Looking at Intel NUC again
-
I've been wanting to rebuild my firewall from this large 4U rack server to a smaller system that can sit on my desk (or under it or pretty much wherever). I still have the rack and have been considering a 1U server but at the same time I don't need it to be in the rack either.
I noticed Intel has made two new models of the NUC, one cheaper one with a Celeron 847, and a more expensive one with an i5 (still have all the usual i3 models in between). There's supposedly a Haswell version out soon but unless it's going to be very soon I'd rather not wait that long to do this (I have the money now, not sure I will later).
I can live with the single ethernet port either way as I have VLAN capable switches (2x Procurve 1810g-24 and 1x Procurve 2848). And if push comes to shove, I can always go the less desirable way of using a USB or WiFi adapter or even re-purposing the NUC to other duties and doing something else.
My main question is will the Celeron 847 be enough horse power to be an effective firewall? Primarily I intend to just do NAT/firewall through it with a ~30Mbps Charter cable modem (might later upgrade to business at 30 or 50 meg but not sure). I'd like to possibly do some kind of content filter such as Dan's Guardian or Squidguard but those aren't guaranteed just yet.
The thing that draws my attention is the i5 model has the AES instructions. I am currently no longer doing VPN tunnels anywhere but it is likely to come up in the future. I had previously chosen Blowfish as I'd heard it was better in software, though I don't know if that was in comparison to AES or 3DES (I know 3DES is just horrible in software anyway and really shouldn't be used anymore). Any other endpoints likely would not have AES capable hardware (or would not be under my control so I don't know about them) so would I still be better off sticking with Blowfish or go with AES + the i5 model?
Newegg links to the various models.
Celeron 847 - $164.99: http://www.newegg.com/Product/Product.aspx?Item=N82E16856102004
i3-3217u - $289.99: http://www.newegg.com/Product/Product.aspx?Item=N82E16856102002
i5-3427u - $399.99: http://www.newegg.com/Product/Product.aspx?Item=N82E16856102035For comparison, the 1U system I was/am considering is this Asus RS100-X7 with Xeon E3-1240 V2 CPU combo for $449.98: http://www.newegg.com/Product/ComboDealDetails.aspx?ItemList=Combo.1417796
I know the Asus server is leaps and bounds better than any of the current NUC models (maybe not on power consumption but in every other area yes) and would easily support just about anything I threw at it (I'd actually swap the CPU with the i5-3450 in my desktop so it'd be an upgrade for me in other ways too). The Celeron NUC would be considerably cheaper though if It would support my needs. If I need the i5, I'd likely consider just getting the Asus server, the i3 I'm not sure.
-
I know the Asus server is leaps and bounds better than any of the current NUC models (maybe not on power consumption but in every other area yes) and would easily support just about anything I threw at it (I'd actually swap the CPU with the i5-3450 in my desktop so it'd be an upgrade for me in other ways too). The Celeron NUC would be considerably cheaper though if It would support my needs. If I need the i5, I'd likely consider just getting the Asus server, the i3 I'm not sure.
You won't be able to pull out the Xeon 1240 V2 CPU and place instead the i5-3450. The server board is an Intel S1200BTLR which only supports the Xeon 1200 series CPU, and vice-versa, the Xeon 1200 series CPUs work only in compatible motherboards.
IMHO that Xeon system would be a real overkill for pfSense. You could serve Gigabuit internet with lots of packages based on that hardware… Your ~50Mbps internet with Dan's Guardian can be easily routed with an Atom CPU. I think the Celeron NUC you mentioned would suit you more than fine, even with OpenVPN without hw crypto acceleration.
-
No, it's definitely not an Intel board in that Asus server. From what I can tell it's an Asus P8B-X. The Asus board claims i3 support but not i5 support. I suspect it should support the i5 just fine, I'll simply lose ECC support (same with the i3) which isn't that big of a deal to me. Since it's overkill anyway I doubt I'll go that route (I don't need the CPU upgrade on my computer, just figured if the Xeon was overkill then I might as well get an upgrade out of it anyway). If the Celeron in the NUC will do just fine for that, that'd be the cheaper route anyway.
-
There's a cheaper Asus server bundled with the i3-2120T for $315: http://www.newegg.com/Product/ComboDealDetails.aspx?ItemList=Combo.1417806. Add 4GB RAM and use a HDD I've already got and I'm up to $356.97.
The cheapie NUC with Celeron 847, 120GB SSD and 4GB RAM is $275.97.
That's pretty damn close there. The Asus server does provide more features which accounts for the extra cost of course. Comparing to the i3 NUC so it's more of an apples-to-apples comparison, the price would get much closer if not a little in favor of the Asus server.
I think for the better expandability of the Asus server, I may go that route. I don't always like the "what-if" future planning but that's close enough that it would be worth doing unless anyone else has any suggestions.
-
No, it's definitely not an Intel board in that Asus server. From what I can tell it's an Asus P8B-X. The Asus board claims i3 support but not i5 support. I suspect it should support the i5 just fine, I'll simply lose ECC support (same with the i3) which isn't that big of a deal to me. Since it's overkill anyway I doubt I'll go that route (I don't need the CPU upgrade on my computer, just figured if the Xeon was overkill then I might as well get an upgrade out of it anyway). If the Celeron in the NUC will do just fine for that, that'd be the cheaper route anyway.
i3 CPUs support ECC, oddly enough. If the system says it supports i3 & Xeon then what it's probably saying is that it requires ECC RAM and since the i5 & i7 don't support that, they're not supported.
-
Aha that figures. Well if I do the i3, I would leave the i3 in the server and not swap it with my system. I'm curious about doing an Ivy Bridge i3 instead but I'll hafta look at that and see how much I'm actually saving in the combo deal (might be able to get a lower end E3 in a combo vs a standalone Ivy Bridge i3).
I'm curious though, it says the Celeron 400/500 and Pentium 600/800 are supported as well. Here's the specs page: http://www.asus.com/Commercial_Servers_Workstations/P8BX/#specifications. I also looked up the i3-2120t on Intel's ARK and it doesn't list ECC support. Wikipedia's list mentions only specific i3 chips as supporting ECC (and the 2120t isn't one of them). I've always been under the impression ECC support has been Xeon only for a while since the memory controller got moved to the CPU.
Edit: guess the Ivy Bridge i3 won't work either. Specs mention i3-2100 series only, and the Celeron/Pentium options mentioned are Sandy Bridge too. They mention E3 v2 which is Ivy Bridge. Assumed if it supports one flavor of Ivy Bridge it would support them all. Guess not.
-
i3 3220 does, and it's friends will work.
i3 4330 does as well and it's friends should work as well. different socket but same principle.Intel's basically throwing low cost servers a bone.