Intel Mini-ITX Atom 8-core Hardware Build Recipe Available Here
-
~2 GB for highing up the mbufs size (if used)
~2 GB for the ClamAV (if used)
~4 GB for Squid (depends on what caching method is used)
~4 GB - 8 GB for pfSense & Snort (if snort will be used)Ok this might be then more likes a full featured UTM appliance
but why not if he is willing to use it in this way? -
@BlueKobold:
Ok this might be then more likes a full featured UTM appliance
but why not if the he is willing to use it in this way?Don't get me wrong. If someone wants to and can, why the hell not :)
I'm asking because I'm genuinely curious why someone would need that much ram.Because, you know, it might convince me to get that much RAM :)
-
@BlueKobold:
Ok this might be then more likes a full featured UTM appliance
but why not if the he is willing to use it in this way?Don't get me wrong. If someone wants to and can, why the hell not :)
I'm asking because I'm genuinely curious why someone would need that much ram.Because, you know, it might convince me to get that much RAM :)
It's because I live in Texas, where everything is bigger!
-
I'm the last person to "question" overkill :)
But is 16gb really necessary, or is it overkill? I know one SODIMM isn't taking advantage of dual channel, but does is that really going to make a difference here? And under what conditions would one really need/want 16GB ram for pfsense?My current pfSense box has only 2Gb Ram, AMD Dual Cores processor, running Snort (WAN and LAN) + IPBlockerNG without any issue, Memory was used about 19%, PowerD was turned on. It was also running Squid3+iCap+ClamAV too before, still had no issues at all.
If you use SSD, want to use ramdisk, the more RAM the better. If you want have best Snort performance (e.g. set search mode to AC-NQ), It requires more RAM.
If the 8G ECC ram is cheaper in US, Why not. Here in Canada, the cheapest Kingston ValueRAM 8Gb ECC (KVR16LSE11/8KF) is $CAD 81 + Tax + Shipping charges = ~100:
http://www.tigerdirect.ca/applications/SearchTools/item-details.asp?EdpNo=8868966&CatId=11484
-
My current pfSense box has only 2Gb Ram, AMD Dual Cores processor, running Snort (WAN and LAN) + IPBlockerNG without any issue, Memory was used about 19%, PowerD was turned on. It was also running Squid3+iCap+ClamAV too before, still had no issues at all.
Ok if it is running also without any problems for sure why not, but
then you are truly not from Texas. ;) -
Ugh.
The supermicro board is very sensitive to ATX power supplies apparently. I was using a spare Forton power supply that technically fits all of the requirements. ATX 2.2, eps12v, etc etc.but it only intermittently powered on the board. IPMI was powered on successfully 100% of the time though but shorting the power pins wasn't powering up the board - it wasn't activating the power supply.
Spent all night trying to troubleshoot it, and then finally got fed up, and went and got my other spare power supply (asus neo550) and it worked 100% of the time.
I'm not planning on powering it permanently with this PS, just waiting for my external mini-din power brick to arrive, but if anyone else is planning to power it with an ATX supply, keep that in mind.
-
Ugh.
The supermicro board is very sensitive to ATX power supplies apparently. I was using a spare Forton power supply that technically fits all of the requirements. ATX 2.2, eps12v, etc etc.but it only intermittently powered on the board. IPMI was powered on successfully 100% of the time though but shorting the power pins wasn't powering up the board - it wasn't activating the power supply.
Spent all night trying to troubleshoot it, and then finally got fed up, and went and got my other spare power supply (asus neo550) and it worked 100% of the time.
I'm not planning on powering it permanently with this PS, just waiting for my external mini-din power brick to arrive, but if anyone else is planning to power it with an ATX supply, keep that in mind.
Hmmm, I thought any ATX power supply should be fine. Thats odd. Did you try the 4pin or 24pin?
-
With an ATX powersupply you can't use the 4-pin without modding it.
ATX supplies don't provide full power without a PS_On signal sent back. The 4-pin is "dead" until the ATX supply is told to turn on. and the 4-pin doesn't have a PS_On pin for the motherboard to tell it to turn on.
-
With an ATX powersupply you can't use the 4-pin without modding it.
ATX supplies don't provide full power without a PS_On signal sent back. The 4-pin is "dead" until the ATX supply is told to turn on. and the 4-pin doesn't have a PS_On pin for the motherboard to tell it to turn on.
Right. I forgot that.
-
With an ATX powersupply you can't use the 4-pin without modding it.
ATX supplies don't provide full power without a PS_On signal sent back. The 4-pin is "dead" until the ATX supply is told to turn on. and the 4-pin doesn't have a PS_On pin for the motherboard to tell it to turn on.
Still waiting on your 4-pin from eBay? Mine literally only took 2 days to get to me in Austin, TX. I freaking love this system!
-
Still waiting on your 4-pin from eBay? Mine literally only took 2 days to get to me in Austin, TX. I freaking love this system!
Should be here tomorrow. Still waiting on the fan bracket and fans though. I'm not sure I'll need them, but noise isn't a concern in the utility room so I'll install them just in case.
I'm pretty excited to get this set up. I currently have a /29 but that's primarily because network isolation was easy and anything more complicated was a bit of a pain with dd-wrt. With pfsense, I think I can drop down to a /30 and just have a couple of VLANs.
-
Power supply installed. Got the build installed and doing some basic tests. I just hooked it up as a DHCP client to my current internal network and did some tests with the dhcp and dns server and some throughput tests over NAT.
900+MBit/s either direction using iperf3.
So yup, definitely gigabit routing - i was expecting this.
CPU temp topped out at 39c. I currently don't have a fan on it at all. Doesn't seem like I'll need one, but I have 3 40mm and a bracket still enroute, but I think this thing would definitely function well fanless even.
I set a 100MB /tmp and 200MB /var ramdisk and I think my memory peaked out at 5% of 8gb :)
-
900+MBit/s either direction using iperf3.
Wow, this sounds really good.
Can you have a look at the LAN Port LED´s please, are they on or off?
Thnx for that. -
Power supply installed. Got the build installed and doing some basic tests. I just hooked it up as a DHCP client to my current internal network and did some tests with the dhcp and dns server and some throughput tests over NAT.
900+MBit/s either direction using iperf3.
So yup, definitely gigabit routing - i was expecting this.
CPU temp topped out at 39c. I currently don't have a fan on it at all. Doesn't seem like I'll need one, but I have 3 40mm and a bracket still enroute, but I think this thing would definitely function well fanless even.
I set a 100MB /tmp and 200MB /var ramdisk and I think my memory peaked out at 5% of 8gb :)
Glad you like it! I am loving mine as well. I have the 3x 40mm fans installed and it's all located here in my office and I still can't hear it.
My iperf results topped out at 930 Mbps which I'm sure could be increased with a little tweaking here and there but I am very satisfied. My Time Warner Cable speeds are now up to 350 Mbps and I cannot wait until Google Fiber is installed in my house for 1 Gbps up/down.
I am going to rocking and rolling at that point!!!
-
Power supply installed. Got the build installed and doing some basic tests. I just hooked it up as a DHCP client to my current internal network and did some tests with the dhcp and dns server and some throughput tests over NAT.
900+MBit/s either direction using iperf3.
So yup, definitely gigabit routing - i was expecting this.
CPU temp topped out at 39c. I currently don't have a fan on it at all. Doesn't seem like I'll need one, but I have 3 40mm and a bracket still enroute, but I think this thing would definitely function well fanless even.
I set a 100MB /tmp and 200MB /var ramdisk and I think my memory peaked out at 5% of 8gb :)
Glad you like it! I am loving mine as well. I have the 3x 40mm fans installed and it's all located here in my office and I still can't hear it.
My iperf results topped out at 930 Mbps which I'm sure could be increased with a little tweaking here and there but I am very satisfied. My Time Warner Cable speeds are now up to 350 Mbps and I cannot wait until Google Fiber is installed in my house for 1 Gbps up/down.
I am going to rocking and rolling at that point!!!
Newbie to iperf3, Do you mind letting me know how to run this iperf3 thing to test my network throughput?
-
Power supply installed. Got the build installed and doing some basic tests. I just hooked it up as a DHCP client to my current internal network and did some tests with the dhcp and dns server and some throughput tests over NAT.
900+MBit/s either direction using iperf3.
So yup, definitely gigabit routing - i was expecting this.
CPU temp topped out at 39c. I currently don't have a fan on it at all. Doesn't seem like I'll need one, but I have 3 40mm and a bracket still enroute, but I think this thing would definitely function well fanless even.
I set a 100MB /tmp and 200MB /var ramdisk and I think my memory peaked out at 5% of 8gb :)
Glad you like it! I am loving mine as well. I have the 3x 40mm fans installed and it's all located here in my office and I still can't hear it.
My iperf results topped out at 930 Mbps which I'm sure could be increased with a little tweaking here and there but I am very satisfied. My Time Warner Cable speeds are now up to 350 Mbps and I cannot wait until Google Fiber is installed in my house for 1 Gbps up/down.
I am going to rocking and rolling at that point!!!
Newbie to iperf3, Do you mind letting me know how to run this iperf3 thing to test my network throughput?
Easiest way is to install the iPerf 2.0.5.2 from the Package Manager. Be advised, I don't believe that version is compatible with iPerf 3.0 so go to https://iperf.fr/iperf-download.php and download version 2.0.5.2 for whatever OS your computer is.
Now it doesn't matter if you run the server or the client on your pfSense box and vice versa with your computer. Just make sure and do 1 on each, obviously.
I ran the server on my computer which is running Windows 10 by opening a command prompt and navigating to the folder that the iperf files are in.
Once you've done that, type "iperf -s" without the quotes and press enter.Next, connect to your pfSense box by SSH, Serial, or maybe you have a monitor and keyboard connected directly to your pfSense box.
Make sure you know the local IP address of the computer you ran the server on and then open shell and type "iperf -c x.x.x.x" without the quotes and fill in your other IP address for x.x.x.xIf you did everything correctly you should see the following. Mind you, I normally get about 930 Mbits/sec but am currently downloading a couple torrents! 8)
Hope this helps!
-
Thank you. It worked.
I can't click the thank you button on your post buz 'I have already posted a thanks to this topic', thats odd.
-
@BlueKobold:
Can you have a look at the LAN Port LED´s please, are they on or off?
Thnx for that.They are on.
Now it doesn't matter if you run the server or the client on your pfSense box and vice versa with your computer. Just make sure and do 1 on each, obviously.
I ran the server on my computer which is running Windows 10 by opening a command prompt and navigating to the folder that the iperf files are in.
Once you've done that, type "iperf -s" without the quotes and press enter.Next, connect to your pfSense box by SSH, Serial, or maybe you have a monitor and keyboard connected directly to your pfSense box.
Make sure you know the local IP address of the computer you ran the server on and then open shell and type "iperf -c x.x.x.x" without the quotes and fill in your other IP address for x.x.x.xUnless I'm misunderstanding something, you're not testing routing throughput. You're testing the speed of the NIC and the speed of your switch. To test routing throughput you really need to have a iperf system on either side of the router (not within the router. The router is "local" to both sides and thus there is no routing/NAT going on in your scenario.
-
They are on.
Yep, thnx.
Unless I'm misunderstanding something, you're not testing routing throughput. You're testing the speed of the NIC and the speed of your switch. To test routing throughput you really need to have a iperf system on either side of the router (not within the router. The router is "local" to both sides and thus there is no routing/NAT going on in your scenario.
But this depends more on the goal someone want to reach,
LAN - LAN throughput (two PCs with iPerf)
WAN - LAN throughput (two PCs with iPerf)With an plain fresh new install without firewall rules, snort, squid and whatever
it would be coming near the result what the board and NICs are able to realize.
SPI/NAT are only taking something around 3% - 5% of the entire throughput. -
Got my fans. Router is now in place operating as my production router.
lan->wan throughput:
[ 4] 0.00-10.00 sec 1.09 GBytes 936 Mbits/sec 213 senderwan->lan throughput:
[ 4] 0.00-10.00 sec 1.10 GBytes 944 Mbits/sec 172 senderRunning a simultaneous client/server brings me down to around 916 Mbit/s (i.e. an attempt to do a full duplex test)
This is with zero performance tuning other than increasing mbufs :)
Oh, and CPU is running at 21c right now for temp :)