Best Hardware?
-
I am new to pfSense but I wanted to build something as I'm currently using an older ASUS router. So far I found this as an example of a build.
- $40 (Mini-Box) - M350 enclosure
- $98 (NewEgg) - Intel DN2800MT
- $13 (Mini-Box) - Riser & I/O Shield for DN2800MT
- $16 (Mini-Box) - 60W AC/DC Power Adapter
- $60 (NewEgg) - Intel 525 30GB mSATA SSD
- $30 (NewEgg) - Corsair 4GB DDR3 SO-DIMM
- $134 (Soekris) - LAN1841 Quad-Port NIC
What do you guys think? I want something that can utilize all the powerful options available to the Pfsense platform. Should I be getting an Intel Core 2 Duo instead of something in the Atom platform?
Any thoughts or advice from current users would help me out greatly. Thanks!
-
What are your throughput requirements? How many interfaces?
Steve
-
i would go for pcengines.ch ALIX 2d13
it has 3 ethernet interfaces.
it is around 150€.
it is very reliable.
-
That's similar to my box at home. I used a larger Intel SSD and i350 NICs rather than 82574L (had to notch out the riser for this) but otherwise it's a pretty capable little system.
-
What are your throughput requirements? How many interfaces?
Steve
Steve, since I want this to replace my older ASUS router I wanted something with 1x WAN port, 4x gigabit LAN ports, 2x USB 3.0 or 2.0. I don't really have any throughput requirements really, I just want it to at least be as capable as my ASUS router which states WAN to LAN throughput of over 900Mbps. However I am not really sure that my throughout requirements will ever be that high.
-
That's similar to my box at home. I used a larger Intel SSD and i350 NICs rather than 82574L (had to notch out the riser for this) but otherwise it's a pretty capable little system.
Hey Jason, small world! The post where I got that list is actually one that you posted. I Googled something like "hardware for pfsense" and that's how I got to these forums. In that post you and another user were debating the quality of the Atom platform and how multiple packages running might effect throughput. I want something that is a little bit future proof and capable of running CPU intensive applications without going to crazy on the price. Is that list still something that you would recommend? So far I have this in my cart at Mini-Box:
Low Profile LGA1155/1150 Intel Core i3/i5/i7 CPU Cooler
19v/8.4A 160 Watt AC-DC Power Adapter
Intel DQ77KB Mini-ITX Motherboard / CPU NOT INCLUDED (Only Compatible with 19v AC Adapter)
M350 Universal Mini-ITX
INTEL CPU Corei3-2100
Another question, is the 19v/8.4A Watt ACDC power adapter the only thing that powers the box? First time using Mini ATX so I was a little confused with the PicoPSU's vs. the power adapters.
-
That particular board, the DQ77KB, has an onboard DC-DC power supply so, yes, you need only the power 19V power brick to power it. Those boards are becoming very difficult to source though.
It's hard to compare your build directly with the Asus. The 4 LAN ports on the Asus are not separate interfaces, effectively it has a switch built in. On some models you can separate ports using internal VLANs but you still only have a single interface feeding it internally. Anyway adding that 4 NIC card to your build is a far more powerful option but much more expensive that a 5 port switch, do you need that?
You will not get close to 900Mbps WAN-LAN throughput with that board. The best you could hope for would be ~600Mbps and that would be without any packages running. Again though do you need any faster than that? What is your WAN speed? Do you need to move a lot of traffic between internal interfaces?Steve
-
Hi Steve,
I have an 8port Cisco switch but 7 ports are being used on it and my ASUS router's LAN ports are all being used. I could buy another switch but if it wasn't too costly I'd prefer NICs on the router. My requirements aren't that high as the transfer speeds from my ISP are relatively modest, around 30/10, and I don't expect to hit 1Gb/s. That being said I want the best hardware for my money for future proofing so if you had $400 to spend what would you build or buy?
-
Ah, sorry I've mislead you there. Too many threads open at once. ::)
The D2800 will not do more than 600Mbps, the i3 will route at 1Gbps with cycles to spare.
In fact you may not even need that. In other threads it has been shown that even the lowliest Sandy bridge Celeron can route 1Gpbs. With that in mind if it were me I would get something very similar to your second parts list but save some money and go for whatever the cheapest Ivy bridge CPU is that fits. If you can still get a DQ77KB then go for that. Personally I would opt for a larger enclosure but that's largely governed by where you're putting it. Unless you need extra interfaces I have to recommend your get an additional switch instead, you'll see better performance for far less money.Steve
-
Okay thanks Steve! I think I'll get a cheaper CPU and take your advice and look for a bigger enclosure for the build. Is 2GB ram good enough for most pfSense packages?
-
2GB is probably fine but RAM is cheap these days and packages like Snort or Squid will eat RAM quick.
Steve
-
2GB is probably fine but RAM is cheap these days and packages like Snort or Squid will eat RAM quick.
Steve
I'd go with 4 gigs to give you some extra headroom. That is what I did with mine.
-
Okay, 4gigs it is! I'll look at corsairs prices :) Do you guys recommend a specific NIC or SSD?
-
i would go for pcengines.ch ALIX 2d13
it has 3 ethernet interfaces.
it is around 150€.
it is very reliable.Doesn't that cap out at about 80Mbit?
-
If you have a choice get Intel NICs. The very newest may not be supported yet though.
I don't use SSDs with any pfSense box but Intel and Samsung seem to regularly be recommended. I'm running OCZ drives in various laptops and have seen no issues but they always get slated here. ::)Steve
-
Okay, 4gigs it is! I'll look at corsairs prices :) Do you guys recommend a specific NIC or SSD?
I prefer Intel SSDs. I'm using a 240GB 520 mSATA in my system at home and the two new boxes I just deployed at work are using the 240GB version of the SATA 530.
As to NICs, my preference is Intel i350 then the 82574L. Once 2.2 drops I'd add the i210 between the two of those as it's considered the replacement for the latter.
-
After doing days of research I've finally started to narrow down my build. I decided that I needed something small, power efficient and fairly silent.
Intel DQ77KB LGA1155 mobo - $155
Kingston 1600MHz 4GB Non-ECC SODIMM - $40
Intel 525 30GB mSATA - $65
In-Win K2 BASIC Thin Mini-ITX Black case with 120W power adapter/heat sink - $75 (http://www.in-win.com.tw/2012_ULTRATOP/k2.html)Now the only question is do I opt for the Intel Core i3-3240 3.4Ghz with a 55W TDP ($120) or do I get the more power efficient, less fast, and more expensive Intel Core i3-3220T 2.8Ghz with a 35W TDP ($128). What do you guys think? I can't decide if I should go for the extra horsepower or the CPU that uses less power.
-
Those figures are the maximum power consumption remember. The actual idle power may not be that different.
Steve
-
Thinking about it more you're right. Seeing as though pfSense isn't going to cause that CPU to be at full load a majority of the time I'll go with the cheaper but faster i3 3240. Too bad the mobo doesn't support ECC.
-
Intel DQ77KB LGA1155 mobo - $155
DQ77KB is available again? I figured they stopped making it after it disappeared from the channel earlier this year. Its a nice board overall but ironically extra intel NIC support is limited. I mostly like it for being able to run off a power brick, the thin and AIO display features are rarely needed. I wish someone would make a cheap-but-good standard itx 115x board with DC input. (19V 90~150W bricks are plentiful, cheap/free and self-cool their AC/DC conversion heat away from the system. Picopsu and similar solutions are not as common, cost more and dump AC/DC heat inside the case)
Now the only question is do I opt for the Intel Core i3-3240 3.4Ghz with a 55W TDP ($120) or do I get the more power efficient, less fast, and more expensive Intel Core i3-3220T 2.8Ghz with a 35W TDP ($128). What do you guys think? I can't decide if I should go for the extra horsepower or the CPU that uses less power.
Between the two, 3240 hands down. Unless you have need to cap the maximum heat output because it is thermally constrained (aka dense blades or fanless) they will idle the same, ivy bridge is a well known animal.
-
You can get the board on Amazon or Mini Box's site. What do you mean the extra intel NIC support is limited?
I've looked all over for good mini itx 1155 boards and I can't find many. Either they're meant for a gaming rig with unnecessary features or they are cheap and lack something.
-
The two Intel NICs on the the board are different so I guess he is saying that one is less well supported. I've not heard any reports of that though. Please enlighten us Aluminum.
Steve
-
I am still having a hard time finding a better mini itx board so unless he has bad news I will probably still opt for this board. I was also looking at cases like the Euler but In-Win K2 BASIC Thin Mini-ITX is a lot cheaper and has a higher TDP rating (35W TDP CPU is recommended for the Euler even though I've seen reviews of a Pentium G2120 55W in it running fine).
-
The two Intel NICs on the the board are different so I guess he is saying that one is less well supported. I've not heard any reports of that though. Please enlighten us Aluminum.
Steve
The onboards both work fine.
Expansion cards are limited, it does not like various NICs to the point it will not boot (82576/VT) or will do weird things like disable a memory channel (i350). I have not tested everything out there but the only ones I've not had problems with have been 82571 duals and quads. Its not a power problem either, none pull over 25W.
Its purely an UEFI problem but Intel Inc does not care enough to fix it, believe me I tried. (supposed reason: its a "desktop" Q77 board despite supporting obviously server only features like VT-d, ironically their itx "server" C206 board does not)
I'm tempted to look into the asus/gigabyte/etc haswell socket thin itx boards as they may be easier vendors to persuade to fix hardware bios problems, so far none have dual intel but mix in some realcrap. Also until i21x is in pfsense release I'm in no hurry.
Still love to have a full height ITX w/ DC input and no lcd display frills to drive up the price, would be good for various DIY builds not just pfsense. I'd prefer asrock as they often go to the trouble to support xeons (and ecc if possible) in firmware and are known to actually test things like esxi on some of their consumer boards.
-
I can report that this i350-based dual port PCI-E Mini board work well with the DQ77KB.
It's not too expensive and not very hot. It is much easier to install in a crammed Mini-ITX chassis than a normal PCI-E card and you don't need to also buy a riser card/cable.
It is by the way also available in a single port variant, should anyone prefer that.
-
@P3R:
I can report that this i350-based dual port PCI-E Mini board work well with the DQ77KB.
It's not too expensive and not very hot. It is much easier to install in a crammed Mini-ITX chassis than a normal PCI-E card and you don't need to also buy a riser card/cable.
It is by the way also available in a single port variant, should anyone prefer that.
Very nice find. My new motherboard supports two Mini PCI-E slots so this would be perfect if I need to expand more ports. Yes my case is crammed enough as it is..lol but still very compact the way I want it.
-
The two Intel NICs on the the board are different so I guess he is saying that one is less well supported. I've not heard any reports of that though. Please enlighten us Aluminum.
Steve
The onboards both work fine.
Expansion cards are limited, it does not like various NICs to the point it will not boot (82576/VT) or will do weird things like disable a memory channel (i350). I have not tested everything out there but the only ones I've not had problems with have been 82571 duals and quads. Its not a power problem either, none pull over 25W.
Its purely an UEFI problem but Intel Inc does not care enough to fix it, believe me I tried. (supposed reason: its a "desktop" Q77 board despite supporting obviously server only features like VT-d, ironically their itx "server" C206 board does not)
I'm tempted to look into the asus/gigabyte/etc haswell socket thin itx boards as they may be easier vendors to persuade to fix hardware bios problems, so far none have dual intel but mix in some realcrap. Also until i21x is in pfsense release I'm in no hurry.
Still love to have a full height ITX w/ DC input and no lcd display frills to drive up the price, would be good for various DIY builds not just pfsense. I'd prefer asrock as they often go to the trouble to support xeons (and ecc if possible) in firmware and are known to actually test things like esxi on some of their consumer boards.
I wasn't even aware that this board had LCD Display functionality. Good to know though, as well as the post from P3R about the dual port i350 PCI-E Mini board.
-
Please notice though that the Jetway cards mentioned above are full length PCI-E Mini cards. The DQ77KB have one full and one half length PCI-E Mini card slots and several other motherboards only support half length PCI-E Mini cards :'(
-
Welp, just purchased everything.
Intel 530 120 SSD
Intel DQ77KB Mini-ITX
Intel Core i3-3240 Dual-Core Processor 3.4 Ghz 3 MB Cache LGA 1155
Kingston Value RAM 4GB 1600MHz PC3-12800 DDR3 Non-ECC CL11 SODIMM SR x8 Notebook Memory
-
You may want to return that 530 SSD and get a S3500, or find an old Intel 320 somewhere.
We don't ship the 530s at Netgate. There are reasons, including the lack of a cap to keep the SSD alive long enough to complete the write to the correct flash sector.
http://lkcl.net/reports/ssd_analysis.html
Now that we have the pfSense store launched, the best hardware for pfSense comes from pfSense itself.
-
The retired 320 series has a very, very good reputation among our customers. Everyone loved that line, and found it very reliable. Hopefully the S3500 line does similarly well as it appears to be doing so far. Power loss issues are as important (and sometimes more important) than overall longevity. It doesn't matter how long the drive lasts if it gets corrupted any time the power fails longer than your UPS does.
An 80GB S3500 is only about $120 on Newegg, a 120GB S3500 is $150. It's not that much more expensive than the 520, and well worth the extra few bucks for the cap and the extra piece of mind.
-
@gonzopancho:
You may want to return that 530 SSD and get a S3500, or find an old Intel 320 somewhere.
We don't ship the 530s at Netgate. There are reasons, including the lack of a cap to keep the SSD alive long enough to complete the write to the correct flash sector.
http://lkcl.net/reports/ssd_analysis.html
Now that we have the pfSense store launched, the best hardware for pfSense comes from pfSense itself
I didn't see this post till now and unfortunately I already have everything up and running :(
-
It's only an issue if you have regular power outages. I'm sure there are many thousands of 530s out there in desktops running without an issue.
Steve
-
It's only an issue if you have regular power outages. I'm sure there are many thousands of 530s out there in desktops running without an issue.
Steve
Thanks for all the help and advice Steve, appreciate it! Here are a couple pics of the build. I really like this In-Win K2 case. System temp is 27C right now, about 19% CPU is my norm with the packages I have installed thus far.
-
It's only an issue if you have regular power outages. I'm sure there are many thousands of 530s out there in desktops running without an issue.
Steve
Both of my main pfSense boxes at work are using Intel 530 SSDs. There's nothing wrong with them as long as ONE of the following is true:
-
You are using a UPS and have your system set to shutdown at low power. (This is true of most non-enterprise SSDs)
-
You don't care about the (tiny) possibility of needing to reinstall your system. (I use CARP + AutoConfigBackup so it's not an issue for me)
-
-
It's only an issue if you have regular power outages. I'm sure there are many thousands of 530s out there in desktops running without an issue.
Steve
Both of my main pfSense boxes at work are using Intel 530 SSDs. There's nothing wrong with them as long as ONE of the following is true:
-
You are using a UPS and have your system set to shutdown at low power. (This is true of most non-enterprise SSDs)
-
You don't care about the (tiny) possibility of needing to reinstall your system. (I use CARP + AutoConfigBackup so it's not an issue for me)
Any UPS you recommend for home use?
-
-
Any UPS you recommend for home use?
I use these, plus the remote monitoring cards. I like them because of the Sine Wave output.
http://www.apc.com/products/resource/include/techspec_index.cfm?base_sku=SMT1500
If you're looking for something cheaper then APC's Back-UPS Pro line is nice.
