DIY clone build, based on pfSense's C2758 1U.

Guest

do note that I have plans for a separate NAS build, which I intend to be much more powerful than this build

Why? The Xeon D platform is able to handle 128 GB ECC RAM instead of the Xeon E3 with 32 GB and USB 3.0 is also
given to realize FreeNAS on an USB Stick and Backup the NAS with an external USB 3.0 RDX drive, and this also very
fast! A Xeon E3-1231v3 is for ~200 € and a sufficient Board is for ~250 € enough to take all load from a full featured
pfSense 2.2.3 as I see it right.

Supermicro D1540 Board
Supermicro FreeNAS
DGS1510-20 - 10 GBit/s Switch

jalyst

Because I want an "appliance" like situation there*, I'll likely be buying a QNAP.
One of the the very pricey RU's they have available for SMB+…

So given that, would you suggest I go back to C2758 for my fw/gw/router build?

*at least initially

Guest

So given that, would you suggest I go back to C2758 for my fw/gw/router build?

Not so easy to answer!
For highly usage, Power usage or users, many installed and running packets like snort, squid & squid guard
the C2758 would be wonderful enough but only on top strange VPN connections compared with urgent needed
high throughput I would go by an Xeon E3.

I'll likely be buying a QNAP

Ok for sure if the Supermicro Board and miniITX case is not sufficient enough it would be a hint
or if the 4 drive bays are not enough no problem. But,

• Supermicro D-1540 Board has a PCIe slot for an real RAID Controller
• 2 x USB 3.0 for USB & fast Backup options
• up to 128 GB of ECC RAM
• 8 Cores and 16 HT cores
• able to insert a DVD/BlueRay Player/Burner

This is all not given at QNAP and the real SMB+ NAS devices are not cheap, but not offering those options to you!
I don´t want to say do this or this, sleep about and think about, only you would be able to know what you really
want to do and what you really urgent need! A complete C2758 Platform from Supermicro is here in Germany where
I am able to buy a

• C2758 board for ~350 €
• a miniITX case for ~90 €
• RAM 8 GB ECC 120 €
• SATADOM 64 GB for ~70 €

This is all for 630 €! And you will buy a D-1540 Board only for something around ~900 € - 1000 €!

So I really thing it is overkill, or I did not understand your needs, this is also able.

jalyst

Yeah I think I'll stick with the C2758 on the fw/gw/router build, Xeon's overkill when I'll already have another powerful CPU (not Xeon OOTB IIRC -but easily upgraded) in my NAS appliance.

I don't have time to go into detail about all of my projects (plus it's off-topic here), just know that I have several "on the boil"; a dedicated NAS appliance, a dedicated HEPC/PVR build etc.

The latter's mostly done a few yrs back, just some minor upgrades to do…

Thanks for the input, BR/Night.

SisterOfMercy

@Jason:

Raw throughput and quoted IOPS on a consumer drive are not factors in a SSD purchase for a server.  The DC S3500 is an (entry) enterprise drive and has power loss protection, consistent performance under multi-user workloads, and a higher endurance rating.  The first is extremely important for any server, the latter two can have a big impact if you're using something like Squid.

Not to mention it's bloody cheap for a server drive!
I currently even use the 80 GB DC S3500 for new client computers. If you're going to spend 800 euro, why not invest in a SSD which will start up tomorrow?

This link has most of the information: http://lkcl.net/reports/ssd_analysis.html

ontopic:
Funny thing is I assembled a system myself, and only then viewed the pfSense shop. I have almost exactly the same build as their C2758 1U platform. I used the SuperMicro A1SRi-2558F, which is the same, but with a 4-core processor instead of an 8-core.
Of course I would like to have that Xeon-D motherboard, but that thing's bloody expensive! With this atom board I finally have a board that's cheap enough for home use. Small businesses up to 25 to 50 people would be fine too with that atom. At my work the pfSense router is an 'ancient' Sun Fire v60x (which is actually an rebadged intel board and chassis), it has a single socket 604 xeon 2.8 GHz (gallatin?), and that thing still handles everything.

The only drawback of the SC505 chassis used in that build is that the power supply sucks donkeyballs. At least mine does. I still have to send it back. It makes a lot of noise. The A1SRi-2558F can run from 12 V, which I intend to do. This way it can run of my main server and benefit from the power supply efficiency and double power supplies from that thing.

In my opinion, for home use you don't need much more. Small business might benefit from an old clunky server here and there. I don't think you can virtualise a router. Everything else can run off your primary server. Some tasks might be better to delegate to an old server. But for home use that uses too much power and space, in my opinion.

Uhh.. what were we talking about? I don't know anymore… send me beer monies!

edit:
@BlueKobold:

• Supermicro D-1540 Board has a PCIe slot for an real RAID Controller

Who in their right mind is going to use a RAID controller these days on FreeBSD with ZFS?

jalyst

@SisterOfMercy:

The only drawback of the SC505 chassis used in that build is that the power supply sucks donkeyballs. At least mine does. I still have to send it back. It makes a lot of noise. The A1SRi-2558F can run from 12 V, which I intend to do. This way it can run of my main server and benefit from the power supply efficiency and double power supplies from that thing.

Yes, if the only thing you're saying sux is the PSU noise, SPCR made note of that in their review, not a big deal for me as it'll be in our isolated & large storage room.

But I wasn't a fan of the PSU output, was hoping for one that's much less than 200w (because one will rarely -if ever- hit the efficiency sweetspot with such a high wattage), but apparently they're very hard to come by.

Do you think it's possible to run my proposed build off of my NAS's PSU?* I haven't yet settled on exactly which QNAP RU model I'm getting, so I should probably suspend this Qn until I know the answer to that!

Cheers.
*if I go that route perhaps I'll ensure the model I buy has a redundant PSU -or the option to add one

SisterOfMercy

@jalyst:

Yes, if the only thing you're saying sux is the PSU noise, SPCR made note of that in their review, not a big deal for me as it'll be in our isolated & large storage room.

It's not fan noise. It seems to be possessed, it 'screams'. I don't hope it's supposed to do that.

@jalyst:

Do you think it's possible to run my proposed build off of my NAS's PSU?* I haven't yet settled on exactly which QNAP RU model I'm getting, so I should probably suspend this Qn until I know the answer to that!

Probably, you only need 12 V. But you do have to make a few wires of your own, or get a really long P4-plug extension. And if that QNAP thing has a spare P4 plug or a spare 5,25" drive connector you should be set.

jalyst

@SisterOfMercy:

It's not fan noise. It seems to be possessed, it 'screams'. I don't hope it's supposed to do that.

In the SPCR review they put the noise down to the tiny fan, but maybe there's some other problem with your PSU:
http://www.silentpcreview.com/article1383-page6.html

Probably, you only need 12 V. But you do have to make a few wires of your own, or get a really long P4-plug extension. And if that QNAP thing has a spare P4 plug or a spare 5,25" drive connector you should be set.

Is there a step-by-step tutorial of this somewhere, or have you seen someone document how to do it? (ideally with a Fw/Router build + NAS that's very similar to mine)

Thank-you.

jalyst

Coming back to this for the first time in ages…
Had a bunch of personal stuff go down with friends/family, so this & related projects had to hit the back burner :'(
Coming back to it now, & for the life of me, I can't find this damn model any more?!?
http://www.supermicro.com/products/system/1U/5018/SYS-5018A-FTN4.cfm

I see pfSense now offer 2 successor models, I think they still basically use the same MB/SoC (could be wrong):
https://store.pfsense.org/C2758/
Has C7258 been superseded by something even better, or is it still the best option for my intended use?*
I haven't exhausted all avenues, but so far I can't find it locally for a good price, & Amazon don't ship to Australia any more!

Here's the other 3 Supermicro C7258 models, they're basically identical motherboards, with slight differences in chassis;
https://www.supermicro.com/products/system/1U/5018/SYS-5018A-MHN4.cfm
https://www.supermicro.com/products/system/1U/5018/SYS-5018A-TN7B.cfm
https://www.supermicro.com/products/system/1U/5018/SYS-5018A-TN4.cfm

I may consider one of their Xeon-D models, but only if they're marginally pricier:
https://www.supermicro.com/products/system/1U/5018/SYS-5018D-LN4T.cfm
https://www.supermicro.com/products/system/1U/1018/SYS-1018D-FRN8T.cfm
https://www.supermicro.com/products/system/1U/5018/SYS-5018D-FN8T.cfm
https://www.supermicro.com/products/system/1U/5018/SYS-5018D-FN4T.cfm

Maybe 1 of the 8 models above are available somewhere locally for a good price, or OS for an even better price + decent shipping?
Amongst the 4x C7258 based bare-bones units listed above, 5018A-FTN4 was my preferred option.
But I can't find it for a good price OS or locally yet, if anyone else can, can you please advise?
Else, maybe you can see some good deals for one of the other models listed above!?!

N.B.
I have to double-check this, but I'm pretty sure our Internet connection (Cable) won't be faster than 105MBPS any time soon.

Thank-you.
*dedicated FW/Router/DNS/Proxy/Filter/QoS/VPN etc + pfSense  (may put pfSense on top of a hypervisor YTBFD)

AR15USR

I hand built this system if your interested. Runs like a champ, never had any issues and don't come anywhere close to working it hard on our home network (250/10). I run Snort, Squid/Squid Block, Squid Antivirus as well.

Supermicro 2758 motherboard
https://www.supermicro.com/products/motherboard/Atom/X10/A1SRi-2758F.cfm

Supermicro 505 1U chasis
https://www.supermicro.com/products/chassis/1u/505/sc505-203.cfm

Kingston 8gb DDR3 ram (x2)

Samsung 850 EVO 12gb SSD

Evercool fans x2

Supermicro 2.5in HDD bracket

AR15USR

@jalyst:

Why didn't you go for one of their bare-bones units I linked in my post above?

I pieced things together by waiting for sales prices, and more importantly I like to tinker ;)

jalyst

How about this???
https://www.amazon.com/dp/B01FX8TXUQ
http://www.anandtech.com/show/10689/gigabyte-gbbsi7hal6500-dual-lan-skylake-brix-review

At least it bloody ships here & is readily available locally, instead of via "specialised cloak & dagger" resellers etc!
Seems a bit excessive for what I'm wanting to focus it towards, & I really want more flexibility/expandability.
Wanted the ability to have at least 3 WAN interfaces, failing over, or even aggregating/LB occasionally.

Or maybe even this???
https://www.amazon.com/Gigabyte-Barebone-i3-6100U-Graphic-GB-BSi3HAL-6100/dp/B01GSTYXWM

I hate the form-factor of both, I wanted something that'd go into the Rack I'm also installing >.>
But if it's better in every way than the Rangeley & Xeon-D units I was eyeing;*
Then considering how much cheaper & more accessible it is, then maybe it's the way to go?

TBH, I still don't know enough about all 3 CPU/MB & all the areas in which they differ, trying to read that now.
Where do these 2 models fall down, compared to the bare-bones units I originally had my heart set on?

EDIT
I guess if I need more than 1 WAN port, I could always use the built-in USB3? e.g:
http://www.virtuallyghetto.com/2016/03/functional-usb-3-0-ethernet-adapter-nic-driver-for-esxi-5-5-6-0.html
And there's PCIe IIRC, though not sure it'd be optimal for adding 1 or more Gbe port?
Given I've a separate -much more powerful- build coming, I probably won't bother w.a Hypervisor for this config.
I may play a bit, but longer term probably not…

*except expandability & power-consumption presumably

gcu_greyarea

Regarding

http://www.wiredzone.com/supermicro-servers-compact-embedded-processor-sys-e300-8d-10026325?urlsource=tinkertry

I'm not an expert on pfSense performance etc… however comparing brix i7-6500 vs the xeon 1518 I'd argue that the Xeon has more Cores/threads which will outperform the i7 (which has a higher clock frequency).

The SuperMicro system also has 6 onboard gigabit NICs + 2 x 10Gb Nics.

It's probably overkill, but I would run esxi and share the resources. E.g. Run a plex media server on the same hardware. You could also run FreeNAS.

jalyst

Yeah, I'm not sure how exactly that particular Xeon-d + Mobo compares with the Brix systems I highlighted;
It's handy having the 4 Gbe ports I require (at least) OOTB, but more WAN/LAN interfaces can be added to the Brix units via USB3/PCIe.
I don't care about 10Gbe for this build, where the device is placed it won't be used. Hmm…
Still need to know much more about how the CPU/MB's compare for the Ranglesy, i-U, & Xeon-D bare-bones units I'm eyeing.
Not interested in this build being a "NAS" or Media Server", have separate builds under way for that…

gcu_greyarea

This is the mainboard used in the E300 system:

http://www.supermicro.com/products/motherboard/Xeon/D/X10SDV-TP8F.cfm

The SuperMicro is a Server grade Mainboard while the Brix is a Desktop/Consumer grade mainboard.

I understand about not needing 10GB Nic, but at almost the same price as the birx its a nice to have.

jalyst

Yeah, read this thread from at least here onwards (interesting read for anyone looking into all of this stuff):
http://www.snbforums.com/threads/recommendations-for-discrete-gw-fw-etc-router.24343/page-3#post-281888
At one point, one of the posters suggested a similar motherboard…
Pretty much settled back on C7258, def. keeping Xeon-D & Others on the radar for a sep. NAS/jack-of-all build!

BR.

EDIT
Hmm, I just came across this on the pfSense forum:
https://forum.pfsense.org/index.php?topic=88774.0
That's the MB that comes with the bare-bones unit I'm probably buying.
Should this be something I care about? In what circumstances?

Nvm, in that thread a recent poster has confirmed it's been fixed -in a newer version of pfSense.

Guest

1U Server:
Server: Supermicro SuperServer 5018D-FN8T
Mainboard: Supermicro X10SDV-TP8F
~$761 (wired zone)
~665 € (Sona)

Desktop Server:
Server: Supermicro SuperServer E300-8D
Mainboard: Supermicro X10SDV-TP8F
~$639 (wired zone)
~755 € (Sona)

• Enough ports
• Enough power
• An ADI QuickAssist Adapter could be mounted later

• not silent
• high in price for private usage

Togehther with new Switches (L3) D-Link DGS1510-20/24/48 (2 x SFP+) we are thinking about to go with
the Supermicro SuperServer E300-8D all in all for about 1200 € but we are also not really sure about that
because we want to buy two of that units for a HA concept.

jalyst

I don't get it, were you addressing one of my earlier posts?
Have you read my most recent posts (& the links in them)?

SisterOfMercy

@jalyst:

Pretty much settled back on C7258, def. keeping Xeon-D & Others on the radar for a sep. NAS/jack-of-all build!

Don't forget it's the C2758.

Anyway, the 2558 is fine for me, and I've bought also for where I work. It's less than 300 euros. Compare that to the boards with the C2758. Then look at the Xeon-D motherboards. Of course they are nice, but only when you have the budget. I spent some extra on proper Intel DC S3510 SSDs.

Guest

Unless you need to build something that's not ready-to-go from the store, it makes not a lot of sense (pun intended) to not buy a product from pfSense/Netgate.

If you have a special case, like, you are re-using what you have, or you need something even bigger than the biggest they have, or maybe you want something that's super cheap (but also performs like shit), then sure, making something yourself makes sense.

You can maybe shave off a few bucks when you try to duplicate what's in the store already, but you're basically saving a tiny amount of money and pfSense gets nothing. The software is free, yes, but buying "known good" hardware from the store is good for you and good for pfSense. They are not overpriced or low quality either, and the free support incidents you get to use are not a bad deal either.

I know it all sounds a bit 'buy stuff!'-advertisement-ish, but I don't work for pfSense or Netgate or ADI or whoever is involved. I'm just slightly worried about the current state of monetary support for pfSense. It's been a great open source project, and free software is all fine and dandy, but they are moving into the prosumer/pro space, and at this quality level you're going to need a commercial-sized cashflow to keep things going and grow. Of course, pfSense's community is a real thing too, and trying to 'make' people buy stuff never works out for anyone. That said, if you really like the project/software/people-spending-time-on-it, maybe get pfSense Gold, even if just for the autoconfigbackup. It's cheap compared to commercial equivalents yet supports the project.

Now back to your topic: instead of duplicating/cloning this build, you may be better off trying to set specs/budget and select parts on that. If you get a mobo where FreeBSD is known to run great on, the rest is somewhat easy. Some motherboards (hell, many!) have bad/broken firmwares and are a PITA to get a working FreeBSD bootloader/kernel working on. There is a FreeBSD HCL somewhere on their wiki you can try, but if you want to be on the safe side, just get a previous-gen board with CSM support in the EFI, then you'll have a really good chance it'll work fine.