Considering trying out pfsense
-
btw 1d sucks….that's not even 100Mbps, and NUC will anihilate that box, 2d maybe way better but u should pass on 1d. And it's 230 euros so it's expensive for this performace.
My asus 78u does 60Mpbs on it's ARM processor. Any pfsense box MUST MUST do more then 100Mbps on AES 256, otherwise it's not worth my time.AES256 58,63 Mbps 55,00 Mbps
Its cpu doesn't have AES-NI. apu2 does have one (in each core ofc). I am pretty sure apu2 will be able to do much more than 1Gbps in AES128 in memory. Other factors might limit performance tho.
-
@BlueKobold:
Small:
- Jetway Intel Atom D525 ~$200
No AES-NI & QuickAssist - PC Engines APU1D4 ~$250
No AES-NI & QuickAssist - PC Engines APU2D4 ~$300 (upcoming, not fully ready now)
AES-NI but no QuickAssist
Mid ranged:
- Jetway N2930 ~$300 (barebone)
No AES-NI & QuickAssist - Intel Atom C2358, C2558, C2758 ~$300 - ~$800
AES-NI & QuickAssist
Looking spend ~200$. If more i may have to wait later on. Maybe atom E3845 ?
http://ark.intel.com/search/advanceds=t&FamilyText=Intel%C2%AE%20Atom%E2%84%A2%20Processor&AESTech=true
I am not really informed about the newer Intel Atom CPUs or SoCs that coming actual out there, sorry.
Only some vendors I know really that are using this kind of Intel Atom Nxxxx SoCs in their devices to
be a router or firewall. But I really can´t say anything about the VPN capabilities and throughput that
will be able to reach with them. Sorry again.Axiomtek NA342 w/ Intel
Atom
E3825 processor- AES-NI
- no QuickAssist
Axiomtek NA343 w/ Intel
Celeron N3050- AES-NI
- no QuickAssist
Supermicro X11SBA-LN4F w/ Intel
Pentium Processor N3700
But problems with pfSense are reported.- AES-NI
- no QuickAssist
So i really would go more with the SG-2220 from the pfSense store or waiting until the APU2C4 is ready
and the name is changing into to APU2D4 both comes woth AES-NI and will be sufficient enough for
100 MBit/s IPSec VPN as I see it right. What the OpenVPN is really needing others should answering
because I don´t use it and as I am informed it is not getting any benefits from the AES-NI.I think these two boards Supermicro A1SRi-2558/2758 are quick assist and AES-NI supported.
I don't know if there any issue right now. What you guys think?
- Jetway Intel Atom D525 ~$200
-
APU2C4
Debian 8.4
Linux apu2 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1 (2016-03-06) x86_64 GNU/Linux
I still do not have any pfsense results (I am still playing with it in VirtualBox, and I am still not convinced about pfsense right now), but here are some performance numbers from Linux.
# gnutls-cli --benchmark-ciphers Checking cipher-MAC combinations, payload size: 16384 SALSA20-256-SHA1 39.57 MB/sec AES-128-CBC-SHA1 67.64 MB/sec AES-128-CBC-SHA256 37.11 MB/sec AES-128-GCM 0.41 GB/sec Checking MAC algorithms, payload size: 16384 SHA1 92.43 MB/sec SHA256 43.06 MB/sec SHA512 38.80 MB/sec Checking ciphers, payload size: 16384 3DES-CBC 4.48 MB/sec AES-128-CBC 0.23 GB/sec ARCFOUR-128 76.71 MB/sec SALSA20-256 67.65 MB/secwith 6.3W total power consumption during this test.
# openssl speed -evp aes-128-ecb aes-128-cbc aes-128-gcm type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-ecb 127544.98k 406525.93k 656512.60k 749048.83k 792521.39k aes-128-cbc 124649.83k 175624.04k 214096.38k 226685.61k 230045.01k aes-128-gcm 64513.34k 165438.55k 247261.70k 282979.33k 295043.07k type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes rc4 97220.57k 130829.63k 143616.68k 146905.90k 149889.02k des cbc 12226.79k 12978.73k 13191.42k 13242.37k 13254.66k des ede3 4833.95k 4937.05k 4954.88k 4959.57k 4961.62k blowfish cbc 22437.34k 25266.43k 26045.61k 26310.31k 26359.13k aes-128 cbc 16068.08k 17115.71k 17509.46k 44544.68k 45140.65k camellia-128 cbc 20475.77k 31573.53k 36410.03k 37942.95k 38466.90k aes-128-gcm 64770.55k 165564.91k 247574.61k 282806.27k 295458.13k aes-128 ige 15734.23k 16539.99k 16828.84k 16869.38k 16867.33kwith power usage 6.3W during this test.
Also I got a mSATA drive 16GB SSD from PC Engines, and it is fast. ~350MB/s write and up to 410MB/s sustained sequential read. Power usage 7.4W when doing read using dd bs=64k of=/dev/null.
Power consumption is around 5.6W (with power factor 63%) when idle (and PSU essentially at the room temperature!), even with cpufrequency governor set to performance and 1GHz all the time. 5.0W at idle, when using ondemand governor (600MHz on all cores). All with only one Ethernet port active right now. Power factor improves to 70% during load at one core (with usage around 6.3-7.5W depending on a test).
root@apu2:~# sensors k10temp-pci-00c3 Adapter: PCI adapter temp1: +53.4°C (high = +70.0°C) (crit = +105.0°C, hyst = +104.0°C)at idle, but I would need to recheck if my heatsink and thermal adhisive is correctly attached, because it is little hot.
I done some ethernet tests again, and I was able to get sustained 101MB/s downloading ubuntu iso files from Internet over IPv4 to /dev/null (with other router doing NAT and probably being a bottelneck). Average 90MB/s. At about 44% CPU usage (out of 400% available), most spend in kernel. Power usage 6.7W during that test.
Running 4 instances of burnK7, power usage 7.4W (power factor 65%). Temperature stays at around 62.0 °C after stabilisation after few minutes, with my room around 25.6 °C.
All tests with upper cover not mounted. With cover mounted it might right be few degree.
PSU is cold all the time, and I cannot even feel it warming up at all even during stress tests. Voltage regulators, converters, coils at the board are only little warm during stress test, and you need to touch them to feel any temperature out of it, and it was low all the time. Capacitors do not warm at all.
The board is essentially noiseless, but if I try really hard, I can hear some hiss / whine (both during load and when idle, with a little bit different spectrum). It is extremeally low in volume tho. With cover put on, it would be impossible to hear.
I am positively impressed so far.
And dmidecode, lspci and lsusb for curious
# dmidecode # dmidecode 2.12 SMBIOS 2.7 present. 7 structures occupying 306 bytes. Table at 0xDFFB7020. Handle 0x0000, DMI type 0, 24 bytes BIOS Information Vendor: coreboot Version: 88a4f96 Release Date: 03/07/2016 ROM Size: 8192 kB Characteristics: PCI is supported PC Card (PCMCIA) is supported BIOS is upgradeable Selectable boot is supported ACPI is supported Targeted content distribution is supported BIOS Revision: 4.0 Firmware Revision: 0.0 Handle 0x0001, DMI type 1, 27 bytes System Information Manufacturer: PC Engines Product Name: apu2 Version: 1.0 Serial Number: 123456789 UUID: Not Settable Wake-up Type: Reserved SKU Number: Not Specified Family: Not Specified Handle 0x0002, DMI type 2, 8 bytes Base Board Information Manufacturer: PC Engines Product Name: apu2 Version: 1.0 Serial Number: 123456789 Handle 0x0003, DMI type 3, 21 bytes Chassis Information Manufacturer: PC Engines Type: Desktop Lock: Not Present Version: Not Specified Serial Number: Not Specified Asset Tag: Not Specified Boot-up State: Safe Power Supply State: Safe Thermal State: Safe Security Status: None OEM Information: 0x00000000 Height: Unspecified Number Of Power Cords: Unspecified Contained Elements: 0 Handle 0x0004, DMI type 4, 42 bytes Processor Information Socket Designation: Not Specified Type: Central Processor Family: Pentium Pro Manufacturer: AuthenticAMD ID: 01 0F 73 00 FF FB 8B 17 Signature: Type 0, Family 22, Model 48, Stepping 1 Flags: FPU (Floating-point unit on-chip) VME (Virtual mode extension) DE (Debugging extension) PSE (Page size extension) TSC (Time stamp counter) MSR (Model specific registers) PAE (Physical address extension) MCE (Machine check exception) CX8 (CMPXCHG8 instruction supported) APIC (On-chip APIC hardware supported) SEP (Fast system call) MTRR (Memory type range registers) PGE (Page global enable) MCA (Machine check architecture) CMOV (Conditional move instruction supported) PAT (Page attribute table) PSE-36 (36-bit page size extension) CLFSH (CLFLUSH instruction supported) MMX (MMX technology supported) FXSR (FXSAVE and FXSTOR instructions supported) SSE (Streaming SIMD extensions) SSE2 (Streaming SIMD extensions 2) HTT (Multi-threading) Version: AMD GX-412TC SOC Voltage: Unknown External Clock: Unknown Max Speed: Unknown Current Speed: Unknown Status: Unpopulated Upgrade: Other L1 Cache Handle: Not Provided L2 Cache Handle: Not Provided L3 Cache Handle: Not Provided Serial Number: Not Specified Asset Tag: Not Specified Part Number: Not Specified Core Count: 4 Characteristics: None Handle 0x0005, DMI type 32, 11 bytes System Boot Information Status: No errors detected Handle 0x0006, DMI type 127, 4 bytes End Of TablePS. 123456789 is real serial number. oops.
lspci
# lspci 00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1566 00:02.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 156b 00:02.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Family 16h Processor Functions 5:1 00:02.3 PCI bridge: Advanced Micro Devices, Inc. [AMD] Family 16h Processor Functions 5:1 00:02.4 PCI bridge: Advanced Micro Devices, Inc. [AMD] Family 16h Processor Functions 5:1 00:08.0 Encryption controller: Advanced Micro Devices, Inc. [AMD] Device 1537 00:10.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB XHCI Controller (rev 11) 00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [IDE mode] (rev 40) 00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB EHCI Controller (rev 39) 00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 42) 00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 11) 00:14.7 SD Host controller: Advanced Micro Devices, Inc. [AMD] FCH SD Flash Controller (rev 01) 00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1580 00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1581 00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1582 00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1583 00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1584 00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1585 01:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03) 02:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03) 03:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03) root@apu2:~# lspci -vt -[0000:00]-+-00.0 Advanced Micro Devices, Inc. [AMD] Device 1566 +-02.0 Advanced Micro Devices, Inc. [AMD] Device 156b +-02.2-[01]----00.0 Intel Corporation I210 Gigabit Network Connection +-02.3-[02]----00.0 Intel Corporation I210 Gigabit Network Connection +-02.4-[03]----00.0 Intel Corporation I210 Gigabit Network Connection +-08.0 Advanced Micro Devices, Inc. [AMD] Device 1537 +-10.0 Advanced Micro Devices, Inc. [AMD] FCH USB XHCI Controller +-11.0 Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [IDE mode] +-13.0 Advanced Micro Devices, Inc. [AMD] FCH USB EHCI Controller +-14.0 Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller +-14.3 Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge +-14.7 Advanced Micro Devices, Inc. [AMD] FCH SD Flash Controller +-18.0 Advanced Micro Devices, Inc. [AMD] Device 1580 +-18.1 Advanced Micro Devices, Inc. [AMD] Device 1581 +-18.2 Advanced Micro Devices, Inc. [AMD] Device 1582 +-18.3 Advanced Micro Devices, Inc. [AMD] Device 1583 +-18.4 Advanced Micro Devices, Inc. [AMD] Device 1584 \-18.5 Advanced Micro Devices, Inc. [AMD] Device 1585 root@apu2:~# lspci -vtn\ > ^C root@apu2:~# lspci -vtn -[0000:00]-+-00.0 1022:1566 +-02.0 1022:156b +-02.2-[01]----00.0 8086:157b +-02.3-[02]----00.0 8086:157b +-02.4-[03]----00.0 8086:157b +-08.0 1022:1537 +-10.0 1022:7814 +-11.0 1022:7800 +-13.0 1022:7808 +-14.0 1022:780b +-14.3 1022:780e +-14.7 1022:7813 +-18.0 1022:1580 +-18.1 1022:1581 +-18.2 1022:1582 +-18.3 1022:1583 +-18.4 1022:1584 \-18.5 1022:1585lsusb
# lsusb Bus 001 Device 002: ID 0438:7900 Advanced Micro Devices, Inc. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub root@apu2:~# lsusb -tv /: Bus 03.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 5000M /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 480M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/4p, 480Mcpuinfo
# cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 22 model : 48 model name : AMD GX-412TC SOC stepping : 1 microcode : 0x7030105 cpu MHz : 1000.000 cache size : 2048 KB physical id : 0 siblings : 4 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc extd_apicid aperfmperf eagerfpu pni pclmulqdq monitor ssse3 cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt topoext perfctr_nb perfctr_l2 arat cpb xsaveopt hw_pstate npt lbrv svm_lock nrip_save tsc_scale flushbyasid decodeassists pausefilter pfthreshold vmmcall bmi1 bogomips : 1996.14 TLB size : 1024 4K pages clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: ts ttp tm 100mhzsteps hwpstate cpb [12] [13] ...I commented on mSATA drive details in another thread: https://forum.pfsense.org/index.php?topic=109970.msg612649#msg612649