Need advice on a pfsense box
-
I was looking at your asrock and gigabyte boards and they are both MicroATX. Is there anyways I will know if a mini-itx board will work?
I am just paranoid that ill get a motherboard and it will not work with pfsense 2.1
-
I was looking at your asrock and gigabyte boards and they are both MicroATX. Is there anyways I will know if a mini-itx board will work?
I am just paranoid that ill get a motherboard and it will not work with pfsense 2.1
If the onboard NIC is not a concern, just get any of the 8X series ITX boards with a PCIe x16 slot. Throw in a PCIe Intel dual (or quad) port NIC like the PT Dual port and use it instead. The 8X chipsets will handle the NIC in the PCIe slot just fine concurrently with the IGP.
I'm running the NanoBSD VGA build (embedded) so I can't comment on any loss of performance in terms of SSD/ HDD. My Kingspec SSD is a real slow poke though so I doubt I can get anything out of it. As I mentioned, I've not gotten down to testing out whether the manual loading of AHCI module will actually allow the AHCI mode on the controller but it is certainly possible.
-
Thank you for your help. I am just worried I will buy the wrong hardware. Intel 8 series chipset looks like I can us a z87 board then.
If that's the case I can get a z87 mini itx board and the i3-4330t for low wattage and aes-ni.
Outside of that I'll have to find a case ;)
I think I am definitely going to go with an intel NIC. A dual or quad port NIC. Intel PT or ET is what I'd go with. I350 looks like the best of the three. But I'm a bit worried about power consumption since this box will be on 24/7- and I heard the PT uses more power. But I havent checked out how many watts it uses yet.
Thanks again for your help!
-
I think I am definitely going to go with an intel NIC. A dual or quad port NIC. Intel PT or ET is what I'd go with. I350 looks like the best of the three. But I'm a bit worried about power consumption since this box will be on 24/7- and I heard the PT uses more power. But I havent checked out how many watts it uses yet.
From the intel Ark - i350-T4 uses 5w, the PT (quad) uses 12W, realistically we're talking about a 7w difference.
Considering pricing is astronomically more for the i350 ($250-350 on ebay) vs the pt which is $75, I think it'd be a very very long payoff for the difference.
The only reason I could think of to run the i350 for what you're suggesting is if you are running solar, where 7W more worth of panel might be more expensive than the difference.
-
Awesome!
For a 7watt difference…I'd definitely rather go with the Intel PT.
Is it true pfsense 2.1 will work with Intel 8 series chipsets like the z87? I just want to make sure I can pick any z87 motherboard I want. Probably a supermicro or gigabyte.
-
Why would you bother with a z series?
H or B series chips would be sufficient and will work.
Also, there is very little difference in power consumption between the normal intel processors and the t series if you are not running them at full load, which I doubt you would be.
Do you really need AES-NI? are you doing VPN work (and what speed are we talking?)
Pentium G3420 chips are about half the price of the i3, and not that much slower..
-
I probably would not need a z series motherboard. You are right, the H or B series will probably work.
the 4330 uses 54TDP and the 4330T uses 35W, but the 4330 has a 3.5GHz clock speed as opposed to the 4330t's 3.0 HGz clock speed.
http://www.cpu-world.com/Compare/493/Intel_Core_i3_i3-4330_vs_Intel_Core_i3_i3-4330T.htmlAs far as AES-NI goes, I have never used it, but it sounds like it can help out with VPN encryption/decryption. I will have a 100Mbps ISP connection and I should be the only one connecting to my firewall via VPN at the moment.
The Pentiums do look like they are about half the price. My main concern is power consumption and performance since this is the gateway to my network and would be the first bottleneck- so I want to make sure this rig is setup the best I can for all my future endeavors. I plan on doing a few projects that I will run from this network.
But as far as a motherboard goes, is it true that any Intel 8 series motherboard will work? I have heard that USB 3.0 has some problems, but that is okay. I'll just make sure the motherboard has some USB 2.0 ports.
-
I repeat, unless you are running you processor full out, it will not consume anywhere near its max tdp. For the difference in price you would be better of spending money on memory and having that extra power on tap.
Remember you can usually undervolt processors also, which will significantly drop consumption
-
AES-NI is not currently accelerated in pfSense.
We will change that, likely this year.
-
I probably would not need a z series motherboard. You are right, the H or B series will probably work.
the 4330 uses 54TDP and the 4330T uses 35W, but the 4330 has a 3.5GHz clock speed as opposed to the 4330t's 3.0 HGz clock speed.
http://www.cpu-world.com/Compare/493/Intel_Core_i3_i3-4330_vs_Intel_Core_i3_i3-4330T.htmlAs far as AES-NI goes, I have never used it, but it sounds like it can help out with VPN encryption/decryption. I will have a 100Mbps ISP connection and I should be the only one connecting to my firewall via VPN at the moment.
The Pentiums do look like they are about half the price. My main concern is power consumption and performance since this is the gateway to my network and would be the first bottleneck- so I want to make sure this rig is setup the best I can for all my future endeavors. I plan on doing a few projects that I will run from this network.
But as far as a motherboard goes, is it true that any Intel 8 series motherboard will work? I have heard that USB 3.0 has some problems, but that is okay. I'll just make sure the motherboard has some USB 2.0 ports.
I wouldn't worry too much about the TDP. At lower loads, both processors will likely consume similar amounts of power. It's only when you nearly fully load the processors (both CPU & GPU) where you start to see a significant difference. Don't forget that the T suffix chips give up maximum clockrate in return for reduced TDP.
Take note that AES-NI will only work now in OpenVPN and not cryptodev (for IPSEC).
The Pentium G3220 will likely do >100Mbps AES-256 VPN for IPSEC/ OpenVPN with sheer brute power anyway. For me, my ISP is giving out a free upgrade from my 150Mbps/ 75Mbps to 1000Gbps/500Mbps later this year so AES-NI is something I look to having (I only use OpenVPN anyway).
I have not used any USB 3.0 devices on the boards, only keyboards. So far so good for the ports connected to the native USB 3.0 controller on the chipset. I doubt you can even get USB 3.0 on the get-go. You'll likely just get your device connected at USB 2.0 speeds in pfSense.
-
The Pentium G3220 will likely do >100Mbps AES-256 VPN for IPSEC/ OpenVPN with sheer brute power anyway.
Considering an Atom D510 will do 50Mbps AES-256 I would think it will do significantly better than 100Mbps.
Single thread Passmark comparisson:
Intel Atom D510 @ 1.66GHz 265
Intel Pentium G3220 @ 3.00GHz 1,759Steve
-
Considering an Atom D510 will do 50Mbps AES-256 I would think it will do significantly better than 100Mbps.
Single thread Passmark comparisson:
Intel Atom D510 @ 1.66GHz 265
Intel Pentium G3220 @ 3.00GHz 1,759Steve
Probably close to 300Mbps? A little less than what I plan for in the long term (dubious perks of having a NGNBN). Not to mention, it's horribly power inefficient compared to AES-NI ASIC for high throughput VPN.
-
Probably close to 300Mbps? A little less than what I plan for in the long term (dubious perks of having a NGNBN). Not to mention, it's horribly power inefficient compared to AES-NI ASIC for high throughput VPN.
Do you really need 300mbps? - 30MB/s is likely to be sufficient for quite some time unless you're transferring massive files. Heck 100mbps will handle 2xHD streams.
-
Do you really need 300mbps? - 30MB/s is likely to be sufficient for quite some time unless you're transferring massive files. Heck 100mbps will handle 2xHD streams.
Pretty much for large files in general. Mostly when I need to grab installers from home when I'm in the office (both lines from same ISP so I can very potentially get 500Mbps). At the moment, I can still get my rated speeds (150/ 75) easily even for international traffic (as long as my ISP has got a direct transit/ peer to that country).
-
Just setup a MSI H81i board with pfSense 2.1. Same issue with the AsRock board - AHCI has to be disabled in BIOS or else GEOM won't see the drive.
It'd appear to me that Gigabyte is the only one (for Haswell) without this issue at the moment (I don't buy Asus due to warranty issues - lousy distributor here).
-
Just setup a MSI H81i board with pfSense 2.1. Same issue with the AsRock board - AHCI has to be disabled in BIOS or else GEOM won't see the drive.
It'd appear to me that Gigabyte is the only one (for Haswell) without this issue at the moment (I don't buy Asus due to warranty issues - lousy distributor here).
I had no problems with achi and my asrock h81-dgs with 2.1.1 prerelease
