I'm moving to 500/500 fiber this summer, and want to take full advantage of it with a new pfSense setup! I'm aware that many 'lower' end systems are well capable of routing 500Mbps, but I'm a heavy VPN user (both IPsec as OpenVPN) and thus require a AES-NI capable system in order to maximize VPN bandwith.
I've been eyeing Rangeley based boards (Netgate, Supermicro) but they feel a bit too high end for running 'only' pfSense.
The Bay Trail-I based Atom E38xx line also supports AES-NI and is available with TDPs from 3 to 7 W. Price wise they are cheaper than the Rangeley options (at least in Europe). For example, the dual-core Kontron mITX-E3826 DC can be had for €178 while a Supermicro A1SRi-2558F is €291.
Now, I can't find any information on running pfSense on Bay Trail-I, so I'm very interested in what you expect the performance metrics to be. Any other comments or suggestions regarding Bay Trail-I are very welcome, too!
I am interested in this as well,I have been having a difficult time locating an embedded solution that supports AES-NI. I am eager to see what you turn up!
If you want a low power small form factor solution that can comfortably saturate a 500-1000 mbps line and do heavy VPN work then a Rangeley system is really the best choice if you don't mind the price.
The high end Atom E3800 chips can probably compete with a C2358 or C2518 but once you get to the C2538 and higher the Rangeley chips are going to blow the E3800s away. Also, the Rangeley family is considered server class so they tend to use server grade NICs and ECC memory. This provides serious benefits to performance and stability that the E3800 systems aren't going to have. Also once pfSense gets support for quick assist even the lowly C2338 will probably run circles around the E3845 for VPN tasks.
I'm not saying that an E3800 system is a bad choice. It's probably perfect for a home router. But server class hardware is in a totally different league than consumer grade stuff. Also the pfSense devs do a lot of internal testing on the Rangeley boards, particularly the C2758. They even sell one in the pfSense store. I doubt the same level of testing is done with E3800 based systems. This isn't all that important for a home use situation. But when you are building a firewall for business use its a big deal.
Personally I got sick of consumer grade network gear years ago. Too many random issues. Buying enterprise grade gear is like buying a Lexus, most of the time the Dodge in the next lane will do same job just as well, until the Dodge breaks down, and the Lexus just keeps on going year after year.
Well if I didn't mind the price, I'd know what to buy ;)
The Atom E38xx boards are mostly built for industrial solutions, so I'm pretty confident in their durability and reliability. Also, Intel NICs are used on most boards (the specific Kontron I linked to has 2x i211AT) and ECC is supported. So I personally don't really see a performance penalty compared to Rangeley solutions based on these factors.
From what I understand from reading up on the forum, Rangeley pushes accelerated VPN into the hundreds of megabits already. QuickAssist would take this into the tens of gigabits, but I really don't foresee to have anything more than a 1Gbps fiber connection for the next 10 years or so. That's why I think Rangeley is too high end for my needs, and that personally makes it hard to justify the price for it.
From what I understand from reading up on the forum, Rangeley pushes accelerated VPN into the hundreds of megabits already.
But this is also hard pending on which model is soldered on the board.
At this days the Rangeley SoC is really rocking if the OS on it is using
the AES-NI instructions and for sure for vpn tasks.
QuickAssist would take this into the tens of gigabits, but I really don't foresee to have anything more than a 1Gbps fiber connection for the next 10 years or so.
But this is only the half of the truth about Intel QuickAssist, it would be also speeding up
tasks that are profit from that, likes Snort, Suricata, OpenDPI and others.
That's why I think Rangeley is too high end for my needs, and that personally makes it hard to justify the price for it.
For sure that is a very new platform and many Vendors are bringing out of them now
and there fore the prices are often very high at the beginning.
I'm moving to 500/500 fiber this summer, and want to take full advantage of it with a new pfSense setup! I'm aware that many 'lower' end systems are well capable of routing 500Mbps, but I'm a heavy VPN user (both IPsec as OpenVPN) and thus require a AES-NI
For sure I would have a look for something between 2 core / 2 GB RAM and 8 core / 8 GB RAM
likes 4 core / 4 GB would fitting your needs at best as I see it right. ;)
capable system in order to maximize VPN bandwith.
Installing this card and you will be happy too, but the QuickAssist and AES-NI
I would prefer at this days and the card is also able to install on top, for sure! ;D