Small & Quiet 1Gbps Router



  • Quite a while back I posted about building a 100 Mbps system and parted out a Atom based solution. About the time I was going to purchase the parts two things happened: 1) our ISP gave us a free upgrade to 100/100 and started offering gibabit at the former 100/100 cost. b) An emergency came up which prevented me from buying the parts anyway! With that said, I'm back but would like to instead price out a 1 Gbps build. With my ISP offering gigabit at such a cheap price, it seems foolish to pass it up  8)

    After reading over the forums, it seems that:

    • Atom processors are not worth the price for the performance and more importantly, can't handle gigabit speeds

    • I'm better off adding a PCIe Intel NIC vs using onboard (including onboard Intel)

    Is the above true?

    General goals:

    • Ability to handle true gigabit speeds

    • Small form factor. That is, based around Mini ITX and low profile box

    • Low power consumption

    • Silent or at least, very quiet

    • Hopefully within $500 USD

    First stab at a build:

    | Case | M300 | 59.95 |
    | Motherboard | ECS H61H2-I v1.1 LGA 1155 Intel H61 HDMI Mini ITX Intel Motherboard | 54.99 |
    | CPU | Intel Core i3-3240 Ivy Bridge 3.4GHz LGA 1155 55W Dual-Core Intel HD Graphics 2500 BX80637i33240 | 119.99 |
    | CPU Fan | Noctua NH-L9i 95mm SSO2 CPU Cooler | 47.00 |
    | RAM | G.SKILL Value Series 4GB 240-Pin DDR3 SDRAM DDR3 1333 (PC3 10600) F3-10600CL9S-4GBNT | 42.99 |
    | SSD | SanDisk ReadyCache SDSSDRC-032G-G26 2.5" 32GB SATA III | 46.99 |
    | NIC (dual) | INTEL EXPI9402PTBLK PRO / 1000 PT DUAL | 59.99 |
    | PSU | picoPSU-80-60W-power-kit | 35.00 |

    How does the above look? Is any of it overkill – at least in a component in which I can save some money? Anything known to be non-compatible with pfSense 2.x?



  • @NuSkooler:

    I'm better off adding a PCIe Intel NIC vs using onboard (including onboard Intel)

    Not exactly true.

    Onboard Intel NICs are very decent to begin with.  For most SOHO or SMB usage, you won't see a difference between those and an add-on server grade Intel NIC.  If your onboard is a Realtek, then sure, an add-on Intel PCIe NIC is much preferred.

    The specs you listed will work for what you need unless you're expecting Gigabit VPN.



  • @dreamslacker:

    Onboard Intel NICs are very decent to begin with.  For most SOHO or SMB usage, you won't see a difference between those and an add-on server grade Intel NIC.  If your onboard is a Realtek, then sure, an add-on Intel PCIe NIC is much preferred.

    The specs you listed will work for what you need unless you're expecting Gigabit VPN.

    dreamslacker, thanks for the reply –

    The device will be used on our home gigabit network / fiber connection with about 20 or so devices and generally <= 4 active at any given time. While I will be using VPN functionality, I do not require gigabit. I'd like it to be "snappy" but will mostly be connecting to hosts with around 50-100 Mbps connections.

    Given your statement about integrated NICs, I've come up with a alternative build with a slimmer profile (which I'd really like) based on a build log I found. Again, I'd love any comments/feedback (e.g. perhaps I'm missing something obvious here?!)

    Option 2 - Integrated 2 x Intel NICs:

    | Case | LIAN LI Black Aluminum PC-Q05B Mini ITX Media Center / HTPC Case | 59.99 |
    | Motherboard | Intel DQ77KB Ivy Bridge Desktop Thin-ITX | 149.99 |
    | CPU | Intel Core i3-3240 Ivy Bridge 3.4GHz LGA 1155 55W Dual-Core Desktop Processor Intel HD Graphics 2500 BX80637i33240 | 119.99 |
    | CPU | Intel Core i5 i5-3470T 2.90 GHz Processor - Socket H2 LGA-1155 | 149.99 |
    | CPU Cooling | Intel Cooling Fan/Heatsink CPU Fan BXHTS1155LP | 30.23 |
    | RAM | G.SKILL 4GB (2 x 2GB) 204-Pin DDR3 SO-DIMM DDR3 1333 (PC3 10600) Laptop Memory Model F3-10600CL9D-4GBSQ | 44.99 |
    | RAM | G.SKILL 2GB 204-Pin DDR3 SO-DIMM DDR3 1333 (PC3 10666) Laptop Memory Model F3-10666CL9S-2GBSQ | 26.99 |
    | SSD | SanDisk ReadyCache SDSSDRC-032G-G26 2.5" 32GB SATA III | 46.99 |
    | SSD | ADATA Premier Pro SP900 ASP900S3-64GM-C 2.5" 64GB SATA III MLC Internal Solid State Drive (SSD) | 58.84 |
    | PSU | 19v/8.4A 160 Watt AC-DC Power Adapter | 39.00 |
    | | Total | 515.03 |

    Notes:

    • The integrated NICs are Intel 82579LM and Intel 82574L

    • If 2GB is "plenty" I can shave off a few bucks by going G.SKILL 2GB 204-Pin DDR3 SO-DIMM DDR3 1333 (PC3 10600) Laptop Memory Model F3-10600CL9S-2GBSQ @ 24.99

    Anyone see any blaring issues with this build (e.g. known to be incompatible hardware)?

    Update:
    Changed to 2 GB RAM and i5 processor

    Update 2:
    I read about some issues with the ReadyDisks, so swapped the SDS for a ADATA Premier Pro.

    All parts ordered. I'll post a build log/etc. once everything is here.


  • LAYER 8 Netgate

    You might consider going to a Core i5-3470T or similar.  Dual core. Still only 35W but you get an i5 and AES-NI should it be needed in the future.  About $150.



  • @NuSkooler:

    Notes:

    • The integrated NICs are Intel 82579LM and Intel 82574L

    • If 2GB is "plenty" I can shave off a few bucks by going G.SKILL 2GB 204-Pin DDR3 SO-DIMM DDR3 1333 (PC3 10600) Laptop Memory Model F3-10600CL9S-2GBSQ @ 24.99

    Anyone see any blaring issues with this build (e.g. known to be incompatible hardware)?

    2GB is plenty if you don't run anything that will really eat up memory like SNORT or SQUID.



  • Hey Nuskooler! I am looking for something very similar. Would you mind sharing the links of the hardware you are referring to? I am been debating on a dedicated box, or setting up a VM box and running PF on that with another host…..



  • @firstsage:

    Hey Nuskooler! I am looking for something very similar. Would you mind sharing the links of the hardware you are referring to? I am been debating on a dedicated box, or setting up a VM box and running PF on that with another host…..

    I've updated the "Option 2" post above to have component links. Will update again in a bit to reflect 2GB of RAM and i5 if I decide to go that route, which I likely will do.



  • Here is a small update for anyone interested in this build:

    I was excited to build the thing, and pretty much forgot about taking in-build progress shots, but I can certainly take the lid off and take a picture if there is anyone wanting to see the final hardware in the case.

    Took about a hour to put together. Everything was very straight forward. Really the only issue I had was the SATA cable Intel shipped with the MB was a straight cable (no "L" ends) which would not work in the case. Luckly I have a lot of cables around here to take care of it. The Intel fan is ultra quiet. In fact, the first time I did a power on test I thought it had powered back off because it's so quiet! Runs very cool, so that should not be of any issue.

    Used the USB pfSense distro, and live mode. When I booted up everything detected perfectly. I selected my interfaces and changed my IP from the default 192.x.x.x. After that, my Internet came back up before I was even finished. Hit the 99 option and installed, configured the rest from the web GUI.

    It was almost too easy!



  • Sweet!  Pics would be cool to see when you get a chance.  :)



  • Here are a few images (lighting was horrid):

    Back panel:

    Top view:



  • That's a tight setup.  Love the new ports in the back.  I'd probably rebuild my PfSense hardware but it'll be awhile as I already invested some money on it.

    Love the low profile case!



  • That intel thin-itx cooler is rated to 65W TDP and is generally pretty quiet if anyone considers an i5/i7, technically you should get an S version but non-overclocked standards might be ok. I have that lian-li case in silver from a newegg discount awhile back.

    There are also thin-itx haswell boards from asus and gigabyte with dual nics (Q87) sadly on both models one nic is realjunk while the other is intel and the newest i21x version that needs 2.2 :(

    Maybe someone will make a good version in the future, haswell i3 w/ aes-ni are cheaper than ivy i5. For now I'm grabbing those sandy bridge laptop socket ITX boards and cheap mobile i5 ;)

    Also, if you really want to go silent, theres always this



  • This looks pretty nice. I am also needing to build a 1gbps-capable pf router in the next 30 days or so. But I need something that I can rackmount in 1U. Also, very curious if you've speed tested this thing yet, is it performing as you expected (able to route 1gbit traffic etc)? cheers



  • @luckman212:

    This looks pretty nice. I am also needing to build a 1gbps-capable pf router in the next 30 days or so. But I need something that I can rackmount in 1U. Also, very curious if you've speed tested this thing yet, is it performing as you expected (able to route 1gbit traffic etc)? cheers

    Supermicro has lots of 1U rack mount cases for mitx boards ~$100 with powersupply. I think you just need the full height I/O plate for use with these thin-itx boards



  • I think the Lanner FW-7573 looks like a really nice next-gen platform (8-core Atom C2000) for a pfSense firewall. Problem is finding a place to buy it (in the US). I just sent an email to Netgate about possible availability.



  • You can buy directly from Lanner if Netgate won't get it for you, but that won't work under 2.1.  You'll need to wait for 2.2 or run pfSense inside a virtual machine.

    EDIT: Or maybe 2.1.1, the newer Intel drivers are back in and they don't seem crash-happy this time.



  • Do you know how many watts this build uses on average? I'm kind of sketched out to buy an i3 haswell due to the power consumption since this box will be running 24/7. But my fall back is a celeron CPU.



  • @bryan.paradis:

    @luckman212:

    This looks pretty nice. I am also needing to build a 1gbps-capable pf router in the next 30 days or so. But I need something that I can rackmount in 1U. Also, very curious if you've speed tested this thing yet, is it performing as you expected (able to route 1gbit traffic etc)? cheers

    Supermicro has lots of 1U rack mount cases for mitx boards ~$100 with powersupply. I think you just need the full height I/O plate for use with these thin-itx boards

    Actually 1U is slightly shorter than standard height motherboard shields, depending on tolerances you can flex or fake it and it will work but other times its a no-go.

    1U is ~45mm outside dimension vs 45mm (face/hole) and 48mm (flashing) inside dimensions for a standard shield.

    Running without a shield, trimming the shield with tin snips or using the thin-itx one and having a gap is usually no big deal though. (DQ77KB in a box comes with both)

    Just watch out, some cases use a custom size plate and in the worst case scenario it can be steel knockouts of the frame itself that are only keyed for board layouts made by the same vendor :(



  • @luckman212:

    This looks pretty nice. I am also needing to build a 1gbps-capable pf router in the next 30 days or so. But I need something that I can rackmount in 1U. Also, very curious if you've speed tested this thing yet, is it performing as you expected (able to route 1gbit traffic etc)? cheers

    We don't have gigabit hooked up yet – that will come in the near future. Currently we have a 100/100 fiber. The previous router, a Snapgear SG560 could pull off around 60-70 Mbps if nothing else was going on, and if I were lucky. I can now fully saturate the connection and barely hit the CPU. Also, with QoS I can hit it very heavy and still allow web traffic as to not piss off my wife :)

    Just did a quick iperf test -- Never really used that tool, so I'm probably missing something but: Using the default window from a Windows box to the router gives 680-750 Mbps, using a 256k window yield 815-880 Mbps. Note also that this is going through a fairly cheap gigabit switch that I need to replace sometime soon. When doing this the CPU on the router spikes around 10% or so. I have FW, QoS and Snort running right now.

    EDIT: Added a few more details.



  • @Aluminum:

    @bryan.paradis:

    @luckman212:

    This looks pretty nice. I am also needing to build a 1gbps-capable pf router in the next 30 days or so. But I need something that I can rackmount in 1U. Also, very curious if you've speed tested this thing yet, is it performing as you expected (able to route 1gbit traffic etc)? cheers

    Supermicro has lots of 1U rack mount cases for mitx boards ~$100 with powersupply. I think you just need the full height I/O plate for use with these thin-itx boards

    Actually 1U is slightly shorter than standard height motherboard shields, depending on tolerances you can flex or fake it and it will work but other times its a no-go.

    1U is ~45mm outside dimension vs 45mm (face/hole) and 48mm (flashing) inside dimensions for a standard shield.

    Running without a shield, trimming the shield with tin snips or using the thin-itx one and having a gap is usually no big deal though. (DQ77KB in a box comes with both)

    Just watch out, some cases use a custom size plate and in the worst case scenario it can be steel knockouts of the frame itself that are only keyed for board layouts made by the same vendor :(

    Yeah. Stamped ones you have to get out the dremel tool :) Cases are expensive. I may stick my cluster into an Ikea helmer like these renderfarms: http://www.ikeahackers.net/2013/05/helmer-air-renderfarm.html



  • Cool setup.

    Were both the Intel NICs usable under pfSense? I see one is dedicated to Intel AMT.



  • @asterix:

    Were both the Intel NICs usable under pfSense? I see one is dedicated to Intel AMT.

    Yes, both were detected and usable at first boot. Didn't have to mess with them at all.



  • @luckman212:

    I think the Lanner FW-7573 looks like a really nice next-gen platform (8-core Atom C2000) for a pfSense firewall. Problem is finding a place to buy it (in the US). I just sent an email to Netgate about possible availability.

    I think we're going with the Supermicro variant for now.



  • @Jason:

    You can buy directly from Lanner if Netgate won't get it for you, but that won't work under 2.1.  You'll need to wait for 2.2 or run pfSense inside a virtual machine.

    EDIT: Or maybe 2.1.1, the newer Intel drivers are back in and they don't seem crash-happy this time.

    2.1.1 should work.



  • @gonzopancho:

    @luckman212:

    I think the Lanner FW-7573 looks like a really nice next-gen platform (8-core Atom C2000) for a pfSense firewall. Problem is finding a place to buy it (in the US). I just sent an email to Netgate about possible availability.

    I think we're going with the Supermicro variant for now.

    The A1SRi-2758F?  I've got one my desk which will be going in at home tonight.  I like it.  It's going to be an awesome platform once we get USB 3.0 support (so that the internal ports work) and once SuperMicro fixes the fan speed control which isn't working…

    @gonzopancho:

    @Jason:

    You can buy directly from Lanner if Netgate won't get it for you, but that won't work under 2.1.  You'll need to wait for 2.2 or run pfSense inside a virtual machine.

    EDIT: Or maybe 2.1.1, the newer Intel drivers are back in and they don't seem crash-happy this time.

    2.1.1 should work.

    Yup, the drivers in 2.1.1 work.


Log in to reply