X10SBA-L vs A1SRi-2758F or something else?



  • Hello everyone,

    I want to build a pfsense box to use for firewall/NAT and VPN. Right now I have a 50/50 Mbps connection to the internet. At the moment I am not looking to run Snort or any other intensive services, but I would like to have a CPU that has the ability to run it if I want to in the future. So far I have narrowed it down to these two boards:

    Supermicro A1Sri-2758F with an Atom 2758. I know this board is great and will work well, but it is running around $337 on a good day, and I would have to buy ECC RAM (or can I run it without?) for the board.

    Supermicro X10SBA-L with a Celeron J1900. I have found a thread or two saying that they got it working, however I have found many other threads saying they are having issues or kernel panics running Bay Trail processors. If you have this board, can you comment on how well it works? The selling point on this board is the price, I can get it for around $140 which makes it more than 50% cheaper than the Atom board.

    Is the higher price of the Atom board justified? Does the J1900 work with pfsense? Or do you have another board to suggest?

    Thank you very much in advanced for all of your help, I appreciate any insight.



  • I guess nobody has any experience with either board.

    I kept looking around and found this Intel board with dual nics, and an Atom D2500 that people said works well with pfsense. I will update the thread one more time once I receive the part to let you know how it works.

    Thanks.



  • Plenty of people here are using the first board, myself included.  Mine is lightly taxed with a 75/35 connection (actually provisioned at around 85/42), runs most of that through one OpenVPN connection or another, and passes everything through snort (twice, once on LAN as alert, again on WAN as block).

    You didn't really ask any questions other than the one about ECC memory so I didn't reply because I've got no idea as to whether it works without it.  It never occurred to me to try as I always use ECC if the system claims to support it.  The larger version of this board says ECC and non-ECC whereas this says ECC.  My suspicions are that both support non-ECC but it would be up to you to try it.

    As to whether or not the second board works, I've no idea.  There have been reports that the J1900 boards don't work reliably due to ACPI issues (here) but I've no first-hand knowledge on the subject.  These boards are much cheaper than the Atom because they don't include IPMI, AES-NI, ECC RAM support, QuickAssist, use lower-end (and fewer) NICs, and are packing half the cores.

    The D2500 board you posted is the previous generation of Atom.  This will not perform anywhere near the level of the J1900 or the C2758.  It will NOT be able to max out 50/50 over a VPN tunnel though it will be fine for just FW+NAT.

    Basically, what I'm getting at, is that if you're looking for something to use for the long-haul, yes, the C2758 Atom is worth it.

    EDIT 1:  Here's a couple pictures of my C2758.  http://imgur.com/a/RTRD9

    EDIT 2: My connection is now 75/75, seems to be provisioned at about 87/87.  Loading the connection up made no significant difference in the utilization of my C2758.  This thing is capable of so much more…



  • @Jason:

    didn't really ask any questions other than the one about ECC memory

    @Wagodago:

    Is the higher price of the Atom board justified? Does the J1900 work with pfsense? Or do you have another board to suggest?

    Thank you for answering those questions even if you didn't see them. I only asked about ECC because I have non-ECC RAM coming out of my ears and was curious if there would be issues. I was more interested in people's opinion on the two boards, or if there was a better one that I have not seen yet.

    I decided that the lower price was more important than the VPN throughput, so I think this board will work just fine. I think I will wait for the price to come down on the newest generation of Atom processors before purchasing them.



  • @Wagodago:

    @Jason:

    didn't really ask any questions other than the one about ECC memory

    @Wagodago:

    Is the higher price of the Atom board justified? Does the J1900 work with pfsense? Or do you have another board to suggest?

    Thank you for answering those questions even if you didn't see them. I only asked about ECC because I have non-ECC RAM coming out of my ears and was curious if there would be issues. I was more interested in people's opinion on the two boards, or if there was a better one that I have not seen yet.

    I decided that the lower price was more important than the VPN throughput, so I think this board will work just fine. I think I will wait for the price to come down on the newest generation of Atom processors before purchasing them.

    I doubt the price will drop on the C2758 boards.  Rangeley is considered a server-class CPU and is on a long-term support plan from Intel (8 years, I think).



  • would have to buy ECC RAM (or can I run it without?)

    I run a A1sri-2758f (the itx version): it only runs on ECC. I tested with non ECC and it won't even boot and gives back PostCode 19 which means: gimme ECC. I used Kingstons  KVR16LSE11/8. If you have trouble with  KVR16LSE11/8, update Bios to 1.0c an all is well.
    if you don't now howto, send a pm.

    So, yes, ECC. No to non-ECC.

    Its an amazing little board with an ipmi oob Management interface… like ilo on HP... very nice. I gave it a fan, currently with lots of gimmiks enabled, i'm on a cool side - 24°C CPU and 35°C RAM

    regards



  • @Jason:

    Plenty of people here are using the first board, myself included.  Mine is lightly taxed with a 75/35 connection (actually provisioned at around 85/42), runs most of that through one OpenVPN connection or another, and passes everything through snort (twice, once on LAN as alert, again on WAN as block).

    How are your temps? I see you have a 40mm fan and some "fancy" ;D ductwork there. I considered the m350 case as well but was concerned about heat.  I opted for a little taller case and a 92mm fan.

    I put 16GB of RAM in the thing and am seeing 100% utilization of Mbufs. I finally added a kernel tune "kern.ipc.nmbclusters" and set it to 128000 in order to get Mbufs below 20%. Note that this usage is when the system is completely idle. The only connection is IPMI and a LAN cable, no WAN connection at all.



  • @Jason:

    I doubt the price will drop on the C2758 boards.  Rangeley is considered a server-class CPU and is on a long-term support plan from Intel (8 years, I think).

    I Find Your Lack of Faith Disturbing…

    (What about a C2558, C2358, or C2350 board?  ;D ;D ;D ;D)



  • For the temps on the A1SRi-2758F,  I have it in a m350 case with a 40mm fan on the top front position blowing down.  Pretty much hovers around the 32C area.

    Using it on my home 120/10Mbps service.




  • @gonzopancho:

    (What about a C2558, C2358, or C2350 board?  ;D ;D ;D ;D)

    Because those are readily available and priced accordingly? :)
    In EU you can change the dollar sign to an € and add an extra 10% on top.  Its almost cheaper to buy an E3 quadcore HP ProLiant DL320e Gen8 v2 then to buy an 8 core 2750/2758 setup at this point.
    Quad LAN, better IPMI & substantially less power use are the key words.

    To pitch in on the temps :
    1U Supermicro case (CSE-505-203B), and 2x 40mm fans at the back fixed with straps pushing air out - no power saving options enabled :
    Unit bundles 3x 190/11 lines, blocklists & Suricata.  Room temp ~ 24°C

    You basically need a bit of airflow to avoid heat build up, appart from that..

    An affordable 2358 with quad ports, hmmmm.. more then enough juice for prolly most setups below 1Gb wan speeds.

    The DIMM Supermicro boards (A1SAM-2750F) do support and work with non ECC memory. None of the mini-itx variants worked with non ECC memory in my setups (A1SRi-2758F / A1SAi-2550F).
    A D2500 would fit your needs also. Just less future robust. As mentioned you wont reach 50/50 VPN speeds.
    Stay away from J1900 setups from the time being. I have one running 2.2 (Gigabyte J1900N-D3V ) with the ability to actually boot without kernel panics. But its acting weird in all sorts of places so its back on the shelf.
    There are several 1150 boards out there with an i217/i218 NIC. Throw in an Pentium (i3 if you wanna go a bit overboard) and extra Intel NIC and your off to the races.

    If you have the funds there is no question. Avaton / rangeley. 2558 if you can get your hands on a board.



  • 2358, 4GB, 4 LAN, in a closet with no fan.  22C ambient.

    attached to my 1g/1g ftth, running IPSEC with AES-NI.

    (Now consider a C2350 2GB/2Ethernet/1xminiPCIe for similar prices to the APU.)

    ![Screen Shot 2014-07-28 at 2.20.12 AM.png](/public/imported_attachments/1/Screen Shot 2014-07-28 at 2.20.12 AM.png)
    ![Screen Shot 2014-07-28 at 2.20.12 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-07-28 at 2.20.12 AM.png_thumb)



  • Care to specify what 2358 board/setup you are running Gonzopancho?



  • Im running an a1srm-2758f with a Intel i350 quad and x520 10gbe adapter. It handles my virgin media 150mbit line with full OpenVPN via AirVPN / Suricata on four interfaces at close to full speed with ease (1m seeing 125mbit+ downloads etc). I think these are great boards, quiet, cool and so far bomb proof reliability/stability.
    Mine runs with a single 60mm Nanoxia fan cooling the CPU with a passively cooled 50W psi so is effectively silent as well.



  • @foetus:

    Care to specify what 2358 board/setup you are running Gonzopancho?

    Not yet.  :-)