PC Engines apu2 experiences
-
@stephenw10 said in PC Engines apu2 experiences:
Hmm, odd. Actual CPU time on those processes is all pretty small though. You see it generating those everytime at boot?
Steve
Hmm, I’ll have to check what it is at boot. I haven’t put much time into investigating it. Looking at the SNMP though, this is the first time the CPU has dropped down (after uninstalling the package). So, I guess it starts up pretty quick after boot since I don’t even see a dent in the SNMP.
Just watching “top”, it seems to come in bursts, like every 10 seconds for 5 seconds long for example.
A wild guess is that that’s how often it polls the gateways.I just re-installed pfSense from scratch, not restoring any backups, and it still does it.
Since there’s not much to configure, I assume anyone could reproduce it. If not, I’m really curious as to what’s so special about my system.
You can basically choose what the last 2 lights are, which I have as:
2 - WAN_DHCP4
3 - VPNI've made a new topic for this here
-
@wgentine True - although as soon as powerd sets CPU frequency to maximum GX-412TC frequency 1000MHz via ACPI then AMD CPB is available - however whether CPB it is used depends on CPU core state & thermal parameters.
Although the question of whether powerd is still useful for APU2 given both the CPB performance gains and power savings is interesting...
Edit: some excellent CPB info here https://github.com/pcengines/apu2-documentation/blob/master/docs/debug/cpu_frequency.md
-
@stephenw10 You mean the original APU (with AMD G-T40E CPU) - not the APU2 (with AMD GX-412TC CPU) right? No issues with powerd on APU2 (although whether it makes any sense now with CPB is the issue)
-
@dugeem Ah, true! That was referring to the original APU, my mistake.
-
Is anyone using the CoDel / FQ_CoDel Traffic Shaping on the APU2?
Working well? Any problems?
-
@Veldkornet said in PC Engines apu2 experiences:
Is anyone using the CoDel / FQ_CoDel Traffic Shaping on the APU2?
Working well? Any problems?
I have an APU2 box at work to provide a separate network for personal devices. It is setup with the FQ_CoDel limiter / floating rules method described towards the end of the Playing with FQ-CoDel Thread. It has been rock solid and seems to provide equal bandwidth sharing for the 30 - 50 devices connected each day and 16 - 20 GB of traffic that is passed on our 150/150 FiOS link.
-
@Veldkornet said in PC Engines apu2 experiences:
@qinn SSH into it and install flashrom. No need to boot from USB etc.
pkg install flashrom
Upload the firmware to /tmp with scp and run:
flashrom -w /tmp/apu2_v4.9.0.2.rom -p internal:boardmismatch=forceShutdown pfSense, pull the power for 10 seconds, then boot up.
I still run the original (legacy) bios that came with my apu2c4 almost 2 years ago?! (maybe 1 year I cant remember). I also run the latest stable pfsense.
Anything I need to do (regarding settings or something else) before flushing from the pfsense itself??
thanks -
@daemonix Nope, just install the flashrom like above, then download the latest Mainline from here
https://pcengines.github.io/
then flash it and reboot, I have switched from Legacy to Mainline months ago and everything works still fine.
...and btw you don't need the force option, this is enough
flashrom -w /tmp/apu2_v4.9.0.7.rom -p internal
-
@Qinn said in PC Engines apu2 experiences:
@daemonix Nope, just install the flashrom like above, then download the latest Mainline from here
https://pcengines.github.io/
then flash it and reboot, I have switched from Legacy to Mainline months ago and everything works still fine.
...and btw you don't need the force option, this is enough
flashrom -w /tmp/apu2_v4.9.0.7.rom -p internal
Thanks a lot for the quick replay!
Im do it later in the evening and hopefully Ill have internet after the reboot heheheh -
This post is deleted! -
@Qinn said in PC Engines apu2 experiences:
@daemonix Nope, just install the flashrom like above, then download the latest Mainline from here
https://pcengines.github.io/
then flash it and reboot, I have switched from Legacy to Mainline months ago and everything works still fine.
...and btw you don't need the force option, this is enough
flashrom -w /tmp/apu2_v4.9.0.7.rom -p internal
Done without a problem!
I had a serial link to it so I did it from there so I can see the boot sequence.Now that I have time to experiment a bit.
What are the recommended combination of settings that favour performance on a openvpn server nowadays ?BSD crypto ON/OFF? CBC/GBC algo? etc..
I get 40mbit on the apu2 hosted server. -
@daemonix said in PC Engines apu2 experiences:
BSD crypto ON/OFF? CBC/GBC algo? etc..
I get 40mbit on the apu2 hosted server.From my knowledge for the APU2-Board the settings should be AES-NI (in CPU).
Regards,
fireodo -
I agree try AES-NI (in cpu) read this please, especially the reply from "jimp" https://forum.netgate.com/topic/114212/aes-ni-cryptodev-openvpn-help-a-n00b-understand/16
The setting is in :
System/Advanced/Miscellaneous
try it and see how it performs.
-
fast-io
sndbuf 524288
rcvbuf 524288added this, changed my PIA client to GCM (my server was already GCM) and I already had just the hardware acceleration only...
Gone from 45-sih mbit to 70-70mbit in both PIA and my server!!! -
@Qinn said in PC Engines apu2 experiences:
https://pcengines.github.io/
Does this mean that "AES-NI CPU-based acceleration" is better than the "AES-NI and BSD Crypto Device" option? I'm still confused what the difference between those two are.
-
@kevindd992002 said in PC Engines apu2 experiences:
Does this mean that "AES-NI CPU-based acceleration" is better than the "AES-NI and BSD Crypto Device" option? I'm still confused what the difference between those two are.
Yes! The Apu2 does not have a dedicated Crypto-Device, the Crypto-Functions are integrated in the CPU (much faster). IMHO
-
@fireodo said in PC Engines apu2 experiences:
@kevindd992002 said in PC Engines apu2 experiences:
Does this mean that "AES-NI CPU-based acceleration" is better than the "AES-NI and BSD Crypto Device" option? I'm still confused what the difference between those two are.
Yes! The Apu2 does not have a dedicated Crypto-Device, the Crypto-Functions are integrated in the CPU (much faster). IMHO
I see. But won't it use AES-NI anyway if the latter option is selected?
Also, in the OpenVPN settings you should chhose None in the Hardware Acceleration field, correct?
-
@kevindd992002 said in PC Engines apu2 experiences:
I see. But won't it use AES-NI anyway if the latter option is selected?
Freebsd will look for the Crypto-Device wich is not existent and will not fallback to AES-NI CPU based.
Also, in the OpenVPN settings you should chhose None in the Hardware Acceleration field, correct?
I admit I dont know. Sorry.
-
@fireodo said in PC Engines apu2 experiences:
@kevindd992002 said in PC Engines apu2 experiences:
I see. But won't it use AES-NI anyway if the latter option is selected?
Freebsd will look for the Crypto-Device wich is not existent and will not fallback to AES-NI CPU based.
Also, in the OpenVPN settings you should chhose None in the Hardware Acceleration field, correct?
I admit I dont know. Sorry.
Yes this is it. I did all the possible test combinations.
Indeed ONLY AES-NI should be selected -
Yes, the only thing to avoid here is enabling both aes-ni and bsd crypto. Doing that will cause the aes device to register for crypto acceleration via the framework which adds a load of additional steps. It's much faster to use the available CPU instructions directly. As long as it's enabled in the BIOS openssl, and hence openvpn, should use aes-ni.
Steve