C2758 or i7-3555LE



  • Hello all,

    I've been thinking about getting new hardware for pfsense 2.2, granted it's still in beta at least last time I checked since some folks here have used it for months without too much issues. Primary reason for upgrading to 2.2 is VPN. Anyway, I have two options in terms of hardware - I can get C2758 with 4 Ethernet ports or there is one that Supermicro makes that utilizes low voltage i7 processor. It has 4 Ethernet ports along with IPMI. I've compared specs between two - C2758 has 8 cores, slightly lower power consumption and is newer in terms of overall architecture while i7-3555LE has only 2 cores HT so 4 threads and slightly higher power consumption. It runs slightly higher frequency at 2.5 and turbo at 3.2ghz. Any thoughts? We have site-to-site VPN along with 1-2 mobile VPN users along with the usual packages such as snort.

    Thanks.



  • All things being equal, I'd chose the one with the best single thread performance.  i7.
    But its a tough call.  The 8 core atom is really nice but the memory is usually expensive enough to make you cry.
    What about the i7 board?  What memory does it use?



  • The memory type is 1333/1066MHz ECC DDR3 SO-DIMM, 204-pin. I think 4-8GB should be more than enough for either system.



  • The pfSense developers have said they are focusing on the atom rangeley platform. The c2758 will probably have better future support from pfSense. Plus, it comes with Quick Assist where the i7 does not. Gonzo has posted up great results from the Atom line doing IPSec tunneling on v2.2.

    If cost is an issue, check out the uATX Supermicro c2558 board that can be had for around $240. It doesn't require ECC memory either.





  • Been doing a bit research on this. The i7 uses mobile chipset while C2758 is considered server class. I'm leaning towards rangeley platform at this point. Baggar11 brought an interesting point about C2558. It's cheaper than C2758 and I'm thinking 4 cores should suffice. The specs between the two are similar except for the number of cores. Any reason why I should go with 8 cores?



  • Now you are talking about a serious difference in processor capability.
    The 8 core is somewhat comparable to the i7 if you disregard per single thread performance.
    The 4 core won't even come close.  No contest if you elect a 4 core atom.  The i7 will be easily 2x as capable.

    However, the server boards are more server oriented, as you said.



  • The i7 only has 2 cores HT so 4 threads. It's probably closer to C2558 except for single thread performance (3.2 in turbo mode otherwise 2.5ghz). Granted, C2558 has 2MB cache while i7 has 4MB.



  • OK - Here is what I'm getting at. 
    With only 2 cores the i7 is about the same processing power as the 8 core atom.
    Now when you start talking about the performance of packages that are not threaded well, the i7 will scream compared to the atom.

    Not trying to take anything away from the atom.  I'd prefer to have that one for my needs personally.

    However, in a heavily loaded situation with ALOT of bandwidth running CPU hungry packages that are not yet well threaded, I'd expect the i7 to easily outperform the atom.

    Thats all me hypothesizing though.  I have i7s and they scream.  I don't have an 8 core atom to compare them to though.  But I want one.

    I like that it can be fanless and the board looks to be reliable.



  • @els:

    The i7 only has 2 cores HT so 4 threads. It's probably closer to C2558 except for single thread performance (3.2 in turbo mode otherwise 2.5ghz). Granted, C2558 has 2MB cache while i7 has 4MB.

    What kind of bandwidth needs do you have? The c2558 can easily handle gigabit routing. And on v2.2, it'll do pretty close to gigabit ipsec according to Gonzo.

    http://www.reddit.com/r/PFSENSE/comments/2gpckc/pfsense_aesni_accelerated_ipsec_in_22/



  • WAN is 50/10 (may go up at some point in the future) and LAN is gigabit has about 7 vlans with rules that dictate certain vlans have access to other vlans and while others don't. I added ASSP (smtp proxy) and it has worked well (single thread) and since 2.2 is multi-thread I might look into ASSP 2.0 which supports multi-thread at least last time I checked. Also, like I mentioned in my first post that we have site-to-site vpn as well as occasional mobile vpn users.



  • I have a c2758 with 2 site to site vpns's, 10 mobile vpn users and 15 vpn connected sip phones and it does not break a sweat.  100/100 link and pfblocker, ntop and suricata packages installed also.

    Just a data point for consideration.



  • Good to know. Are you using 2.2?



  • I have a C2758 on 2.1.5 and it's a rockstar.  It's on a GigE connection that it gets via a Cisco 4948 (core switch) and so far since I only have a test machine behind it I've only done basic speed tests running around 500 megabits.  Max load has been 0.58.  I'll push full wire speed later today to see what happens, but I'm guessing it won't break much of a sweat.  And that's on 2.1.5. I was just testing with it and potentially was going to use a E3 Xeon, but no need at all for that.

    I expect 2.2 to have no issue keeping up with 20 site-to-sites that are on 20 to 50 megabit connections.

    I'm pretty excited about the small (non-rackmount) C2758 boxes I've seen mention in these forums coming from Netgate in Q1 of 15.  I'll be replacing my endpoints with those at all my branches - needless to say, I'm sold on the Rangeley Atom (C2758).  They're beasts.



  • I too have a C2758 with 8gig ECC.
    The CPU is never taxed even with a bunch of packages sniffing through all packets.
    If anything, the memory would be maxed out before the CPU is stressed, LOL.  The i7 will likely be the cheaper route though.



  • @kejianshi:

    All things being equal, I'd chose the one with the best single thread performance.  i7.
    But its a tough call.  The 8 core atom is really nice but the memory is usually expensive enough to make you cry.
    What about the i7 board?  What memory does it use?

    Memory is not that bad. I got it for like ~10/gig just a couple weeks ago for the Atom. For the SM C2758 board.



  • @Douglas:

    @kejianshi:

    All things being equal, I'd chose the one with the best single thread performance.  i7.
    But its a tough call.  The 8 core atom is really nice but the memory is usually expensive enough to make you cry.
    What about the i7 board?  What memory does it use?

    Memory is not that bad. I got it for like ~10/gig just a couple weeks ago for the Atom. For the SM C2758 board.

    $10/GB is a pretty good price for ECC SODIMMs.  I think I paid about $12/GB when I got my C2758 box.



  • Contrary to popular belief, price is an object for most people, but were it not I'd chose the 8 core atom also.
    I just can't overlook the fact that an old tired i7 for cheap will easily match the performance of the fastest 8 core  atom board though.

    Electricity here is 2.5x as expensive as USA, so over time (alot of time), power would be my biggest argument for the atom.



  • Get the supermicro 8 core Atom with 4x gigabit  nic and regular ddr3 dim slots in itx. Not much more than than the 4 core or variant with so-dimms. Add 16-64gb of ddr3 ecc,  and you can use it as a pfsense router and  m some other servers on there if need be. Do it once and right. The i7 is good to go, but uses more power ND supports less ram. If you are not transcoding, there is no point. If you want to cheap out,  go amd 5350 on an asus board with ecc ram and a Intel nic or two.



  • Anyone know if there are any install/driver issues with 2.1.5 or 2.2 with the supermicro c2758 board?  I want to build one and just want to be sure of what work I may have to do to get it running.  Please share any info you're aware of.

    thanks!
    Jay.



  • No problem with my A1SRi-2558 running 2.2



  • I'm a pfSense n00b (haven't installed it yet) but there's something some of these guys don't seem to consider.

    The c2758 processor has hardware encryption acceleration (QuickAssist) which the i7 does not have.  Granted it isn't utilized in pfSense yet, or in pretty much anything else AFAICT, but it will be and at that point I'm betting VPN performance on any c2*58 processor will hands down beat any i7.

    It might be worth your time to look up what QuickAssist is before you make your choice.  The fw7551 and c2758 already get pretty good VPN performance when using AES encryption, the QuickAssist does that for a lot more encryption types and for compression as well.  The hardware encryption features are in the CPU itself.

    I just ordered one of these:  http://www.supermicro.com/products/motherboard/Atom/X10/A1SRM-LN7F-2758.cfm

    Unlike the earlier products it takes either ecc or non-ecc memory, up to 64g.  7 lan ports, all intel, plus an IPMI.

    Edit: For that matter, when I was buying memory for this system I chose 2x8g modules, and registered ECC memory was only $4 a stick more than non-ECC memory.  Is cost really that big a deal?  The box cost around USD $1000, can't say for sure because I bought other hardware at the same time.

    Back to QuickAssist, if you have a bigger box and want QuickAssist on it you can spend USD $1000 for a QuickAssist adapter if you want, the only one I've found is at Mouser electronics.



  • For anyone that doesn't need lan bypass and wants usb 3.0, the board is also available that way.

    http://www.supermicro.com/products/motherboard/Atom/X10/A1SRi-2758F.cfm

    This one doesn't take non-ECC ram, but I think ECC is a better choice for a network router.

    And it's ~$333 compared to ~$436 on amazon.

    And thanks for the feedback, Wolf666, that there should be no install issues with 2.2.

    Jay.



  • I looked really hard at that board too.

    I found too many reviews complaining about it freezing on boot.  That's not OK for me.

    I assume this sort of thing would be fixed by a BIOS upgrade but I saw no evidence of such an upgrade, and I've been burned in the past by an assumption that a bios update for what I considered a critical bug would be released which never came around.  Not for networking-related hardware but for VT-d support in that case.

    In my case, this box will be used for a home network which will (hopefully soon) get gigabit Internet, and which I need to have an insanely fast VPN on.  The VPN will only be needed part of the time, and this box will be running a virtualization hypervisor (either kvm or VMware ESXi) and the router/vpn/intrusion prevention software will run inside one or more guests.  I will also have other VMs as necessary and as the capabilities of the board permit.



  • Today the i7 will be faster.  But in the future, likely in less than a year, you're gonna want the cores.

    Trust me.  ::) :-X


Log in to reply