Shuttle DS57U (Broadwell & Dual Intel NICs)



  • Looks like i finally found new hardware which will replace my D2500CC, will definitely pick it up!

    Shuttle DS57U

    http://www.shuttle.eu/products/slim/ds57u/

    Specs

    Processor
    Model: Intel Celeron 3205U (ULV)
    System-on-a-chip architecture (SoC): no chipset required
    Code name: Broadwell (5th Generation Intel Core)

    Dual Gigabit LAN
    Dual network with two RJ45 ports
    Used network chips:

    1. Intel i211 Ethernet Controller with MAC, PHY and PCIe interface
    2. Intel i218LM PHY connected to the MAC of the processor
      Supports 10 / 100 / 1.000 MBit/s operation
      Supports WAKE ON LAN (WOL)
      Supports network boot by Preboot eXecution Environment (PXE)

    Wireless Network (WLAN)
    Built-in Mini-PCIe WLAN card (half size) and internal antenna
    Single-Chip 1T1R WLAN Controller Realtek RTL8188EE
    Supports IEEE 802.11b/g/n, max. 150Mbps up-/downstream
    Security: WPA/WPA2(-PSK), WEP 64/128bit, IEEE 802.11x/i

    What do you think about the Shuttle? Is there a better alternative for a home pfsense box?



  • I used DS437 in three of my projects (digital signage-W7 on SSD, VoIP PBX-FreePBX on SSD, firewall-Pfsense on SD card). Nice and reliable so far. It looks like this is replacement for DS437, supports AES-NI and has Intel NIC. I would say it's ideal for PfSense. I wish it was available couple of months ago for my PfSense project. Just make sure that NICs are supported by PfSense.



    • Low power
    • (passively cooled)
    • AES-NI
    • Modern CPU architecture
    • Dual onboard Intel NIC
    • <250 euro's

    There is literally no competition. Exactly what I was looking for today but I couldn't find it.



  • And two real serial ports, great for high precision timekeeping with serial port GPS units and ntpd.  On top of that, you can configure pin 9 of both ports to supply +5 or +12 VDC power, so you can power the GPS units without needing to pull power from a spliced-in USB cable.  Very clean option for time-nuts.



  • It is nice, but if the high quality is much better than this.



  • @_JT:

    • Low power
    • (passively cooled)
    • AES-NI
    • Modern CPU architecture
    • Dual onboard Intel NIC
    • <250 euro's

    There is literally no competition. Exactly what I was looking for today but I couldn't find it.

    $217 (US) + 2 x $21 for 4GB ram, + call it $8 for a 4GB SD card.  $269

    This .vs http://store.netgate.com/ADI/RCC-DFF-2220.aspx at $275 which has:

    • more clockrate (1.7GHz .vs 1.5GHz)

    • less power consumption (TDP 6W .vs 15W

    • better Ethernets

    • eMMC (more reliable)

    • more compact

    • Shuttle is only spec-ed to 40C, 2220 is spec-ed to 65C



  • For someone like me that prefers hdmi or vga to serial, it fills a niche.  Not a big one.  Won't hurt your business.



  • @kejianshi:

    For someone like me that prefers hdmi or vga to serial, it fills a niche.  Not a big one.  Won't hurt your business.

    The question is 'why?'  why do you prefer having to drag a HDMI monitor and keyboard to your router?



  • For me, in a couple of places where I use it for personal use only its because my kid or my friend who knows very little can access the keyboard, dvd drive and monitor I have attached and do a complete reinstall with very little hassle.  Then I can remotely restore the config. The serial stuff will be too big a bother/complication for them.

    Thats it - Otherwise, I like the stuff you sell.  Of course in data center its all headless or if I'm there in person, the serial options are great.



  • I also like having analog or digital video. Its an option, when needed and when does not cost extra is great to have. Good to have it for installs, where you might need to tell non-IT stuff over the phone what to do in case of an issue - having them to fiddle with serial port and terminal emulator might be a problem by itself :)



  • I'm seriously interested in the 4 port version of the Netgate (RCC-VE 2440), but this and the two port one gonzopancho linked aren't yet available…

    I contacted Netgate, and apparently the pfSense store will carry these with software pre-loaded.  Hope it isn't at a huge cost premium!

    -- Phob



  • @Phobia:

    I'm seriously interested in the 4 port version of the Netgate (RCC-VE 2440), but this and the two port one gonzopancho linked aren't yet available…

    I contacted Netgate, and apparently the pfSense store will carry these with software pre-loaded.  Hope it isn't at a huge cost premium!

    -- Phob

    yeah, same here, but would love to see a small review or a unboxing video of both devices (2 & 4 port) before ordering one of them, maybe someone at netgate can make a small review with a dev kit? would be awesome!



  • @gonzopancho:

    This .vs http://store.netgate.com/ADI/RCC-DFF-2220.aspx at $275 which has:

    • more clockrate (1.7GHz .vs 1.5GHz)

    Atom 1,7Ghz vs. Celeron 1,5GHz - this should be a clear win for the Celeron. It's ok to list advantages of your solution, but comparing the clock rate feels like cheating in that case.

    • less power consumption (TDP 6W .vs 15W

    €15 difference per year (24/7)

    • better Ethernets

    Can you explain the difference?

    • Shuttle is only spec-ed to 40C, 2220 is spec-ed to 65C

    The main advantage is, that the Shuttle system is available in Germany. Other solutions often have to be imported.



  • @JPS.pfsense:

    The main advantage is, that the Shuttle system is available in Germany. Other solutions often have to be imported.

    Nail on the head.
    Yes, it has been stated there will be a solution for EU customers in the future. But for the time being, most EU customers see the store prices, and can almost double them before it arrives at their door for the lower end options.

    Lets put this to a real life situation more :

    At this point, an SG-2440 (4GB mem & flash) would set someone like me back 529 Euro without (!) import tax. So in reality, more around 600-655 Euro. (sigh..)
    Compared to this Shuttle which is going to retail around €230. Lets even make it €250. Drop in 8gig mem, 60/80 gig reliable SSD, half hour work to scrape off the Shuttle logo and loading image.. We're going to look at around €400.

    Price difference of over 50% for marginally worse NIC's (but still current gen Intels, on a setup that wont fill up a 1Gb connection anyways) for a system with double memory and actual storage.
    Maybe if you run it more then ~15 years it could cost more regarding power usage.
    But for €635, I could build an 8gig ECC + SSD + 2558 Supermicro setup. I would be ignoring setup time, basic support you get from store options, noise, size, power hunger. But still.

    I'll even make this better. I bought 15 stickers last year. I ended up paying more import tax on them then their actual worth. I do this cause I care to support on top of my gold sub. But I feel I helped fill the coffers of my country more then anything else.



  • @foetus:

    Compared to this Shuttle which is going to retail around €230. Lets even make it €250. Drop in 8gig mem, 60/80 gig reliable SSD, half hour work to scrape off the Shuttle logo and loading image.. We're going to look at around €400.

    the shuttle is around 200 EURs atm in germany AND its already available, see here.

    i'm going to buy one next week.



  • @gonzopancho:

    $217 (US) + 2 x $21 for 4GB ram, + call it $8 for a 4GB SD card.  $269

    This .vs http://store.netgate.com/ADI/RCC-DFF-2220.aspx at $275 which has:

    Why did you include 4GB of RAM to compare it to a 2GB system?

    I agree with JPS.pfsense that you are being dishonest in your comparison.



  • @hedsht:

    the shuttle is around 200 EURs atm in germany AND its already available

    i'm going to buy one next week.

    Please tell us about your experience. Is WLAN working, is it possible to install from a USB-Drive (my ZBOX made some problems), etc.



  • @JPS.pfsense:

    @hedsht:

    the shuttle is around 200 EURs atm in germany AND its already available

    i'm going to buy one next week.

    Please tell us about your experience. Is WLAN working, is it possible to install from a USB-Drive (my ZBOX made some problems), etc.

    i'll, it should arrive tomorrow or on thursday.



  • the shuttle has arrived and i'm happy with it.

    lspci -lv (Ubuntu 14.04)
    pciconf -lv (FreeBSD 10.1)

    Booting from USB works without any issues, even booting from SD Card works.

    Minor con's so far:

    • the NICs use two different drivers, one is igb0 (I211) and the other one em0 (I218LM)

    • no status LEDs on NICs, might bother some people

    • Wifi Card (RTL8188EE) is not working

    • it isnt possible to disable the igpu (it will use 64mb of ram)

    The case is made of metal which makes it quite hard to install external wifi antenna's, but i'll try to find a good spot, swap the wifi card and install two external antenna's.

    I've set PowerD to adaptive and while downloading 100mbit the cpu idle's at around 500 MHz.

    PfSense GUI Screenshot

    Power Usage: 11w (4 GB RAM & 64 GB SSD)



  • Important thing to note: AES-NI doesnt seem to be supported by FreeBSD 10.1 on this Broadwell-CPU:

    
    [2.2-RELEASE][root@firewall.lan]/root: dmesg | grep -i aes
    aesni0: No AESNI support.
    
    [2.2-RELEASE][root@firewall.lan]/root: /usr/bin/openssl engine -t -c
    (cryptodev) BSD cryptodev engine
     [RSA, DSA, DH]
         [ available ]
    (rsax) RSAX engine support
     [RSA]
         [ available ]
    (rdrand) Intel RDRAND engine
     [RAND]
         [ available ]
    (dynamic) Dynamic engine loading support
         [ unavailable ]
    
    

    Ubuntu 14.04

    root@ubuntu:~# cat /proc/cpuinfo
    processor       : 0
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 61
    model name      : Intel(R) Celeron(R) 3205U @ 1.50GHz
    stepping        : 4
    microcode       : 0x13
    cpu MHz         : 500.000
    cache size      : 2048 KB
    physical id     : 0
    siblings        : 2
    core id         : 0
    cpu cores       : 2
    apicid          : 0
    initial apicid  : 0
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 20
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave rdrand lahf_lm abm 3dnowprefetch ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust erms invpcid rdseed
    bogomips        : 2993.17
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 39 bits physical, 48 bits virtual
    power management:
    
    

    I've already chatted with the Intel-Support, they claim that the CPU itself does support AES-NI, but its up to the computer-manufacturer (shuttle) to implement it. i've contacted the shuttle support.

    :(



  • BIOS issue, likely.



  • @RAND0M1ZER:

    @gonzopancho:

    $217 (US) + 2 x $21 for 4GB ram, + call it $8 for a 4GB SD card.  $269

    This .vs http://store.netgate.com/ADI/RCC-DFF-2220.aspx at $275 which has:

    Why did you include 4GB of RAM to compare it to a 2GB system?

    I agree with JPS.pfsense that you are being dishonest in your comparison.

    Because unless I'm mistaken, you can't run a single DIMM in that board.  If  I'm wrong, the Shuttle is at $248. I hope you get the AES-NI fixed.



  • Might I add that I have no less than three junk Shuttle cases that used custom power supplies. They make OK gear but 24/7 embedded class, I don't think so. Maybe you will get lucky and it will last. Shuttle makes nice gear, just not embedded specialty gear.



  • And how about goodies like an M.2 slot and SIM socket. Totally purpose built machinery.



  • @Phishfry:

    Might I add that I have no less than three junk Shuttle cases that used custom power supplies. They make OK gear but 24/7 embedded class, I don't think so. Maybe you will get lucky and it will last. Shuttle makes nice gear, just not embedded specialty gear.

    So the power supply was the reason for malfunction in all three cases?



  • One bad power supply and two bad motherboards. Different generations as well from G2 to K45. I really do like thier cases. This was my choice for htpc/geexbox along with Aopen slim boxes. I have had better luck with Aopen personally…



  • What's the max speed you can achieve NATting between the two interfaces, and with what CPU usage/load?



  • i'm not using this one as a pfsense box anymore, because AES-NI is not supported.

    had a really nice chat with the shuttle support and they confirmed that the celeron they used doesnt support AES-NI, its not a bios issue.
    but, later this year shuttle will release a i3 & i5 version which will definitely support AES-NI.



  • @hedsht:

    i'm not using this one as a pfsense box anymore, because AES-NI is not supported.

    had a really nice chat with the shuttle support and they confirmed that the celeron they used doesnt support AES-NI, its not a bios issue.
    but, later this year shuttle will release a i3 & i5 version which will definitely support AES-NI.

    That's not true according to Intel. Sounds like BS to me. I was about to go and buy one until hearing that…
    http://ark.intel.com/products/84809/Intel-Celeron-Processor-3205U-2M-Cache-1_50-GHz



  • @Shonky:

    @hedsht:

    i'm not using this one as a pfsense box anymore, because AES-NI is not supported.

    had a really nice chat with the shuttle support and they confirmed that the celeron they used doesnt support AES-NI, its not a bios issue.
    but, later this year shuttle will release a i3 & i5 version which will definitely support AES-NI.

    That's not true according to Intel. Sounds like BS to me. I was about to go and buy one until hearing that…
    http://ark.intel.com/products/84809/Intel-Celeron-Processor-3205U-2M-Cache-1_50-GHz

    i've talked with the intel support as well, the celeron does support aes-ni, but its up to the manufacturer which version he uses and apparently shuttle took the one without aes-ni in this case.






  • Was you CPU maxed out all the time?

    Just because AES acceleration isn't supported on chip doesn't mean the box can't do a good job depending on bandwidth you need supported.

    Not that this would be my go-to box to begin with but if I already had one, it would have to be incapable of doing the job for me to unplug it.



  • @hedsht:

    @Shonky:

    @hedsht:

    i'm not using this one as a pfsense box anymore, because AES-NI is not supported.

    had a really nice chat with the shuttle support and they confirmed that the celeron they used doesnt support AES-NI, its not a bios issue.
    but, later this year shuttle will release a i3 & i5 version which will definitely support AES-NI.

    That's not true according to Intel. Sounds like BS to me. I was about to go and buy one until hearing that…
    http://ark.intel.com/products/84809/Intel-Celeron-Processor-3205U-2M-Cache-1_50-GHz

    i've talked with the intel support as well, the celeron does support aes-ni, but its up to the manufacturer which version he uses and apparently shuttle took the one without aes-ni in this case.

    That doesn't really make sense. The model supports it. If there's a version that doesn't then well it's a different model surely.

    @kejianshi:

    Was you CPU maxed out all the time?

    Just because AES acceleration isn't supported on chip doesn't mean the box can't do a good job depending on bandwidth you need supported.

    Not that this would be my go-to box to begin with but if I already had one, it would have to be incapable of doing the job for me to unplug it.

    What don't you like about it?



  • @JPS.pfsense:

    @gonzopancho:

    This .vs http://store.netgate.com/ADI/RCC-DFF-2220.aspx at $275 which has:

    • more clockrate (1.7GHz .vs 1.5GHz)

    Atom 1,7Ghz vs. Celeron 1,5GHz - this should be a clear win for the Celeron. It's ok to list advantages of your solution, but comparing the clock rate feels like cheating in that case.

    • less power consumption (TDP 6W .vs 15W

    €15 difference per year (24/7)

    • better Ethernets

    Can you explain the difference?

    • Shuttle is only spec-ed to 40C, 2220 is spec-ed to 65C

    The main advantage is, that the Shuttle system is available in Germany. Other solutions often have to be imported.

    Don't just look at the names, Intel C2350 is a member of Rangeley/Avoton (Silvermount series) which has server grade quality (The fastest C2750, octa-core Atom, was tested to be almost on par with previous generation 4C8T Xeon L5520, but TDP is just 1/3).
    Definitely both CPU can do 1Gbps NAT throughput, while C2350 has turbo frequency up to 2GHz to make it even faster.



  • @Shonky:

    That doesn't really make sense. The model supports it. If there's a version that doesn't then well it's a different model surely.

    i can only say, what i've been told by the shuttle support. there isnt a bios setting to enable or disable AES-NI and i've tested FreeBSD 10.1, Ubuntu 14.04 and Windows 7 and none of them showed AES-NI Support.

    So its either disabled on this CPU (maybe to save power?) or my particular cpu doesnt support AES-NI.

    I went back to my D2500CC as a PfSense Firewall and am using the Shuttle DS57U as a Ubuntu Webserver for web development now.



  • Beware everything about Shuttle. I;ve used literally 50 of them in production over the years and have struck so many esoteric problems form board design faults to power supply problems (with eery different box/PSU I've had from them) and also strange case designs that make repair/replacement and moving components hard to do.

    I've found their support to be appallingly lacking in almost every instance.  In EU maybe it is better, in Taiwan it is not. Face saving has presented me with nothing but duplicated excuses and round robin discussions.

    They are very windows centric, so using any other OS is a foreign concept and untested.

    They're a but like Sony. Hardware developers that develop and test in 'Doze, and are still learning about how IMHO…



  • I'm following this topic too, since I ordered two DS57U last week (haven't arrived yet)…
    I wanted to use them for pfsense with OpenVPN AES encrypted tunneling, etc... So I specifically wanted a CPU with AES-NI.

    Now, yesterday 30/03/2015, I'm SURE that it was stated on the Intel ARK website that the Intel Celeron 3205U supported AES-NI.

    Today, when I check the Intel ARK page again, it is simply stated that this CPU does NOT support AES-NI. Intel, what's going on?

    http://ark.intel.com/products/84809/Intel-Celeron-Processor-3205U-2M-Cache-1_50-GHz
    http://oi62.tinypic.com/14t6gyb.jpg

    Screenshot attached of today...

    Intel screwed us?


  • Banned

    @FlyingBob:

    Now, yesterday 30/03/2015, I'm SURE that it was stated on the Intel ARK website that the Intel Celeron 3205U supported AES-NI.
    Today, when I check the Intel ARK page again, it is simply stated that this CPU does NOT support AES-NI. Intel, what's going on?
    Intel screwed us?

    And here's the proof for your RMA. :P

    http://web.archive.org/web/20150205185342/http://ark.intel.com/products/84809/Intel-Celeron-Processor-3205U-2M-Cache-1_50-GHz



  • My two DS57U units arrived. I did some quick testing and I wanted to share the results (which are not too disappointing in my opinion).

    I have twice the following hardware configuration:

    1x SHUTTLE DS57U, Intel Celeron 3205U
    1x Crucial M550 SSD 128GB mSATA (CT128M550SSD3)
    2x 4 GB SO DDR3 1600 CL9 Crucial (BLS4G3N169ES4CEU)
    

    I have installed the following software on both devices:

    Debian 7.8
    OpenVPN 2.3.6
    

    I have used the following command to test the bandwith:

    dd if=/dev/urandom of=/tmp/urandom.dat bs=1M count=1000
    iperf -c iperf-server -F /tmp/urandom.dat
    

    I use a random data file as source for the speed test, since the comp-lzo parameters could compress the tunnel. With the speed command above, there is no difference in results with "comp-lzo yes" or "comp-lzo no".
    If an OpenVPN tunnel is used, it is a UDP tunnel.

    My results are as follows:

    Shuttle 1 (S1) directly attached to Shuttle 2(S2), no tunnel (no OpenVPN)
    Speed: 950 Mbit/s

    S1 to S2, OpenVPN, no encryption
    Speed: 900 Mbit/s

    S1 to S2, OpenVPN, AES-128-CBC
    Speed: 210 Mbit/s

    S1 to S2, OpenVPN, AES-256-CBC
    Speed: 195 Mbit/s

    Now I know this isn't a full firewall/router test, since I only use one interface on each device. I also haven't used FreeBSD (pfSense), since I wanted to do a quick test to see if it would be possible to obtain > 100 Mbit/s speed with AES256. It seems like this is the case.

    In the near future, I plan to have this configuration set up as a complete pfSense firewall.



  • The Message I got from Intel:

    Hello Roland,

    Thank you for your email. The AES-NI information that is currently visible on the ARK site for the Intel® Celeron® Processor 3205U is incorrect.  The specification has been changed in our system to show that this processor does not support AES-NI and the ARK site will be updated with this information later today. We appreciate that you took the time to send us a message, and apologize for the inconvenience.

    Best regards,
    Lori Yung
    ARK Support
    ark.intel.com



  • Apologize for the inconvenience?  HAHA…

    How about "Send me a freaking board/CPU combo that fits my needs."