Zotac ZBOX CI323 nano
-
;)
That's correct, it's been "supported" from the start. If you read the code, you can see that performance is more akin to a half-gigabit NIC.The lock up problem has been reported upstream and since there is sort of a workaround by using jumbo frames, I have hope it's something which can be fixed.
Unfortunately, my working knowledge of BSD driver code is good enough to tell if a feature is enable, but not good enough to see that performance with netmap is around ~500 Mb/s instead of 1Gb/s. Why is there such a performance hit for the Realtek using netmap?
A second question – why does the Realtek lock up? And what is it about jumbo frames the keeps the Realtek from locking up? And, more importantly, would I have to enable jumbo frames for my entire network, or just on the Realtek interface of this particular device in order to prevent the lockup from happening?
-
Why is there such a performance hit for the Realtek using netmap?
I don't think it's related to netmap, it's either the chip or the driver, because of badly designed chips, bad documentation, bad original driver (because of bad documentation), etc.
A second question – why does the Realtek lock up? And what is it about jumbo frames the keeps the Realtek from locking up? And, more importantly, would I have to enable jumbo frames for my entire network, or just on the Realtek interface of this particular device in order to prevent the lockup from happening?
My theory is that netmap overfills the card's buffer and at some point the card can't cope any more and we end up with interrupts piling up.
By turning on jumbo frames, the total number of mbufs is split equally between the 2 types of frames and the card only almost dies (dropping from 350kpps to less than a 100).
Ideally, you'd need all your network to support 9k frames to be able to see the benefits, but if you just want the fix, you can just turn it on for the LAN interface. There will be side effects and so, you should read about what happens when using large frames with equipment which doesn't support it. -
If jumbo frames don't work for you, you can use the emulated mode by setting "dev.netmap.admode" to 2. In my tests, I get the same throughput, but use a lot more CPU.
-
Interesting. Have you tested the same chip with another OS that supports netmap? I know Linux has different drivers and supports netmap. If Linux exhibits the same or similar behavior, then the problem is with the chip itself most likely. If Linux runs better, then the problem is probably with the BSD code (and likely fixable).
-
Interesting. Have you tested the same chip with another OS that supports netmap? I know Linux has different drivers and supports netmap. If Linux exhibits the same or similar behavior, then the problem is with the chip itself most likely. If Linux runs better, then the problem is probably with the BSD code (and likely fixable).
Not yet. I need to boot into IPFire or something and apply the same pkt-gen test
-
Interesting. Have you tested the same chip with another OS that supports netmap? I know Linux has different drivers and supports netmap. If Linux exhibits the same or similar behavior, then the problem is with the chip itself most likely. If Linux runs better, then the problem is probably with the BSD code (and likely fixable).
Not yet. I need to boot into IPFire or something and apply the same pkt-gen test
Well, if you end up testing it out, let me know. I would be interested in the results. I just bought one of these things to use as my first PFSense box, but am a little concerned after reading this thread. But maybe I shouldn't be since I was planning on using Snort instead of Suratica (unless Snort uses netmap also and I am just unaware).
-
netmap is the future, for IPS or just packet forwarding with netmap-fw. I'm sure the problem will be fixed eventually. It could simply be a problem with the 8111G revision. FreeNAS users had similar issues a few years back and were forced to use the Realtek drivers while waiting for a fix, so I think it will just be a matter of being patient (or paying someone to fix the problem).
-
I've bought the same Zbox (CI323). I would like to do the same thing: Install XenServer and install pfSense or rather Sophos UTM in a VM.
However, I've a probably simple (noob) question: When you install XenServer, you need to specify an IP address etc. But the VM inside this machine is going to be my router, so how is that going to work?
Can anybody help me?
-
Not sure. But this question is probably better answered by the guys who hang out in the Virtualization sub-thread. Those guys use Xen-Server and VMWare all the time.
-
Thanks a lot! I've a look at that!
-
Really following this thread for the updates, I'm about to purchase one of these boxes for the same purpose as most here 'pfsense' guess I'll be using xenserver if exsi 6.0 doesn't work with the hardware yet was hoping it would
Main role will be openvpn client/pia plus a PBX voice server with the use of a vlan switch and exclude the VPN to just a certain IP range
had hopes of using wireless without having to bridge another router
I don't have any issues with replacing the actual WiFi card with one that works I just need advice on which wireless card to use looking to use dual band ac 1200/ I see a lot of people can't get theirs to work either. Are most of the conflicts just driver support not up to date yet.. -
I'm waiting for PFSense 2.3 to hit release before putting this Zotac through it's paces. However, PFSense 2.3 probably won't hit release until FreeBSD 10.3 is released at the end of March. I'll be happy to report my experiences on this thread when I do. However, I would not anticipate any problems. The hardware is well supported and the only potential issue is using netmap with Suricata on this device (I am more of a Snort guy).
-
Hey guys! I bought a Zotac CI-323 and have had the same experience as OP. Need to make this into a wireless router/dns sinkhole. I can boot pfsense daily without issue, I just dont know how to set this up entirely.
-
Hi guys. I just purchased this box as well. How long did you guys wait before it got to your house?
As far as ESXi 6 and realtek driver it seem this has been fixed by injecting net55-r8168 driver into esxi iso image before installing. If you can confirm that this works would be great
.
http://www.v-front.de/2015/03/vsphere-6-is-ga-ultimate-guide-to.htmlRealtek 8168 and VMware 6.0 :
net55-r8168-8.039.01-napi.x86_64.vib
I've also read some threads of some random disconnect in other thread on pfsense forum but that also seem to be fixed. I'm assuing you it's smooth sailing for you guys since it's been a while since you guys posted.
Looking forward to feedback on this box and hoping to get it soon. Hope you guys can assist me if i run into trouble he he.
-
Hi.
So, did anybody done some performance tests on this little thing? (pfsense, FreeBSD, Linux, doesn't matter for me).
I am thinking about getting one, but I would like for it to be able to do IPv4 NAT + IPv6 at full gigabit speed (at ~1KB packets) between two ports. Was somembody able to do this? What was the CPU load?
Thanks!
-
Hi.
So, did anybody done some performance tests on this little thing? (pfsense, FreeBSD, Linux, doesn't matter for me).
I am thinking about getting one, but I would like for it to be able to do IPv4 NAT + IPv6 at full gigabit speed (at ~1KB packets) between two ports. Was somembody able to do this? What was the CPU load?
Thanks!
Throughput testing even with openvpn is tested in this thread. It will easily do 100Mbps on openvpn and 400Mbps on unencrypted lan, although i think intel nic are better but for that you would need to spend $360 plus unless u wanna do applicence but then no vga card. I think this will improve once the drivers get worked out maybe in 2.3 release?
https://forum.pfsense.org/index.php?topic=87217.15
-
Hi.
So, did anybody done some performance tests on this little thing? (pfsense, FreeBSD, Linux, doesn't matter for me).
I am thinking about getting one, but I would like for it to be able to do IPv4 NAT + IPv6 at full gigabit speed (at ~1KB packets) between two ports. Was somembody able to do this? What was the CPU load?
Thanks!
Throughput testing even with openvpn is tested in this thread. It will easily do 100Mbps on openvpn and 400Mbps on unencrypted lan, although i think intel nic are better but for that you would need to spend $360 plus unless u wanna do applicence but then no vga card. I think this will improve once the drivers get worked out maybe in 2.3 release?
https://forum.pfsense.org/index.php?topic=87217.15
I seen openvpn results.
I must have missed 400Mbps on unencrypted lan however. I am somehow disappointed about the performance then. Still it doesn't tell if it was due cpu being fully loaded, or something else being a bottleneck, or whatever it was actually trying to load it to the limits.
If you say the drivers might be an issue, would Linux behave possibly better here?
Thanks again!
(I already have a router that is doing about 900Mbps routing and nat, on a almost 10 year old machine. I am just searching for something much smaller and power efficient).
-
Hi.
So, did anybody done some performance tests on this little thing? (pfsense, FreeBSD, Linux, doesn't matter for me).
I am thinking about getting one, but I would like for it to be able to do IPv4 NAT + IPv6 at full gigabit speed (at ~1KB packets) between two ports. Was somembody able to do this? What was the CPU load?
Thanks!
Throughput testing even with openvpn is tested in this thread. It will easily do 100Mbps on openvpn and 400Mbps on unencrypted lan, although i think intel nic are better but for that you would need to spend $360 plus unless u wanna do applicence but then no vga card. I think this will improve once the drivers get worked out maybe in 2.3 release?
https://forum.pfsense.org/index.php?topic=87217.15
I seen openvpn results.
I must have missed 400Mbps on unencrypted lan however. I am somehow disappointed about the performance then. Still it doesn't tell if it was due cpu being fully loaded, or something else being a bottleneck, or whatever it was actually trying to load it to the limits.
If you say the drivers might be an issue, would Linux behave possibly better here?
Thanks again!
(I already have a router that is doing about 900Mbps routing and nat, on a almost 10 year old machine. I am just searching for something much smaller and power efficient).
Don't quote me on 400Mbps as this is what i've seen on different website and could be untrue. I know Realtek will have less throughput then intel nics but i don't really know by how much. I've only looked into openvpn honestly. I may do higher then what i've posted. Freebsd will have an update in april so this may be resolved by then.
Don't think linux will be any different as this is driver related, meaning realtek driver and some better hardware capability of intel nic design.
If you're looking for true 1Gbs performace i would focus on intel nics but you will pay 3x more or you will have to wait and build yourself PC applience with only console access and no vga. That will be in same price range as NUC but you will only have access via console port. I don't like this personally and i don't care for 1GB peformace yet.
You're always limited by ISP speed anyway unless you're doing your own LAN and care about that but not sure what application at home you would need for true 1gb performace.If you don't care about spending $360-$450 go with atom cpu and one of those boards with intel nic posted somewhere in this forum.
-
@OK:
Never underestimate the danger of assumptions….
When I said that Legacy Boot is broken, this is true as long as there is a HD TFT display attached, at least the one I used via Displayport. Instant blank screen. BUT:
Using a good old analog VGA Monitor, everything worked like a charm. Using the memstick to run live or install to SSD.
The baby is now up and running, interfaces assigned, the VLANs work great (not like under the windows I had running, where the realtek driver looked like a pre-alpha PITA).
So happy !
The base config with 4 VLANs, manual outbound natting, proxyarp was setup in no time, I really start enjoying this.
CI321 compared to CI323:
2013 vs 2015
2 cores vs 4
11W vs 6W
16GB vs 8GB (only drawback)
no fans :)Cheers !
almost the same price, currently
I am probably going to risk, and try and put 16GB in CI323. :)
I found one comment on amazon.de, claiming that it works on this very particulate model, with Linux, few VMs, and all. I also found that there is some other single mini-ITX board from some vendor (forgot now), that is using same CPU, and also claims 16GB support. Most of the other sites, including Intel Ark, claims 8GB on all different board, but, maybe, just maybe, it is per-channel/socket limit.
If it doesn't work, I will just return 2x8GB, and get 2x4GB (which are almost same price anyway).
And if it doesn't perform very well for me as a router, I still kind of want to have mid range Windows desktop, because reasons.
-
Yeah let me know if 16GB worked. I ordered 8 only although it does not makes sense to me that 2013 release was 16gb and 2015 is 8gb.
The cpu spec sheet says it support 8gb but maybe it will work. Let me know.btw even 2GB with pfesnes is enough providing you're not running packages. If 5-10 packages 4GB will suffice and 8gb is overkill but if you make a pc later then 16GB would be better obviously.
-
Yeah let me know if 16GB worked. I ordered 8 only although it does not makes sense to me that 2013 release was 16gb and 2015 is 8gb.
The cpu spec sheet says it support 8gb but maybe it will work. Let me know.btw even 2GB with pfesnes is enough providing you're not running packages. If 5-10 packages 4GB will suffice and 8gb is overkill but if you make a pc later then 16GB would be better obviously.
Will do, just ordered one.
2GB is ok for just networking (I almost forgot that this is a pfsense forum, but still this is a hardware specific thread).
But it is always good for stuff like webcaching, or if I turn it into desktop box (even just for browsing internet, 8gb is not enough for me these days), some developement box, or a backups storage server, where it will nicely act as a file system cache. Price difference is very small. This is why I would prefer 16GB a lot over 8GB.
-
First report - 16GB works just fine. I have put HyperX Impact (2x, 8GB, DDR3L-1600 (PC3-12800), SODIMM 204), product numebr HX316LS9IBK2/16
, and it shows as 16GB in BIOS/UEFI. Booted Linux and it shows 16GB in dmesg and in free. Done some tests in python on livecd, and I can use about 15GB until the process is killed (there are some other processes).Nice.
-
Quiet powerful. With Linux, frequency governor changes to performance, and no other tweaks, I am getting 900Mbps with NAT from eth0 to vlan11@eth1.Tested both way, but not at the same time, but the cpu usage looks ok. The IRQ load is crazy high, and ethtool shows no options for interrupts coalescing. :( With powersave frequency governor from time to time CPU usage would go to 80%, and some strange things would happen. With performance it is getting very low.
cores temps around 52,53,56,60 deg C, in a room of about 25 deg C.
The power supply is tiny, and is not hot at all.
Pretty impressive.
-
Quiet powerful. With Linux, frequency governor changes to performance, and no other tweaks, I am getting 900Mbps with NAT from eth0 to vlan11@eth1.Tested both way, but not at the same time, but the cpu usage looks ok. The IRQ load is crazy high, and ethtool shows no options for interrupts coalescing. :( With powersave frequency governor from time to time CPU usage would go to 80%, and some strange things would happen. With performance it is getting very low.
cores temps around 52,53,56,60 deg C, in a room of about 25 deg C.
The power supply is tiny, and is not hot at all.
Pretty impressive.
Sir, How about the power consumption of this unit? It was advertised with 6W consumption. How about pfsense running on it? It seems there are so many people waiting for this, it was sold out at Newegg yesterday, but they got some again in the afternoon.
-
@OK:
Using a good old analog VGA Monitor, everything worked like a charm. Using the memstick to run live or install to SSD.
The baby is now up and running, interfaces assigned, the VLANs work great (not like under the windows I had running, where the realtek driver looked like a pre-alpha PITA).
So happy !
The base config with 4 VLANs, manual outbound natting, proxyarp was setup in no time, I really start enjoying this.
Did you try to install Pfsense on ZBOX CI323 directly? Is it possible? Or only in hypervisor in Linux?
-
@OK:
Using a good old analog VGA Monitor, everything worked like a charm. Using the memstick to run live or install to SSD.
The baby is now up and running, interfaces assigned, the VLANs work great (not like under the windows I had running, where the realtek driver looked like a pre-alpha PITA).
So happy !
The base config with 4 VLANs, manual outbound natting, proxyarp was setup in no time, I really start enjoying this.
Did you try to install Pfsense on ZBOX CI323 directly? Is it possible? Or only in hypervisor in Linux?
I bought one of this ZBOX C1323 at eBay last week. I got a $15 off on Paypal so I just paid about $135 more. However, the RAM was purchased at Newegg and after a week now, the package is still on its way. Although, I received the ZBOX after three days, I can't make use at the moment. I should have bought it from Amazon to utilize my Prime account's 2 day delivery. It's my first time that Newegg failed to impress me. Usually, I get the package 3-4 days.
Same as you, I was also looking for some feedbacks regarding this ZBOX's performance using pfSense but I can't seems to find any here in the forum. What triggered me to get one like this was the reviews and feedbacks from Amazon.com and they are telling that this ZBOX is good for pfSense. Hopefully those reviews at Amazon were true.
I will post my views regarding this ZBOX once I get the whole unit together.
-
Did you try to install Pfsense on ZBOX CI323 directly? Is it possible? Or only in hypervisor in Linux?
Walked my father through installing Pfsense 2.3 on a CI323 earlier today over the phone. Just set the BIOS to legacy and installed everything off the USB stick to a 60GB SSD. The wireless card that came with the unit doesn't show up not that I expected it to or cared about it.
-
Just ordered a Zotac CI323 based on the opinions in this thread. Been looking for a suitable dual-nic mini PC to replace my existing netbook+usb ethernet dongle setup for a while now; the Zotac appears to tick all the boxes. :)
-
Picked one up myself, threw 16GB of RAM (Crucial CT2KIT102464BF160B 16GB Kit DDR3-1600 MT/s 204-Pin SODIMM) in it and a PNY 120GB SSD. So far so good. This is my first go around with a production install of pfSense so I cant speak on much previous experience, but I was able to get it installed without issue on the Zotac CI323 and it seems to be working great (as others have stated, I used the legacy bios setting and wireless card was not detected). I haven't run it under heavy load yet (snort, heavy traffic), but I also haven't seen CPU higher than bouncing to around 10% averaging next to no usage. Also not much of a true test, but a quick online speed test shows full bandwidth 110Mbps/12Mbps with a few firewall rules. So far I'm really happy with the purchase.
-
I placed an order for one today as well. It looked like the wifi card was replaceable, so knowing that the Intel module wouldn't work, I also picked up Atheros 9280 and 9287 modules to try. Will round it out with a 4GB Kingston DDR3L stick and a 40GB Intel 320 Series SSD. Pretty excited to see how it does. It'll be overkill for the 50mbps line it's going to eventually, but I'm certainly going to test it on my gigabit links first. :)
-
XFN,
Please do share your test results. I've been meaning to pull the trigger for a while now but need a bit more convincing :)
I'm specifically interested in how close you get to 1gbit with OpenVPN now that the Celeron 3000 series supports AES-NI. Knowing about how well that wireless card works won't hurt either.
-
Well setback #1…the wifi card isn't standard half miniPCIe. It is a NGFF (m.2) 2230 slot. Those are...pretty rare. I found the Dell DW1537 that is Atheros based that appears to be that form factor, but it's not clear what Atheros chip it's actually using.
-
Observations/notes so far:
1. The Realtek NIC drivers are not stable on this system running 2.2.6-x64. I avoided 2.3 due to the reports of Atheros being more stable in 2.2.6, but it's possible that the NICs are better behaved in 2.3 or in 2.3.1. What would happen is reX watchdog timeout and a traffic hang a few seconds after pushing max throughput through the NIC. Forcing both NICs to 1000FD + flowcontrol + master (as seen here: https://forum.pfsense.org/index.php?topic=101587.0) seems to solve it, as does forcing 100FD.
2. The throughput tops out at about 600mbps in either direction. Could also be a Realtek driver issue. The CPU load is about 30%.
3. The Dell DW1707, in NGFF m.2 form factor using an E keying and a 1630 size, is detected by pfSense. It uses the Atheros AR9565 chip. I have not yet tried connecting a client to it in hostap mode, but it took the configuration w/o complaint.
4. The system varies between 9 and 10 watts at idle, headless, with PowerD enabled. Using a 4GB stick of Kingston 1600MHz DDR3L and a 40GB Intel 320 series SSD. -
I just got the ci323 nano as well with 8GB, and pfSense 2.3 installed on it without a hitch, and is very stable.
The wireless chip it uses is AC3160 (which was not specified by Zotac). This chipset is not recognized by 10.3 freeBSD yet, and therefore, neither does pfSense.
My understanding is that the AC3160 will be supported via iwm in the 11.0 release, which is due out in September 2016.
Has anyone tried porting the driver? Any modules to share? ;)
I suspect I am not the first one to run into this issue…
-
I just got the ci323 nano as well with 8GB, and pfSense 2.3 installed on it without a hitch, and is very stable.
Are the NICs stable when pushing >500mbps though them for extended periods? I found they were fine at low throughput, but died when pushing them hard in 2.2.6 unless the negotiation was forced to 1000FD+flowcontrol+master. It would be great if 2.3 somehow resolved this issue.
Even if the AC3160 is supported in 11, it likely won't work as an access point. If that's important to you, you can replace the card as I did and use it now.
-
I am not pushing my router that hard! So, I have not experienced the issue personally.
-
Forgive me if this is a basic question…...
I'm considering getting the ZBOX CI323 nano, but I'm wondering if it's overkill for my situation....
I have a 320 mbps down / 20 mbps up connection from my current router with a 10 - 14 ms ping. It is a D-Link DIR-836L router with gigabit WAN/LAN ports that I recently bought for $28.99 CAD from Staples on clearance.
I have a layer 2 switch attached to the router (the only device connected to it) and Ubiquiti Access Points for wireless, so I'm assuming all LAN communication (media streaming from Plex) is done without involving the router (layer 3).
So other than the advanced features available with PfSense, will I see a raw performance increase in my WAN connection? Is cached data the secret here? Are there other metrics I'm missing?
-
Power consumption is highjer than PCEngines APU2.
Zotac ZBOX CI323 nano at idle - 8.9W. (two Ethernet cables plugged in, no wifi enabled, display port output enabled, and keyboard connected).
PCEngines APU2C4 - 5.7W (but this is with only one Ethernet card active right now. Other ones not plugged in. No wifi cards. Just the sata express SSD)
-
Is anyone experiencing issues with PPPoE dying on these boxes?
Every so often, usually overnight, the PPPoE connection will drop and the box will continually attempt redialing, with no success. It's not until I halt the box and turn it back on (restarting doesn't resolve the issue) that it dials successfully (and on the very first dial after booting).I've got a 40 Mbps down/2 Mbps up VDSL2 connection from my ISP. It's not the ISP or other hardware - while the Zotac is having problems dialing, I can disconnect it from the modem, plug my laptop into the modem, dial successfully from the laptop, reconnect Zotac to modem and it continues failing to dial.
VDSL modem is connected to re0.
This seems to happen every 3-5 days or so, at random.
I've attached log files from May 4th - it also occured last night, but the information in the log files is identical.
The first text file shows the log while the box is failing to dial - the 25 lines displaying keep repeating over and over, ad infinitum.
The second text file shows a successful dial immediately after booting back up (IP address etc censored).So far I have tried disabled powerd, and for unrelated reasons I have changed the VDSL modem, but it still keeps displaying this fault.
20160504_pfsense_hazza_zotac-pppoe-failure.txt
20160504_pfsense_hazza_zotac-pppoe-success.txt -
So I bought one of these a while ago, but waited until 2.3 came out before installing and putting this into my network to replace on old Netgear WNDR3700 (trusty little bugger that thing was). I upgraded to the latest BIOS prior to installing PFSense, which may or may not affect stability compared to others. I also don't push this box as hard as others. I have a connection that is 10/75. I don't have any stability problems, throughput is great and my OpenVPN connection for clients runs at line speed. CPU never seems to go above 25% and a lot of times powerd throttles the CPU down to 900Mhz from 1600 Mhz, so it burns less power. For prosumer use, it's really hard to beat this little machine.