It's pretty decent and comes with a 160W PSU (OEMed from FSP).  It will also take a 3.5" hdd and/ or 2.5" hdd in addition to a 5.25" bay device (you can mount an LCD here).

    I've an older model (BM638) which is identical save for a 120W PSU and being non-glossy silver finish running my current pfSense box (undervolted D201GLY2A).  I do know that the current 160W models will handle most mini-ITX Sandy Bridge rigs since the local distributor is my personal supplier and have seen many SB rigs deployed in the BM series cases.



  • How about this board with the G530: http://www.newegg.com/Product/Product.aspx?Item=N82E16813128522

    It has 3 PCIe x1 slots and onboard gigabit lan, also a pretty affordable price tag. (no chipset expert so let me know if theres a reason this would be a bad choice.)



  • After anyone builds this, I'd love to see the power consumption figures with a Kill-a-watt.

    So..because this motherboard is so new, are you sure the C206 chipset is supported by pfSense?



  • @xanaro:

    How about this board with the G530: http://www.newegg.com/Product/Product.aspx?Item=N82E16813128522

    It has 3 PCIe x1 slots and onboard gigabit lan, also a pretty affordable price tag. (no chipset expert so let me know if theres a reason this would be a bad choice.)

    The Atheros AR8151 NIC isn't supported in the FreeBSD 8.1R drivers so you either need to backport from a FreeBSD 8.2 system or forgo the onboard NIC until the devs port the driver over or until pfSense moves to FreeBSD 8.2.



  • Hm, I have my asterisk box running on via eden 1 ghz with the same kind of enclosure  (M-350).
    It should be possible to add an additional nic to this box using a pci riser card (provided your pci card is low profile).



  • The m-350 is a beautiful and tiny case. None of the other cases linked in this thread so far come close in size, ventilation or sturdiness.

    As for an ATX PSU, besides not fitting inside the m-350 (I think the m-350 actually has less volume than a standard PSU), check the efficiency curves on those things. 80+ Gold means a minimum of 87% efficiency between 20 and 100% load. On a 400W PSU, 20% load is 80W. Hint: I have an mITX board with a quad-core 2500, two sticks of RAM, an SSD and an Antec DC-DC PSU. Four concurrent threads of cpuburn bring the system's power consumption to 88W at the wall. Unless the OP's firewall is running at 90-100% load most of the time (and it won't, or he wouldn't be comparing it to an Atom), he's going to get less than 87% efficiency from an 80+ Gold PSU. You can argue that a few extra watts don't matter a lot, but the fact that the PicoPSU is both smaller and more efficient (96%, with a flatter curve) than ATX alternatives, besides being at least as affordable, is indisputable.

    I have to agree with the OP here. My pfsense runs on a Supermicro D510 board, but having since played with the LGA1156 and 1155 and seeing their incredibly low power requirement, I wish I had gone that way. I don't even need the increased routing capacity, but the snappier interface by itself warrants the marginal price premium.



  • Not meaning to hijack this thread.

    I have been looking at the M350 way before I opted to Thermaltake enclosure (found it for a discounted price at Micro-Center)

    Can an i3/i5 CPU fit in the M350 with the stock cooler? I believe the online pic at mini-box.com shows a similar CPU. My concern is which PicoPSU would be suitable if an i3/i5 CPU is at all able to fit in that enclosure.The CPU needs the additional 4-pin power from the PSU. I just have a laptop drive and 2x4GB RAM on the mini-ITX board.



  • I put an i3 550 in the m350 with the stock cooler and it did fit. I could not tell if the fan guard touched the top of the case or not, but I'm sure it was within a millimeter. I ended up needing to put a hard drive in though and went with a low-pro cooler instead.

    The m350 has mount for 4 top fans and a front fan. Only the latter will fit in this case if you use the stock cooler; or that was the situation with the Intel DH57JG, and I suspect with any board you might fit in that case.

    As for the PSU, mini-box.com states that the PicoPSU "Fits any motherboard equipped with a 20 or 24pin ATX connector". I know I have powered 24-pin Atom boards with it, but I don't know what would happen if you plugged it into something beefier. mini-box does list a 4-pin connector for the PicoPSU 80, which would apparently be necessary. The 540 drew around 60 watts at the wall while routing 950 mbps, but the CPU was somewhere around half load. I know my current quad-core desktop (i5 2500) can pull at least 85 watts.

    A safer bet might be the 150xt or 160xt, both of which should fit into the m350. Obviously the AC/DC power supply would also have to be sufficiently specced.



  • Just a thought for some other very small form factor cases.

    http://www.travla.com/product.php?c1=0000000004&c2=0000000002

    I have a C292, and like the build and quality.



  • Any feedback on how this worked for you guys?



  • @nonzenze:

    Any feedback on how this worked for you guys?

    I built a system with these parts:

    Intel G620 CPU (The T version costs more and didn't appear to offer much power savings in benchmarks)
    Intel S1200KP Mini-ITX Server board
    Corsair 4GB DDR3
    120GB 2.5" SATA
    Antec ISK300-150

    Things I like about this setup:

    • The system runs at 36 watts when idle.
    • The OEM CPU fan is quiet.
    • I have an half-height PCI express slot if I need it.
    • Dual intel gigabit NICs.
    • No extra ports on back, just USB, DVI, and network.
    • Upgradable - Motherboard supports Sandy Bridge CPUs from Pentium G620, i3, i5, i7, and Xeon E3.

    Things I don't like about this setup:

    • The case is bigger than the M350.
    • The power supply (150w) is more than I needed.
    • Zip ties are required to get any sort of cable management.

    Note: If you get a E3 Xeon chip, make sure you get one that ends in a "5" model number. Those chips have GPU built-in. This motherboard has NO VIDEO chipset onboard, nor does it have any SERIAL PORTS.


  • Netgate Administrator

    You could probably do a lot better than 36W if you used a DC-DC power supply.
    The PSU supplied with that case seems pretty awful. See the detailed review, here.
    If you look at the table of efficiency vs power you can see a few things. This PSU is, at best, 75% efficient but at the lowest reading <65%. However that 65% reading is still at 66W input, at 36W input it's likely to be down at 50%!

    If your system is idling most of the time, it probably is with that fast cpu, you could be wasting half your power consumption.

    Just for comparison I replaced the PSU in my Watchguard box with a Chinese DC-DC unit (120W rating) and the consumption dropped from 30W to 22W. However the original PSU in that box was relatively good.

    Steve



  • The power consumption can be reduced further by enabling EIST in pfSense (FreeBSD in general actually).  Does more than what normal P4TCC throttling would do and it's response is much better than with regular throttling of the CPU.

    EIST can be enabled by:

    Go to System -> Advanced -> Miscellaneous -> Enable PowerD

    Go to Diagnostics -> Edit FIle -> Create /boot/loader.conf.local
    Insert:

    hint.p4tcc.0.disabled=1
    hint.acpi_throttle.0.disabled=1
    est_load="YES"
    

    Reboot for effect.



  • @jms703:

    I built a system with these parts:

    Intel G620 CPU (The T version costs more and didn't appear to offer much power savings in benchmarks)
    Intel S1200KP Mini-ITX Server board
    Corsair 4GB DDR3
    120GB 2.5" SATA
    Antec ISK300-150

    I really like that Intel motherboard, but you mentioned earlier you were running OpenBSD 5.0 on that board right?  Has anyone confirmed if this board, especially the NICs, work with pfSense?



  • @Metaluna:

    you mentioned earlier you were running OpenBSD 5.0 on that board right?  Has anyone confirmed if this board, especially the NICs, work with pfSense?

    Correct. OpenBSD 5.0 runs well. I don't run FreeBSD/FreeNAS on this box because I am taking advantage of some newer PF features that are not yet in FreeBSD/FreeNAS.



  • Just a quick update. The system I built for someone with the G620 is running fine. No regrets.

    So I wanted to build a 2nd system for myself at home, but change the processor to a Xeon E3-2130 or higher so that I could run a bunch of VMs on it. When I priced it out, a build-your-own Xeon system with the specs I needed was roughly the same price as a preconfigured HP Proliant ML110 G7 (the one with the E3-1240 CPU) for $720. So I bought the HP. It's small and quiet. I installed Fedora 16 on the box because I wanted to use Linux KVM for virtualization. I passed one of the 82574L NICs directly to the PFSense VM and it works great. Runs at 39-40 watts when idle and VMs running.

    (I didn't choose ESXi 5 because it doesn't like the ICH10R controller in the HP. It 'purple-screens'. I tried Xen, but its weird and I'd need to recompile PFSense for driver support. I decided on Linux KVM and I'm not looking back. It's fast. I also really like configuring my VMs from the command line. ESXi, Xen and even RedHat's RHEV (KVM-based commercial product) all require WINDOWS clients to administer.)


Locked