Lanner FW-8894 - Intel DH8925 PCH - XL710

ambiFOX

Hallo @ all!

We are using pfsens long time and are very happy with it.
Now we need an new server. We found the Lanner FW-8894 with up to 25 Gbps QuickAssist crypto acceleration by Intel DH8925.

Did anyone have experience with that "server" or that chip?
Did pfsense support that chip / hardware crypto?

The Ethernet controller / network card should be the Lanner "NCS2-IXM407" (Intel Fortville XL710)? Did anyone have experience with that Ethernet controller / network card?

Thanks!

Guest

We are using pfsens long time and are very happy with it.

Bare metal or in VM?

Now we need an new server. We found the Lanner FW-8894

Please don´t buy blind!!! Please contact the Lanner Sales department before
you are buying anything! Lanner is selling a whole bunch of devices in the
FW-889x Series and some of them has really bad problems with pfSense
installing on them, owed to the BIOS or some BIOS problems.

with up to 25 Gbps QuickAssist crypto acceleration by Intel DH8925.

There are two pretty new things from Intel integrated in CPUs or chips of them;

• AES-NI
• QuickAssist

AES-NI is integrated and working well in pfSense yet but the QuickAssist is at its beginning
and not fully integrated or activated yet in pfSense! This need some more time as I see it right
to insert it inside of pfSense and then if it will be inserted I really guess it would be at first be
able for inside of the ADI Images for the platforms that will be sold at the pfSense store or at
netgate shop, to be a benefit for all the ADI made hardware, only in my poor opinion.

Did anyone have experience with that "server" or that chip?
Did pfsense support that chip / hardware crypto?

We can´t have those experiences together with pfSense because the code was not
really inserted inside of the code of pfSense or available as a module.

The Ethernet controller / network card should be the Lanner "NCS2-IXM407" (Intel Fortville XL710)?

For sure only peoples with one Lanner or your Lanner hardware will have this experiences but without the
QuickAssist you are asking for here in the thread.

If I should suggest you something I would do the following;

• Ask at Lanner for exact this compatibility to pfSense or run pfSense in a VM and ask for the
  compatibility of the hardware to ESXi or Hyper-V.
• Ask at pfSense for the support of the QuickAssist and the earliest available launch for the public
  and not for their self assembled hardware from the pfSense or netgate store and also this Intel chip-set.

Otherwise you could run into a really great trap that would you not reach your planed or targeted goal.

ambiFOX

Hey Frank.

Thanks for your answer.

Quote
We are using pfsens long time and are very happy with it.
Bare metal or in VM?

Bare metal

Quote
Now we need an new server. We found the Lanner FW-8894
Please don´t buy blind!!! Please contact the Lanner Sales department before
you are buying anything! Lanner is selling a whole bunch of devices in the
FW-889x Series and some of them has really bad problems with pfSense
installing on them, owed to the BIOS or some BIOS problems.

That is why we have asked… The Sales department often say: "No problem" ;)

Quote
with up to 25 Gbps QuickAssist crypto acceleration by Intel DH8925.
There are two pretty new things from Intel integrated in CPUs or chips of them;

• AES-NI
• QuickAssist

AES-NI is integrated and working well in pfSense yet but the QuickAssist is at its beginning
and not fully integrated or activated yet in pfSense! This need some more time as I see it right
to insert it inside of pfSense and then if it will be inserted I really guess it would be at first be
able for inside of the ADI Images for the platforms that will be sold at the pfSense store or at
netgate shop, to be a benefit for all the ADI made hardware, only in my poor opinion.

What pfsense is doing with AES-NI / QuickAssist is really incredible!!! That's why we choose the Lanner with Intel DH8925 (QuickAssist). But when it's not be activated yet, we have to wait.

Thanks for your assessment and your experience with Lanner.

ambiFOX

Guest

That is why we have asked… The Sales department often say: "No problem"

I was asking for the Lanner FW-8895 device and the sales department was telling me truely that they have some strange BIOS
issues with this appliance, fore a wile. And I am pretty sure they will also telling you the truth about the FW-8894.

Bare metal

Then perhaps the QuickAssist is not really so important for you as I see it right now, this is related to
the circumstance that you go by two Intel Xeon E5-2600v3 CPUs. And they are pretty strong and able
to run many tasks as well with enough power!

Thanks for your assessment and your experience with Lanner.

Lanner is not budget friendly and also not cheap, but they assemble and create appliances that will work
and do the job with ease. And if the main goal is the throughput of the VPN connections or many of them
you could think about a Linux based VPN server in a DMZ sorted with additional compression / decompression
cards perhaps. So then a C2758 1U or a XG-1540 from the pfSense store will be also enough for your needs!!!

It is only as an alternate view on such things likes high data throughput.
Intel Xeon E3-12x6v3 & 16 GB or 32 GB ECC RAM
CentOS 7
SoftEtherVPN Suite
Comtech AHA compression cards
Comtech AHA VPN accelerator cards

For sure the cards must be inserted on both or more ends of the involved VPN, or in shorter words
at all VPN endpoints such a card must be installed, to guaranty the full throughput.

ambiFOX

Hi Frank.

Quote
That is why we have asked… The Sales department often say: "No problem"
I was asking for the Lanner FW-8895 device and the sales department was telling me truely that they have some strange BIOS
issues with this appliance, fore a wile. And I am pretty sure they will also telling you the truth about the FW-8894.

OK. Perhaps i will ask Lanner again.

But after your first post, i ask a pfsense reseller about more informations of the xg-1540.

Quote
Bare metal
Then perhaps the QuickAssist is not really so important for you as I see it right now, this is related to
the circumstance that you go by two Intel Xeon E5-2600v3 CPUs. And they are pretty strong and able
to run many tasks as well with enough power!

Yes, the E5-2600v3 will have much power. But if i can get a hardware-crypt for less money. ;) So my pfsense have many more resources for other things. ;)

We need a hardware, that can handel:

• 10G routing

• 5000 firewall rules

• 200 IPSec tunnels with max. 1G traffic total

• nice to have IPS/IDS

I do not want to buy new every 2 years. ;)

Quote
Thanks for your assessment and your experience with Lanner.
Lanner is not budget friendly and also not cheap, but they assemble and create appliances that will work
and do the job with ease. And if the main goal is the throughput of the VPN connections or many of them
you could think about a Linux based VPN server in a DMZ sorted with additional compression / decompression
cards perhaps. So then a C2758 1U or a XG-1540 from the pfSense store will be also enough for your needs!!!

It is only as an alternate view on such things likes high data throughput.
Intel Xeon E3-12x6v3 & 16 GB or 32 GB ECC RAM
CentOS 7
SoftEtherVPN Suite
Comtech AHA compression cards
Comtech AHA VPN accelerator cards

For sure the cards must be inserted on both or more ends of the involved VPN, or in shorter words
at all VPN endpoints such a card must be installed, to guaranty the full throughput.

It's a nice solution but the problem is the otherside.

Thank you for your effort.

ambiFOX

Guest

Lanner FW-8894 with free chosen CPUs
Intel Xeon Prozessor E5-2687W V3
2 x 10 CPU cores @3,1GHz
AES-NI are also there in!