Need advice on a pfsense box
-
yes on the 1tb, I still feel its total overkill for pfsense, more so with 2 x 1tb in raid and then installing a 1gig program on it.
If your desperate for nas class drives why not get this instead ?
http://www.storagereview.com/wd_red_25_1tb_hdd_review_wd10jfcx
Its smaller and more energy efficient and server/nas class.
But yeah I guess with raid setup you can enjoy it even if one dies you could mirror it, I get what you are trying to do and its still a good idea perhaps more costly though…
The hp servers are good, more so if you can get cash back offers on them and pick them up cheaply...
Still a good set of hardware is good and future proof. I don't think I can go with intel cpus their low end to mid end cpus don't support AES which is important to my pfsense build I have in mind, I need something future proof to work with VPNs
You could if your bb connection is not overall powerful try a test run on an old pc and see how it works out before leaping on am expensive purchase, just to get the feel and speed of it.....
-
The hp servers are good, more so if you can get cash back offers on them and pick them up cheaply…
Still a good set of hardware is good and future proof. I don't think I can go with intel cpus their low end to mid end cpus don't support AES which is important to my pfsense build I have in mind, I need something future proof to work with VPNs
well for the moment i think i will go with the haswell build any i3 CPUs or the hp server looks like a total overkill for what i need and i also imagine the server makes loud fan noise which could turn out to be anoying.
i just dont wanna mess up and get equipment that will keep crashing because it's not made for 24/7 stable running (server equipment)The AES support is for:
Sandy bridge: all from i5 up
Ivy bridge: all from i5 up and some i3
Haswell: all except Pentium and Celeronso if you plan to do a haswell build you can just get an i3.
-
And didn't people have problems with SSDs because they started dying after a few months?
Some people have these problems.
The ones who use cheap & crappy consumer SSD.
Very few do have any problems with reliable SSD from reputable manufacturers (think: Intel, Samsung).
Again: Don't choose their bleeding edge consumer series, and don't let yourself fooled by maximum transfer rates
SSD wear is a very overrated problem.well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.
Mechanical hard drives are way more likely to fail than a reliable SSD, in my experience.
I'd believe there might be a greater variance amongst SSD models / manufacturers.
While some bad SSD might be more prone to fail than mechanical HDD, good SSD tend to have lower failure/return rates (than any mechanical HDD). -
well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.
Mechanical hard drives are way more likely to fail than a reliable SSD, in my experience.
I'd believe there might be a greater variance amongst SSD models / manufacturers.
While some bad SSD might be more prone to fail than mechanical HDD, good SSD tend to have lower failure/return rates (than any mechanical HDD).i don't know there are a lot of topics here on how SSD disks have failed, i still think a NAS HDD will last longer since it's designed for that type of use + for the price of a quality SSD i can get 2 HDDs.
-
i don't know there are a lot of topics here on how SSD disks have failed, i still think a NAS HDD will last longer since it's designed for that type of use + for the price of a quality SSD i can get 2 HDDs.
I beg to differ. ;)
From my own job experience.
And from any sane stats that I can find on the internet.well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.
The 3.5" is the smallest 3.5" they got (there's a 750GB 2.5").
By the way, if you're hell-bent on getting mechanical HD from Western Digital ;) and the 1TB is just "the smallest they got", maybe you'd like to consider the WD Re series?
The 250GB Re should be about the same price as the Red - though it is slightly louder at up to 30dba and seems to use a little bit more power, it is advertised as having better reliability - and has the longer warranty to boot:Target market:
WD Red: "Designed and tested for small scale RAID environments / Personal/Small Office Home Office"
WD Re: "Durable capacity storage for high-availability deployments / Medium-Large scale Enterprises"MTBF (hours):
WD Red: 1,000,000
WD Re: 1,200,000Non-recoverable read errors per bits read:
WD Red: <1 in 10^14
WD Re: <10 in 10^16Warranty:
WD Red: 3 years
WD Re: 5 yearsWD Red: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771442.pdf
WD Re: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771444.pdf -
i don't know there are a lot of topics here on how SSD disks have failed, i still think a NAS HDD will last longer since it's designed for that type of use + for the price of a quality SSD i can get 2 HDDs.
I beg to differ. ;)
From my own job experience.
And from any sane stats that I can find on the internet.well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.
The 3.5" is the smallest 3.5" they got (there's a 750GB 2.5").
By the way, if you're hell-bent on getting mechanical HD from Western Digital, and the 1TB i just "the smallest they got", maybe you'd consider the WD Re series?Target market:
WD Red: "Designed and tested for small scale RAID environments / Personal/Small Office Home Office"
WD Re: "Durable capacity storage for high-availability deployments / Medium-Large scale Enterprises"MTBF (hours):
WD Red: 1,000,000
WD Re: 1,200,000Non-recoverable read errors per bits read:
WD Red: <1 in 10^14
WD Re: <10 in 10^16Warranty:
WD Red: 3 years
WD Re: 5 yearsWD Red: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771442.pdf
WD Re: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771444.pdfThe 250GB Re should be about the same price as the Red - though the first is a bit louder at 30dba and seems to use a little bit more power.
Hmm..weird, didn't look at the MTBF for the HDD-s but it seems low, in that you are right the samsung 840 ssd claims to have MTBF of 1.5 million.
I don't have much experience with SSD disks but i have HDDs that were used a lot and are over 10 years old and they still work without a problem, but they are loud when the head is moving :P
-
i have HDDs that were used a lot and are over 10 years old
So your 10+ year old HDDs have been alive and kicking for longer than SSDs have even been on the market at all?
Well, these sure don't make for a good comparison. ;D
(PS: Just saying… I don't mean this as an argument for or against anything)
-
i have HDDs that were used a lot and are over 10 years old
So your 10+ year old HDDs have been alive and kicking for longer than SSDs have even been on the market at all?
Well, these sure don't make for a good comparison. ;D
(PS: Just saying… I don't mean this as an argument for or against anything)
I probably should of said that They were used in a pc system, so they weren't running heavy 24/7, if they were they would die years ago :)
-
I was thinking of getting the Corsair http://www.corsair.com/cmx8gx3m2a1333c9.html or kingston value http://www.kingston.com/dataSheets/KVR13N9S8K2_8.pdf.
are those any good or should i get a different brand?
-
Regarding my haswell choice and core i3, I think its too costly and not worth myself going down intel route.
An AMD build I can literally pick up the mobo +cpu for under £100 even and can't argue with a 4ghz (65watt) cpu (dual core) with AES Support and 1xpci express 4x and 16x slot. An 364 hp intel quad Nic for £40-50 can be had also from ebay. I will custom build it so its using a large silent heatsink + fan and a silent 92% energy efficient p/s.
Regarding the SSDs, agree with other poster who mentioned intel or Samsung for reliability factor…. many people on forums still selling there ones after 3-4 years.
We can assume in 3-4 years also technology will be so small and energy efficient to the point our current Pc builds require binning ;)
It is tricky to get the hardware right to strike a balance between energy efficiency and price.
One could look at this new haswell/dual nic/100% silent and 35watt build that came out today:
http://www.atlastsolutions.com/fanless-thin-mini-itx-pc-core-i7-haswell-8gb-128gb-ssd-asus-q87t/
But then who knows if pfsense will support those nics, most likely realtek anyhow so best to avoid.
You have this also:
https://www.amazon.co.uk/Shuttle-DS61-Barebone-Socket-SODIMM/dp/B00BFOFA78pfsense works and supports these nics, but then the cpu needs to be put in separate some guys use a celeron low power or xeon but this adds to the cost.
Guess the pfsense builds are endless you just need one and once set up hide it away, you see people on here using p3 and p4 high electricity builds just running 24/7, but they not fussed you get reliability and all the features and support that puts even the best router on the market today to shame (apart from pfsense wireless side, routers still beat it for that)
-
whatever works out for you :)
Personaly i rather stay away from AMD CPUs + you can get a i3+mobo for only a bit over £100 -
You can but not with AES support ;)
I do actually have an core i5 3.2ghz/AES and micro ATX already which would be good for a pfsense build but that cpu is 95watts.
Its that balance once again….
-
One could look at this new haswell/dual nic/100% silent and 35watt build that came out today:
http://www.atlastsolutions.com/fanless-thin-mini-itx-pc-core-i7-haswell-8gb-128gb-ssd-asus-q87t/
But then who knows if pfsense will support those nics, most likely realtek anyhow so best to avoid.
One of those is an Intel i217 and the other is a Realtek 8111G. Neither are going to work with pfSense until it moves to FreeBSD 10.
Do yourself a favor and stick with Ivy Bridge. The slightly lower idle power consumption and slightly better performance per clock of Haswell isn't worth the hassle of compatibility problems.
-
One could look at this new haswell/dual nic/100% silent and 35watt build that came out today:
http://www.atlastsolutions.com/fanless-thin-mini-itx-pc-core-i7-haswell-8gb-128gb-ssd-asus-q87t/
But then who knows if pfsense will support those nics, most likely realtek anyhow so best to avoid.
One of those is an Intel i217 and the other is a Realtek 8111G. Neither are going to work with pfSense until it moves to FreeBSD 10.
Do yourself a favor and stick with Ivy Bridge. The slightly lower idle power consumption and slightly better performance per clock of Haswell isn't worth the hassle of compatibility problems.
or you can just buy seperate nic cards and you don't have to use the onboard one, speaking of which will a pcie x1 nic work in a pcie x16 (graphics card) slot?
-
yes it will work
http://forums.anandtech.com/showthread.php?t=2218693
looking at some benchies the amd cpu I liked is pretty poor performer, so you were right to suggest intel cpus.
May just stick with my core i5 sandy set and transplant to a micro atx case after all :)
Good info on the ivy cpus was not aware of that….
-
well i will go with the pentium, 1150, 8gig corsair 1333 and a ssd, it's more then enough for what i need :)
As for the i5, i don't think it uses a lot when it's not under load.
-
yeah was concerned with the power, but they do not use that much thanks to the speed step and power efficiency :)
Pentium/1150/8gig and ssd sounds great.
- 3 months later
-
Sorry to resurrect an old thread but did you has well build work for you? I was looking at building something similar but with an i3 4330t because its 35w with aes-ni.
I'm afraid a haswell board is going to have problems working with pfsense 2.1. it looks like it may be a while before v2.2 comes out.
-
Sorry to resurrect an old thread but did you has well build work for you? I was looking at building something similar but with an i3 4330t because its 35w with aes-ni.
I'm afraid a haswell board is going to have problems working with pfsense 2.1. it looks like it may be a while before v2.2 comes out.
The newer Intel NIC drivers that were included in 2.1.1 have been pulled because they were flaky as hell. I wouldn't buy a Haswell system at this point unless you intend to use only add-in NICs which use an older chip.
-
I would be fine if the onboard NIC is not supported as long as a quad port NIC in a PCI slot would work fine?
As long as a Haswell CPU (preferrably the i3-4330t) would work, along with the board itself, im fine.
Am i wasting my time/looking in the wrong place going the Haswell/i3 4330T route if im not worried about the onboard NIC?
Thanks for your reply.
-
I would be fine if the onboard NIC is not supported as long as a quad port NIC in a PCI slot would work fine?
As long as a Haswell CPU (preferrably the i3-4330t) would work, along with the board itself, im fine.
Am i wasting my time/looking in the wrong place going the Haswell/i3 4330T route if im not worried about the onboard NIC?
Thanks for your reply.
I've setup 2 sets on Haswell using pfSense 2.1. One using the Gigabyte H87M-D3H & one using the Asrock H87M-Pro4.
The Realtek NIC on the Gigabyte works fine in pfSense 2.1.
The latter does have some caveats:
1) Disable AHCI mode on the SATA port or GEOM won't find the disk (I didn't try playing with loading AHCI module).
2) The onboard NIC is an i210 which isn't supported in 2.1. -
That's good to know. Maybe its better to go with that Gigabyte board then.
-So as long as the Haswell motherboard works (like the Gigabyte H87M-D3H ), I should be able to use any LGA 1150 CPU with it (preferrably the i3-4330T)
-Do you think there would be any performance reduction by not being able to run in AHCI mode on the Asrock motherboard. Maybe not so much since it might only be affecting something like the HDD/SSD.
-
I was looking at your asrock and gigabyte boards and they are both MicroATX. Is there anyways I will know if a mini-itx board will work?
I am just paranoid that ill get a motherboard and it will not work with pfsense 2.1
-
I was looking at your asrock and gigabyte boards and they are both MicroATX. Is there anyways I will know if a mini-itx board will work?
I am just paranoid that ill get a motherboard and it will not work with pfsense 2.1
If the onboard NIC is not a concern, just get any of the 8X series ITX boards with a PCIe x16 slot. Throw in a PCIe Intel dual (or quad) port NIC like the PT Dual port and use it instead. The 8X chipsets will handle the NIC in the PCIe slot just fine concurrently with the IGP.
I'm running the NanoBSD VGA build (embedded) so I can't comment on any loss of performance in terms of SSD/ HDD. My Kingspec SSD is a real slow poke though so I doubt I can get anything out of it. As I mentioned, I've not gotten down to testing out whether the manual loading of AHCI module will actually allow the AHCI mode on the controller but it is certainly possible.
-
Thank you for your help. I am just worried I will buy the wrong hardware. Intel 8 series chipset looks like I can us a z87 board then.
If that's the case I can get a z87 mini itx board and the i3-4330t for low wattage and aes-ni.
Outside of that I'll have to find a case ;)
I think I am definitely going to go with an intel NIC. A dual or quad port NIC. Intel PT or ET is what I'd go with. I350 looks like the best of the three. But I'm a bit worried about power consumption since this box will be on 24/7- and I heard the PT uses more power. But I havent checked out how many watts it uses yet.
Thanks again for your help!
-
I think I am definitely going to go with an intel NIC. A dual or quad port NIC. Intel PT or ET is what I'd go with. I350 looks like the best of the three. But I'm a bit worried about power consumption since this box will be on 24/7- and I heard the PT uses more power. But I havent checked out how many watts it uses yet.
From the intel Ark - i350-T4 uses 5w, the PT (quad) uses 12W, realistically we're talking about a 7w difference.
Considering pricing is astronomically more for the i350 ($250-350 on ebay) vs the pt which is $75, I think it'd be a very very long payoff for the difference.
The only reason I could think of to run the i350 for what you're suggesting is if you are running solar, where 7W more worth of panel might be more expensive than the difference.
-
Awesome!
For a 7watt difference…I'd definitely rather go with the Intel PT.
Is it true pfsense 2.1 will work with Intel 8 series chipsets like the z87? I just want to make sure I can pick any z87 motherboard I want. Probably a supermicro or gigabyte.
-
Why would you bother with a z series?
H or B series chips would be sufficient and will work.
Also, there is very little difference in power consumption between the normal intel processors and the t series if you are not running them at full load, which I doubt you would be.
Do you really need AES-NI? are you doing VPN work (and what speed are we talking?)
Pentium G3420 chips are about half the price of the i3, and not that much slower..
-
I probably would not need a z series motherboard. You are right, the H or B series will probably work.
the 4330 uses 54TDP and the 4330T uses 35W, but the 4330 has a 3.5GHz clock speed as opposed to the 4330t's 3.0 HGz clock speed.
http://www.cpu-world.com/Compare/493/Intel_Core_i3_i3-4330_vs_Intel_Core_i3_i3-4330T.htmlAs far as AES-NI goes, I have never used it, but it sounds like it can help out with VPN encryption/decryption. I will have a 100Mbps ISP connection and I should be the only one connecting to my firewall via VPN at the moment.
The Pentiums do look like they are about half the price. My main concern is power consumption and performance since this is the gateway to my network and would be the first bottleneck- so I want to make sure this rig is setup the best I can for all my future endeavors. I plan on doing a few projects that I will run from this network.
But as far as a motherboard goes, is it true that any Intel 8 series motherboard will work? I have heard that USB 3.0 has some problems, but that is okay. I'll just make sure the motherboard has some USB 2.0 ports.
-
I repeat, unless you are running you processor full out, it will not consume anywhere near its max tdp. For the difference in price you would be better of spending money on memory and having that extra power on tap.
Remember you can usually undervolt processors also, which will significantly drop consumption
-
AES-NI is not currently accelerated in pfSense.
We will change that, likely this year.
-
I probably would not need a z series motherboard. You are right, the H or B series will probably work.
the 4330 uses 54TDP and the 4330T uses 35W, but the 4330 has a 3.5GHz clock speed as opposed to the 4330t's 3.0 HGz clock speed.
http://www.cpu-world.com/Compare/493/Intel_Core_i3_i3-4330_vs_Intel_Core_i3_i3-4330T.htmlAs far as AES-NI goes, I have never used it, but it sounds like it can help out with VPN encryption/decryption. I will have a 100Mbps ISP connection and I should be the only one connecting to my firewall via VPN at the moment.
The Pentiums do look like they are about half the price. My main concern is power consumption and performance since this is the gateway to my network and would be the first bottleneck- so I want to make sure this rig is setup the best I can for all my future endeavors. I plan on doing a few projects that I will run from this network.
But as far as a motherboard goes, is it true that any Intel 8 series motherboard will work? I have heard that USB 3.0 has some problems, but that is okay. I'll just make sure the motherboard has some USB 2.0 ports.
I wouldn't worry too much about the TDP. At lower loads, both processors will likely consume similar amounts of power. It's only when you nearly fully load the processors (both CPU & GPU) where you start to see a significant difference. Don't forget that the T suffix chips give up maximum clockrate in return for reduced TDP.
Take note that AES-NI will only work now in OpenVPN and not cryptodev (for IPSEC).
The Pentium G3220 will likely do >100Mbps AES-256 VPN for IPSEC/ OpenVPN with sheer brute power anyway. For me, my ISP is giving out a free upgrade from my 150Mbps/ 75Mbps to 1000Gbps/500Mbps later this year so AES-NI is something I look to having (I only use OpenVPN anyway).
I have not used any USB 3.0 devices on the boards, only keyboards. So far so good for the ports connected to the native USB 3.0 controller on the chipset. I doubt you can even get USB 3.0 on the get-go. You'll likely just get your device connected at USB 2.0 speeds in pfSense.
-
The Pentium G3220 will likely do >100Mbps AES-256 VPN for IPSEC/ OpenVPN with sheer brute power anyway.
Considering an Atom D510 will do 50Mbps AES-256 I would think it will do significantly better than 100Mbps.
Single thread Passmark comparisson:
Intel Atom D510 @ 1.66GHz 265
Intel Pentium G3220 @ 3.00GHz 1,759Steve
-
Considering an Atom D510 will do 50Mbps AES-256 I would think it will do significantly better than 100Mbps.
Single thread Passmark comparisson:
Intel Atom D510 @ 1.66GHz 265
Intel Pentium G3220 @ 3.00GHz 1,759Steve
Probably close to 300Mbps? A little less than what I plan for in the long term (dubious perks of having a NGNBN). Not to mention, it's horribly power inefficient compared to AES-NI ASIC for high throughput VPN.
-
Probably close to 300Mbps? A little less than what I plan for in the long term (dubious perks of having a NGNBN). Not to mention, it's horribly power inefficient compared to AES-NI ASIC for high throughput VPN.
Do you really need 300mbps? - 30MB/s is likely to be sufficient for quite some time unless you're transferring massive files. Heck 100mbps will handle 2xHD streams.
-
Do you really need 300mbps? - 30MB/s is likely to be sufficient for quite some time unless you're transferring massive files. Heck 100mbps will handle 2xHD streams.
Pretty much for large files in general. Mostly when I need to grab installers from home when I'm in the office (both lines from same ISP so I can very potentially get 500Mbps). At the moment, I can still get my rated speeds (150/ 75) easily even for international traffic (as long as my ISP has got a direct transit/ peer to that country).
-
Just setup a MSI H81i board with pfSense 2.1. Same issue with the AsRock board - AHCI has to be disabled in BIOS or else GEOM won't see the drive.
It'd appear to me that Gigabyte is the only one (for Haswell) without this issue at the moment (I don't buy Asus due to warranty issues - lousy distributor here).
-
Just setup a MSI H81i board with pfSense 2.1. Same issue with the AsRock board - AHCI has to be disabled in BIOS or else GEOM won't see the drive.
It'd appear to me that Gigabyte is the only one (for Haswell) without this issue at the moment (I don't buy Asus due to warranty issues - lousy distributor here).
I had no problems with achi and my asrock h81-dgs with 2.1.1 prerelease