Need advice on a pfsense box



  • Hello,

    I am building a new pfsense box, and need some advice on the motherboard and cpu

    1.For the cpu i was planing on buying this: http://www.newegg.com/Product/Product.aspx?Item=N82E16819116949
    But should i get the new haswell cpu or should i stay with the older sandy/ivy bridge, or something different?

    2.Can you recommend a working motherboard for it that has at least 3 pci-e sockets (needs to work with intel pro/1000 ct cards)



  • All the Haswell boards I've seen ship with i210 and/or i217 NICs, neither of which are currently supported.

    As to your CT NICs, the 82574L works very well but you should know that the packet buffer doesn't include ECC. This doesn't matter for a home or SMB system, but if this is a business-critical box I'd suggest stepping up to the i350.  Use of this card also means you can get 4 ports in a single PCI-e slot.



  • Well the box is more for a personal network so i don't think ECC is that important.

    But i am planing to get 3 CT NICs one for wan and 2 for lan which would be conected to switches. but i'm more worried about the pfsense having problems with the new haswell cpu-s and 1150 borads



  • @super_8:

    Well the box is more for a personal network so i don't think ECC is that important.

    But i am planing to get 3 CT NICs one for wan and 2 for lan which would be conected to switches. but i'm more worried about the pfsense having problems with the new haswell cpu-s and 1150 borads

    I recently went through this process as well.  I decided to go with Xeon E3 V2 and C206 boards.



  • @Jason:

    I recently went through this process as well.  I decided to go with Xeon E3 V2 and C206 boards.

    well i am looking for something less powerfull to handle a 30/10 line. So i will probably just stick with the 1155 boards (http://www.newegg.com/Product/Product.aspx?Item=N82E16813128547)



  • @super_8:

    @Jason:

    I recently went through this process as well.  I decided to go with Xeon E3 V2 and C206 boards.

    well i am looking for something less powerfull to handle a 30/10 line. So i will probably just stick with the 1155 boards (http://www.newegg.com/Product/Product.aspx?Item=N82E16813128547)

    Basically the same parts, different branding.



  • @Jason:

    @super_8:

    @Jason:

    I recently went through this process as well.  I decided to go with Xeon E3 V2 and C206 boards.

    well i am looking for something less powerfull to handle a 30/10 line. So i will probably just stick with the 1155 boards (http://www.newegg.com/Product/Product.aspx?Item=N82E16813128547)

    Basically the same parts, different branding.

    Same parts?



  • @super_8:

    @Jason:

    @super_8:

    @Jason:

    I recently went through this process as well.  I decided to go with Xeon E3 V2 and C206 boards.

    well i am looking for something less powerfull to handle a 30/10 line. So i will probably just stick with the 1155 boards (http://www.newegg.com/Product/Product.aspx?Item=N82E16813128547)

    Basically the same parts, different branding.

    Same parts?

    Still talking about Ivy Bridge.



  • well then i'm just gonna get the sandy/ivy pentium with an asus z77 or similar board that has RAID function.



  • http://www.pfsense.org/index.php@option=com_content&task=view&id=46&Itemid=51.html

    Hardware Compatibility List

    As pfSense 2.0.1 is based on FreeBSD 8.1, its hardware compatibility list is the same as FreeBSD's. The pfSense kernel includes all FreeBSD drivers.

    Also here a guy runs freebsd on his haswell core i7-4770k cpu and socket 1150 mobo:

    http://www.phoronix.com/scan.php?page=news_item&px=MTQyNDg

    When you really think about it haswell is 6 months + old and ivybridge have been out for a years… id be shocked if pfsense did not work on them,  people would go mad simply put!

    It maybe wiser to repost a new question and ask anyone running pfsense on new intel haswell cpus though in case before buying!

    The haswells are better I feel since they got 55watt and low power use making them even more ideal for 24/7 pfsense boxes,  and they are faster and better and similar priced....

    I think the real issues are the nics and realtek ones... sticking with intel nics seems best as you know.

    Quite a few like the xeons,  I guess since they are server class and always run 24/7,  but really they are still pricey and hot.  A cheaper haswell running with 55watts with onboard gpu sounds way better imo.  Even I had a Q9300 quad + mobo running 24/7 for years and no issue.  But I guess for pure stability an xeon is great.

    I have considered going AMD A6-6400K 3.90GHz 65Watt.  Its still 65watts,  but its 4.1ghz dual core and supports AES and £60 only, the AES instructions will be handy for me since I use OpenVPN,  but am still considering the same haswell cpu as yourself !

    Other then that good luck with the build ill join very soon !



  • @Fevan:

    The haswells are better I feel since they got 55watt and low power use making them even more ideal for 24/7 pfsense boxes,  and they are faster and better and similar priced….

    Depends on which type of cpu,for example a pentium G2030T uses only 35W.

    As for the Xeons i think they are for the more powerfull systems. But for now i think i will stay with the 3gen cpus.



  • [update]

    Looks like i will have to go with Haswell since the 3gen pentium only supports DDR3-1066 memory.



  • Yeah 32watt is very low and good,  2.6ghz so not bad either.

    Yeah the xeons would fair better for 24/7 use and more powerful,  but if your looking for low noise/power,  I like the haswell set ups.

    • you can an onboard gpu,  with xeon you need an gpu…

    why would you need faster ram for your pfsense box ?  not unless you got brought the ram already,  even then is not the faster ram suppose to work backwards compatible...



  • @Fevan:

    why would you need faster ram for your pfsense box ?  not unless you got brought the ram already,  even then is not the faster ram suppose to work backwards compatible…

    1066 is too slow, since i plan to run some packages that are heavy on ram + the store i'm buying from only has 2gb 1066 ram modules.



  • ouch on 2gig

    Well when you get finalized with your build and hardware,  let us know how the performance is :)



  • well i am deciding between these two builds

    1. 1155
    CPU: Intel Pentium G840 or  Intel Core i3 2120
    Mobo:
      option1: http://www.asus.com/Motherboards/P8H61MX_R20/
      option2: http://www.asus.com/Motherboards/Z77A/
    RAM: 2x4GB ddr3 1333
    HDD: 2x WD RED NAS 1TB SATA 6Gb/s 64MB
    NIC: 3x pcie Intel PRO/1000

    2. 1150
    CPU:  Intel Pentium G3420 2x3.20GHz
    Mobo:
      option1: http://www.asrock.com/mb/Intel/H81M-GL/index.us.asp
      option2: http://www.asrock.com/mb/Intel/H87 Pro4/
      option3: http://www.asus.com/Motherboards/P8B75V/
    RAM: 8GB(2x4) ddr3 1600
    HDD: 2x WD RED NAS 1TB SATA 6Gb/s 64MB
    NIC: 3x pcie Intel PRO/1000

    What do you think?

    I've also been looking at HP ProLiant ML310 server. It's a bit more expencive but it has reliability, don't know if it supports pfsense…



  • I like setup 2 due to haswell,  how comes such a massive hdd though ?

    If your running it via virtualbox pfsense are you doubling it up as a download box or media box ?

    I was planning on a 64gig hdd but many on here gone with an 8gig ssd just for their pfsense boxes.



  • @Fevan:

    I like setup 2 due to haswell,  how comes such a massive hdd though ?

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.
    And didn't people have problems with SSDs because they started dying after a few months?



  • Oh and another thing, is ECC ram important to have or can i stick with a non ECC-system?



  • ECC ram is good for reliability which is why its more recommended for server machines ie xeon cpus etc

    However its more pricey and again only works on mobos for servers like x79 mobos or xeon socket mobos and similar.

    If you look at some of the new socket 1150 mobos no mention of ECC support,  so I guess they only take the normal Ram.

    Yeah SSDs can die… any hdd can also.  Your Nas drives are better suited to run 24/7 however I feel its total overkill for pfsense which takes what 1gig,  people often suggest small 8gig or 30gig SSDs.  Even a 64gig maybe overkill.

    If your using pfsense packages though people do suggest more ram like 8gig since they soak up ram I hear.

    I figured since you mentioned you were installing 2x2TB WD reds,  you would be using it for other reasons other then pfsense.
    I see pfsense system requirements is it takes 1gig hdd space anyhow so a 4tb is kinda overkill to the max.

    if am wrong someone would correct me however!



  • @Fevan:

    I figured since you mentioned you were installing 2x2TB WD reds,  you would be using it for other reasons other then pfsense.
    I see pfsense system requirements is it takes 1gig hdd space anyhow so a 4tb is kinda overkill to the max.
    if am wrong someone would correct me however!

    well first of you got the size wrong it's 1TB not 2 :P, but the only reason why i chose those disks is because they are supposed to be for 24/7 operation, and like you said i don't need space but 1tb is the smallest from the red version even any other brad of HDDs don't go lower then 250GB (unless you mean ssd disks)

    the reason why i said 2 is because i was thinking of setting them up in RAID.

    but i have been thinking about getting the HP ProLiant ML310 server for the box, it would only cost a bit more. but i don't know if it supports pfsense and it has intel Vpro which i would rather stay away from.



  • Go for a 1155 system. i3 with 8GB is perfect.



  • yes on the 1tb,  I still feel its total overkill for pfsense,  more so with 2 x 1tb in raid and then installing a 1gig program on it.

    If your desperate for nas class drives why not get this instead ?

    http://www.storagereview.com/wd_red_25_1tb_hdd_review_wd10jfcx

    Its smaller and more energy efficient and server/nas class.

    But yeah I guess with raid setup you can enjoy it even if one dies you could mirror it,  I get what you are trying to do and its still a good idea perhaps more costly though…

    The hp servers are good,  more so if you can get cash back offers on them and pick them up cheaply...

    Still a good set of hardware is good and future proof.  I don't think I can go with intel cpus their low end to mid end cpus don't support AES which is important to my pfsense build I have in mind,  I need something future proof to work with VPNs

    You could if your bb connection is not overall powerful try a test run on an old pc and see how it works out before leaping on am expensive purchase,  just to get the feel and speed of it.....



  • @Fevan:

    The hp servers are good,  more so if you can get cash back offers on them and pick them up cheaply…

    Still a good set of hardware is good and future proof.  I don't think I can go with intel cpus their low end to mid end cpus don't support AES which is important to my pfsense build I have in mind,  I need something future proof to work with VPNs

    well for the moment i think i will go with the haswell build any i3 CPUs or the hp server looks like a total overkill for what i need and i also imagine the server makes loud fan noise which could turn out to be anoying.
    i just dont wanna mess up and get equipment that will keep crashing because it's not made for 24/7 stable running (server equipment)

    The AES support is for:
    Sandy bridge: all from i5 up
    Ivy bridge: all from i5 up and some i3
    Haswell: all except Pentium and Celeron

    so if you plan to do a haswell build you can just get an i3.



  • @super_8:

    And didn't people have problems with SSDs because they started dying after a few months?

    Some people have these problems.
    The ones who use cheap & crappy consumer SSD.
    Very few do have any problems with reliable SSD from reputable manufacturers (think: Intel, Samsung).
    Again: Don't choose their bleeding edge consumer series, and don't let yourself fooled by maximum transfer rates
    SSD wear is a very overrated problem.

    @super_8:

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.

    Mechanical hard drives are way more likely to fail than a reliable SSD, in my experience.
    I'd believe there might be a greater variance amongst SSD models / manufacturers.
    While some bad SSD might be more prone to fail than mechanical HDD, good SSD tend to have lower failure/return rates (than any mechanical HDD).



  • @Applied:

    @super_8:

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.

    Mechanical hard drives are way more likely to fail than a reliable SSD, in my experience.
    I'd believe there might be a greater variance amongst SSD models / manufacturers.
    While some bad SSD might be more prone to fail than mechanical HDD, good SSD tend to have lower failure/return rates (than any mechanical HDD).

    i don't know there are a lot of topics here on how SSD disks have failed, i still think a NAS HDD will last longer since it's designed for that type of use + for the price of a quality SSD i can get 2 HDDs.



  • @super_8:

    i don't know there are a lot of topics here on how SSD disks have failed, i still think a NAS HDD will last longer since it's designed for that type of use + for the price of a quality SSD i can get 2 HDDs.

    I beg to differ.  ;)

    From my own job experience.
    And from any sane stats that I can find on the internet.

    @super_8:

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.

    The 3.5" is the smallest 3.5" they got (there's a 750GB 2.5").
    By the way, if you're hell-bent on getting mechanical HD from Western Digital  ;)  and the 1TB is just "the smallest they got", maybe you'd like to consider the WD Re series?
    The 250GB Re should be about the same price as the Red - though it is slightly louder at up to 30dba and seems to use a little bit more power, it is advertised as having better reliability - and has the longer warranty to boot:

    Target market:
    WD Red: "Designed and tested for small scale RAID environments / Personal/Small Office Home Office"
    WD Re: "Durable capacity storage for high-availability deployments / Medium-Large scale Enterprises"

    MTBF (hours):
    WD Red: 1,000,000
    WD Re: 1,200,000

    Non-recoverable read errors per bits read:
    WD Red: <1 in 10^14
    WD Re: <10 in 10^16

    Warranty:
    WD Red: 3 years
    WD Re: 5 years

    WD Red: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771442.pdf
    WD Re: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771444.pdf



  • @Applied:

    @super_8:

    i don't know there are a lot of topics here on how SSD disks have failed, i still think a NAS HDD will last longer since it's designed for that type of use + for the price of a quality SSD i can get 2 HDDs.

    I beg to differ.  ;)

    From my own job experience.
    And from any sane stats that I can find on the internet.

    @super_8:

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.

    The 3.5" is the smallest 3.5" they got (there's a 750GB 2.5").
    By the way, if you're hell-bent on getting mechanical HD from Western Digital, and the 1TB i just "the smallest they got", maybe you'd consider the WD Re series?

    Target market:
    WD Red: "Designed and tested for small scale RAID environments / Personal/Small Office Home Office"
    WD Re: "Durable capacity storage for high-availability deployments / Medium-Large scale Enterprises"

    MTBF (hours):
    WD Red: 1,000,000
    WD Re: 1,200,000

    Non-recoverable read errors per bits read:
    WD Red: <1 in 10^14
    WD Re: <10 in 10^16

    Warranty:
    WD Red: 3 years
    WD Re: 5 years

    WD Red: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771442.pdf
    WD Re: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771444.pdf

    The 250GB Re should be about the same price as the Red - though the first is a bit louder at 30dba and seems to use a little bit more power.

    Hmm..weird, didn't look at the MTBF for the HDD-s but it seems low, in that you are right the samsung 840 ssd claims to have MTBF of 1.5 million.

    I don't have much experience with SSD disks but i have HDDs that were used a lot and are over 10 years old and they still work without a problem, but they are loud when the head is moving :P



  • @super_8:

    i have HDDs that were used a lot and are over 10 years old

    So your 10+ year old HDDs have been alive and kicking for longer than SSDs have even been on the market at all?

    Well, these sure don't make for a good comparison. ;D

    (PS: Just saying… I don't mean this as an argument for or against anything)



  • @Applied:

    @super_8:

    i have HDDs that were used a lot and are over 10 years old

    So your 10+ year old HDDs have been alive and kicking for longer than SSDs have even been on the market at all?

    Well, these sure don't make for a good comparison. ;D

    (PS: Just saying… I don't mean this as an argument for or against anything)

    I probably should of said that They were used in a pc system, so they weren't running heavy 24/7, if they were they would die years ago :)



  • I was thinking of getting the Corsair http://www.corsair.com/cmx8gx3m2a1333c9.html or kingston value http://www.kingston.com/dataSheets/KVR13N9S8K2_8.pdf.

    are those any good or should i get a different brand?



  • Regarding my haswell choice and core i3,  I think its too costly and not worth myself going down intel route.

    An AMD build I can literally pick up the mobo +cpu for under £100 even and can't argue with a 4ghz (65watt) cpu (dual core) with AES Support and 1xpci express 4x and 16x slot.  An 364 hp intel quad Nic for £40-50 can be had also from ebay.  I will custom build it so its using a large silent heatsink + fan and a silent 92% energy efficient p/s.

    Regarding the SSDs,  agree with other poster who mentioned intel or Samsung for reliability factor…. many people on forums still selling there ones after 3-4 years.

    We can assume in 3-4 years also technology will be so small and energy efficient to the point our current Pc builds require binning ;)

    It is tricky to get the hardware right to strike a balance between energy efficiency and price.

    One could look at this new haswell/dual nic/100% silent and 35watt build that came out today:

    http://www.atlastsolutions.com/fanless-thin-mini-itx-pc-core-i7-haswell-8gb-128gb-ssd-asus-q87t/

    But then who knows if pfsense will support those nics,  most likely realtek anyhow so best to avoid.

    You have this also:
    https://www.amazon.co.uk/Shuttle-DS61-Barebone-Socket-SODIMM/dp/B00BFOFA78

    pfsense works and supports these nics,  but then the cpu needs to be put in separate some guys use a celeron low power or xeon but this adds to the cost.

    Guess the pfsense builds are endless you just need one and once set up hide it away,  you see people on here using p3 and p4 high electricity builds just running 24/7,  but they not fussed you get reliability and all the features and support that puts even the best router on the market today to shame (apart from pfsense wireless side,  routers still beat it for that)



  • whatever works out for you :)
    Personaly i rather stay away from AMD CPUs + you can get a i3+mobo for only a bit over £100



  • You can but not with AES support ;)

    I do actually have an core i5 3.2ghz/AES and micro ATX already which would be good for a pfsense build but that cpu is 95watts.

    Its that balance once again….



  • @Fevan:

    One could look at this new haswell/dual nic/100% silent and 35watt build that came out today:

    http://www.atlastsolutions.com/fanless-thin-mini-itx-pc-core-i7-haswell-8gb-128gb-ssd-asus-q87t/

    But then who knows if pfsense will support those nics,  most likely realtek anyhow so best to avoid.

    One of those is an Intel i217 and the other is a Realtek 8111G.  Neither are going to work with pfSense until it moves to FreeBSD 10.

    Do yourself a favor and stick with Ivy Bridge.  The slightly lower idle power consumption and slightly better performance per clock of Haswell isn't worth the hassle of compatibility problems.



  • @Jason:

    @Fevan:

    One could look at this new haswell/dual nic/100% silent and 35watt build that came out today:

    http://www.atlastsolutions.com/fanless-thin-mini-itx-pc-core-i7-haswell-8gb-128gb-ssd-asus-q87t/

    But then who knows if pfsense will support those nics,  most likely realtek anyhow so best to avoid.

    One of those is an Intel i217 and the other is a Realtek 8111G.  Neither are going to work with pfSense until it moves to FreeBSD 10.

    Do yourself a favor and stick with Ivy Bridge.  The slightly lower idle power consumption and slightly better performance per clock of Haswell isn't worth the hassle of compatibility problems.

    or you can just buy seperate nic cards and you don't have to use the onboard one, speaking of which will a pcie x1 nic work in a pcie x16 (graphics card) slot?



  • yes it will work

    http://forums.anandtech.com/showthread.php?t=2218693

    looking at some benchies the amd cpu I liked is pretty poor performer,  so you were right to suggest intel cpus.

    May just stick with my core i5 sandy set and transplant to a micro atx case after all :)

    Good info on the ivy cpus was not aware of that….



  • well i will go with the pentium, 1150, 8gig corsair 1333 and a ssd, it's more then enough for what i need :)

    As for the i5, i don't think it uses a lot when it's not under load.



  • yeah was concerned with the power,  but they do not use that much thanks to the speed step and power efficiency :)

    Pentium/1150/8gig and ssd sounds great.



  • Sorry to resurrect an old thread but did you has well build work for you? I was looking at building something similar but with an i3 4330t because its 35w with aes-ni.

    I'm afraid a haswell board is going to have problems working with pfsense 2.1. it looks like it may be a while before v2.2 comes out.