Update Via Nano for more packages, but with what?
-
We got a few pfSense boxes running on 2.0.3 that are all Jetway mini-ITX MB´s with Via Nano 1.6GHz CPU´s and the 3xGb Intel add-on boards. They only basic Memory and a DOM instead of a HD. One is used at the office lan and is used for remote workers and IPSEC tunnels to other locations. The PADLOCK in the Nano gives us more or less a full 100Mbps IPSEC to the remote locations which is great for such a "small" CPU.
Now we´re looking into updating the firewall at the office and incorporate more security packages like Snort, DG, pfblocker, Squid, HAVP etc. So we would need a little more CPU power and a SSD with some space on. We´re not more than 10 users, so it´s not a lot of load. We are currently running our web-applications outside the building with IPSEC tunnels to our inhouse business system and that has no high bandwidth, but likes quick response times. We might move the webserver inhouse, so then it will be more bandwith needed also.
I would prefer to find something small with at least 4 Gbps Intel NICS and some more CPU, but still keep it small and low on power. But is there any lower power options that can handle IPSEC AES as well as the Via Nano currently on the market? Atoms doesn´t seem to be powerful enough and not much better than the Nano in general?
What caught my eye was the new line of Intel Core Y-series ULV 13W CPU´s (i3-3229Y, i5-3339Y, i5-3439Y, i7-3689Y) as they also incorporate AES-NI which would make IPSEC a breeze with pfSense 2.1 I would guess. Has anybody seen any plans for a mini-ITX motherboard based on any of those soldered CPU´s that you would be able to get more Intel 1 Gb Nics on?
Or should I just wait for the Haswell release later this year?
Thanks,
Jesper -
You won't find any of those 3rd generation CPUs soldered to the motherboard. May be a mobile version but not the desktop ones.
You are in pretty much the same boat I was up until last week as I required at least 4 Intel gigabit ports. Your best bet is to get a 4 Intel gigabit ports NIC from eBay and stick it into an assembled i3 system. For your needs i3 will be way more than sufficient. Don't look at Atom processors if you want IPSEC AES and other resource hungry packages like Snort loaded on your box.
After a lot of search I got myself a ASUS RS700-E6/RS4 Server which perfectly meets my needs (a bit over maybe but I will be able to utilize everything with vmWare)
-
Supermicro have some soldered on processors with AES-NI
http://www.supermicro.com.tw/products/motherboard/Xeon/QM77/X9SPV-M4.cfm
bunch of other mini-itx QM77's as well with different cpus. some(maybe all, didn't check) incorporate 4 intel NICs so they kind of fulfill everything except it's a 25W proc. tdp shouldn't matter though, unless you're running at full load, since the processor should drop down to a power saving mode if not.
these are some pretty expensive, but very full featured boards though. even come with ECC and a PCI-E x16 so you can add 4+ more ports if you should so desire.
-
That's a Mobile CPU… as I stated earlier...tough to find desktop CPUs
-
That's a Mobile CPU… as I stated earlier...tough to find desktop CPUs
He asked for Y series processors or other BGAs. Those are mobile/low power.
-
That´s exactly the kind of MB I was looking for, but the price was a little scary at more than $700 as we want a few of them. Fully populated they will end up being more expensive than most other computers around here.
-
Ahh is that the Y series? Hmm.. too bad those don't run cheap.
-
That´s exactly the kind of MB I was looking for, but the price was a little scary at more than $700 as we want a few of them. Fully populated they will end up being more expensive than most other computers around here.
Maybe, maybe not. At that price they come with a fast, low power CPU, quad Gig-E Intel NICs, IPMI, and the ability to use ECC memory. It's a pretty solid package for the money.
-
Quad gigabit yes.. but only 3 are useful. The 4th is used for IPMI
-
Quad gigabit yes.. but only 3 are useful. The 4th is used for IPMI
Nope, there's 5 ports on the back.
-
Hmm… weird. Site says...
Intel
82574L GbE LAN (3 ports),
Intel 82579LM GbE LAN; 4 total -
Hmm… weird. Site says...
Intel
82574L GbE LAN (3 ports),
Intel 82579LM GbE LAN; 4 totalYou're both partially wrong. That board has 4 gigabit and no IPMI.
http://www.supermicro.com.tw/products/motherboard/Xeon/QM77/X9SPV-LN4F-3LE.cfm
The board above has 4 gigabit AND IPMI. There are a whole bunch of boards with slightly different characteristics. This board I just linked uses 4*82574L's as well as a RTL8201F for IPMI.
There are also boards with only 2 NICs, quad cores, etc. Pretty large selection.They're pricey because they're an extremely niche product. Extremely high performance/watt at low power consumption on mini-itx with ECC and (possibly) IPMI.
-
I really like the concept of the 17W X9SPV-M4-3UE with AES-NI and 4 usable Gb NICs, but it´s still pricy. This should be able to be fitted in a really small enclosure with a Pico-PSU, mSata SSD drive and ECC-memory. I couldn´t really figure out if ECC memory was needed or an option?
I would also be intersted if anybody has tried to use a Intel mini-itx MB DQ77KB + i5-3470T + mSATA SSD + Intel PT/ET PCI-E dual or quad NIC and if there´s any suitable slim/small case that you could cram the NIC into without getting to large? Is there such a thing as a raiser card and case to keep it small/low? The cost would be a almost half of the Supermicro as the NIC cards are cheap second hand.
-
Supermicro only guarantees that the board will work with ECC memory (on it's validated list) so I'm 98% sure that it's required. (if a board supports ecc and non-ecc, supermicro usually validates at least 1 of each, and at the different voltages supported [1.35,1.5, etc.])
Casetronic C292 is an mitx case which supports an expansion card. Logic Supply has them: http://www.logicsupply.com/products/c292
Pretty sure it's the smallest reasonable volume that supports an expansion card. -
ayah: Have you used this case yourself? As the DQ77KB only has got a PCI-E x4 slot and so does most NICs, is there such a raiser card that would work with that case? Casetronic only list a x16 card and you´ll get an extra Pico-PSU that won´t be needed for the spare bin.
Thanks for the help so far, much appreciated!
-
You could technically use some sort of flexible riser, but I'd personally just use the x16 riser and cut out the motherboard's x4 slot to accomodate the card.
I did buy one to see if it'd be a decent extremely low noise cooling setup, but it didn't so I just went with an matx setup.
You're welcome, always happy to have pfsense users.
-
Just found yet another option that would be a little cheaper than the supermicro MB.
Jetway NF9G-QM77 Socket G2 2 Intel Gb NICs + i5-3320M + Jetway 4 Intel Gb NICs ADE4INLANG - That would give 6 Gb Intel Nics in a minimal chassi.There´s a guy selling them pre-built on ebay for $649 with the Realtek 4 port Nic, so $669 with the Intel daughter board.
Anyone seen it in real life and what power consumption could be expected from that CPU without using the GPU?
-
You still it to add a hdd to that ebay config. A bit too on the expensive side in my opinion.
-
I just ordered the Jetway MB + Intel 4xGb daughter board and will give it a go in a M350 case that I got here. It may be a little overkill, but I got all parts needed in the bin except the parts ordered + a Core i5-3320M.
Hacom sells almost the same setup as Jupiter IV OpenBrick-M for $2000 and says it should do 400Mbps IPSEC AES256 and 3Gbps firewall throughput. So it´s a lot of bang for the buck.