Atom/Celeron or better (i3/i-5, etc)



  • ive been debating for a while what type of motherboard i want to get to build my pfsense box.

    my main factors are low power consumption
    good performance
        one VPN user
        100mbps ISP
        gigabit LAN
        SNORT, HAVP, maybe SQUID

    I mainly will be streaming netflix and running my home ESXi lab. But i want to not have my router be a bottleneck in the future if i grow or start hosting websites or do more resource intensive things.

    I have had my eyes on a few Supermicros and Gigabyte boards, but im just afraid to bite the bullet and build something and it not be good enough (buyers remorse).

    Will the 2.0GHz~ atmon be good enough for this? would you recommend 4, 8 or more GBs of RAM.
    Does anyone have nay CPUs or motherboards they would recommend- I run into problems of motherboards not being supported by pfsense yet.

    Maybe i should wait until PFsense 2.2 is released?

    Thanks for your replies.



  • I've tried about 3 different motherboards, all from AMD.. all were decently supported by pfSense. Throttling and powersaving always worked.

    downside is that AMD chips do take more juice from wall socket..

    my current Sempron 140 based AM2 system draws 45-47W (measured for whole system) and serves 100/100Mbit fiber connection. Squid, pfBlocker, Tor relay server (outside standard pfSense setup) installed.

    Plus-side. Amd hardware, especially older stuff, costs next to nothing.



  • Cheap is good with me  :)
    I just also want something that is going to perform. 47watts is pretty close to what a LGA 1155 socket CPU may run, probably more. Thats why i was leaning more towards an atom/celeron, I just wanted to see if they can hold up performance-wise. Because if they can, they will cost me a lot less on electricity.

    Your AMD:
    47 watts * 24 hours = 1128 watts per day * 30 days = 33840 watts per month / 1000 watts (per kilowatt) =
    33.84 kWh per month * 12 months = 406.08 kWh

    Roughly what an atom may cost:
    20 watts * 24            = 480 watts per day * 30 days  = 14400 watts per month / 1000 watts (per kilowatt) =
    14.4 kWh per month * 12 months = 172.8 kWh

    my electric company charges roughly .09145 cents per kWh

    Your AMD:
    33.84 * $0.09145 = $3.10 per month or $37 per year

    Atom:
    14.4 * $0.09145 = $1.31 per month or $15.80 per year

    #–----------------------#
    I can probably deal with a slower VPN if I had to, since it will only be me that is ever VPNing into it to get to my home network, but id like my machine to not have to kill itself all day if im running packages like SNORT, HAVP, Darkstat (or some kind of monitoring) probably country block, possibly SQUID, but thats not manditory.

    I am mainly seeing if an ATOM CPU can handle with easily or if i am wasting my time and need to up the CPU to something better.

    I really like the Supermicro C2000 Series BOARDS, but they are probably too new  : /
    This guy has a nice guide on a SuperMicro X7SPA-HF-D525. it looks pretty solid. 1.8GHz Atom CPU, 4 GBs of RAM. Im just not sure if it can handle the packages i listeded, and run a decent speed VPN when i need it to.
    https://knowledge.zomers.eu/pfsense/Pages/Building-a-pfSense-low-energy-machine.aspx

    but im up for any good suggestions



  • Ive been searching around google and the pfsense forums:

    I like this board:
    https://forum.pfsense.org/index.php?topic=44852.0

    but as it states in the thread, it might not perform well with vpn and packages. Are Socket LGA1155 motherboards still viable for cost/power consumption, or is there a better choice nowadays.

    The above thread has streered me away from Atom processors now.



  • Probably want to take a look at my thread.  I recently upgraded my dual core Atom 330 1.6 Ghz to AMD APU and very happy with it.

    https://forum.pfsense.org/index.php/topic,69969.0.html

    Darkk



  • Thanks for the link! The part I liked most is that you mentioned it is a AES-NI CPU. Does that help out alot with your VPN? I will probably go with OpenVPN- do you think AES-NI will significantly help with performance with OpenVPN as well?

    Also, your CPU have a 1000MHz CPU speed. Is that fast enough for VPN and also to run packages like SNORT?



  • The current version of FreeBSD that PfSense is based on does not fully support the AES-NI yet.  When it does it should help with the throughput for OpenVPN pretty well.  I like the fact this board is completely fan-less.  For some reason the on-board Realtek NIC does not work with FreeBSD 8 yet but not an issue since I am using the Intel dual NIC add on card anyway.    Since it sports the Mini PCIe slots you can easily add more NICs with it.

    I am very happy with the board.  No issues.  Love the fact I am able to slap in a 8 gig RAM stick with room for more.  Yes this processor runs SNORT just fine since I gave it plenty of RAM to work with.

    If you do decide to get this board read through my post about the quirk during the initial install.  It could be the bad RAM I had in there before I swapped it out with a new one.  So if it gets stuck then check out the settings.



  • I see you had problems with your onboard NIC. I'd be fine with that since I can use the use PCI dual or quad port NICs. I think in your post you had problems with the onboard NIC, thermal sensors and UEFI in the BIOS.

    The only thing about that CPU that scares me is the CPU speed. I've been looking into a LGA1150 board with a i3-4330t- but I'm afraid pfsense 2.1 or 2.1.1 will not be comparable with this hardware.

    I really want to go with an AES-NI CPU. I didn't know about them until you brought it up. That was some pretty game changing information. LGA1155 i3 and i5's don't have AES-NI and I'd rather not use a CPU with a higher TDP that 35w, maybe 55w.



  • @Darkk:

    The current version of FreeBSD that PfSense is based on does not fully support the AES-NI yet.  When it does it should help with the throughput for OpenVPN pretty well.

    It does work in OpenVPN, just do not use cryptodev - let OpenSSL detect AES-NI feature and use it.



  • Awesome! thats good to hear that OpenVPN supports AES-NI.

    Now to build a pfsense firewall that can utilize its capabilities.