Are the i210AT NICs supported and working?
-
Great news I was just rejecting this alternative to a pfSense box a couple of days ago, since I didnt think the NICs were supported : https://www.supermicro.com/products/system/1U/5019/SYS-5019S-ML.cfm.
What do you think of a rig like this for:
500Mbs WAN
50 UsersLatency is very important.
most likely overkill…. IF the hardware is compatible, it should work fine if you put a cpu/ram/hd in it
-
Ok, anyone else who has any experience with the i210AT NICs?
I was planning to use:
RAM: Samsung 16GB DDR4 2133MHz ECC
CPU: Intel Xeon E3-1275v5
SSD: Samsung SM863 120GBOntop of pfSense Im planning to use:
Snort, pfBlockerNG, Squid with ClamAV and SquidGuardThat is the reason why I am a little bit worried about HW requirements.
-
Hi Everyone.
Im currently running a PFsensebox in a Hyper-V VM at the office. However its a bit of a hassle, especially if the hardware on the host vere to break down (and also when i want to reboot the host).So im planning on getting a new small 1U Server to run the firewall. The office has about 40 users, 100Mbit WAN. A few simple VLANs (to separate clients from servers, and one DMZ). All users use OpenVPN to connect to to pfsense to get access to the servers from home. I was hoping to run a cheaper Xeon E3 CPU and 4GB of RAM for the new machine and ive started to like some of the SuperMicro servers that should fit my needs.
However it seems that most of the supermicro boards use Intels i210AT NICs. And after doing a bit of googleing, it seems that there are issues with this NIC and Pfsense.
So my question is simpy: Are the i210AT supported by Pfsense (since its a new build i could use a later version of pfsense).
You can take a look to my build here, the onboard i211AT is slightly lower grade compared with i210AT, but anyway they are the same family, and I was using it with pfSense 2.2.6 (of course now pfSense 2.3) without any issue.
Your application seems not very heavy duty, I suggest you can take a look to those Supermicro C2558/C2758 Atom based motheboard, those comes with a higher grade i350 x 4 LAN chip and with AES-NI acceleration your VPN tunnel will be beneficial from this.
Thank you for your suggestions. Im currently reading trough your post. I still feel a bit hesatent to go down the Atom road. Is the Atom really powerfull enough? Currently we have about 40 users but that could easy be 60 in 2 years or something and i dont want to buy a new firewall for another 3-4 years at least. I guess i could go with the eight core Ranglay (they lok nice with the 4 NICs, even if i only need two). And if i undersood you currectly, the I354 NICs are fully supported by Pfsense.
But if i had 4 NICs i could use thoose instead of VLANs to separate the CLient network from the server network.
Im thinking: Using one switch for the Server network, and one switch for the client network (icnluding wifi APs and printers) and just use one interface each on the pfsense box.
Today im using the same principal, but im using VLAN and a trunk from pfsense to a switch.The N2930 is Celeron, not Atom ;D
Depends on what you want to do, if just a simple firewall with squid caching (not intercepting like ClamAV), N2930 with 8GB ram is more than enough for you. 8-9 years ago, I built a Pentium 4 + 1G ram for my office, with ~80 users, all good, so do you believe the N2930 will be slower than that? 8)
To be honest, there is always a misconception that: Lots of users => Much higher CPU processing power on firewall
Yes it will eat up more processing power/memory, but not that much as you think. In Squid forum, people are building cache server with 16GB memory for 1000 users (expecting 2000-3000 users later), while not intercepting traffic, the CPU is not doing much as well.Rangeley is definitely good for you, since there is also AES-NI which is great for VPN applications, from my point of view, even a 2-core C2358 will do the job in your case.
-
Ok, anyone else who has any experience with the i210AT NICs?
I really don´t know why you even ask about that Intel i210 NICs, they are fully supported and running
well under pfSense software, that in the version 2.3 some issues where occurring might be not turning
them into bad hardware!I was planning to use:
RAM: Samsung 16GB DDR4 2133MHz ECC
CPU: Intel Xeon E3-1275v5
SSD: Samsung SM863 120GBPlease save money and prevent eventually problems coming along with the newest available hardware
on the market. Here is a very well running pfSense UTM hardware tested and running for many time.- ASUS Q87T, mainboard (BIOS update must be done to the latest available one)
- CPU support
Intel
Core
i7 (Haswell), Intel Core i5 (Haswell), Intel Core i3 (Haswell),
Intel Pentium G (Haswell), Intel Celeron G (Haswell), Intel Xeon E3 v3 (Haswell) - Intel Xeon E3-128xv3 with AES-NI any cheap to get the hands on for new and boxed
with a cooler (or refurbished and used for cheap and then with a new cooler too on top) - RAM support S0-DIMM DDR3-1600 max. 16 GB , 2 x 4/8 GB DDR3-1600MHz
- mSATA slot full lenght - "Crucial M500 SSD 120GB, mSATA 6Gb/s (CT120M500SSD3)" (TRIM support works)
- miniPCIe slot half length WiFi Atheros AR9280 if WiFi is needed
- Intel Ethernet Server Adapter I350-T4 bulk on eBay for ~$99
- Noctua NH-L9i, CPU-Kühler of it was not a Intel Xeon "boxed" package
Last pfSense update from 2.2.4 to 2.2.6 and runs stable until now and on top you will get never
starting a thread about, this is not working, that is to slow, 1 GBit/s at the WAN is not really there,
the NIC is not supported, the space is to small, and so on and so on. You are sorted!Ontop of pfSense Im planning to use:
Snort, pfBlockerNG, Squid with ClamAV and SquidGuardWith a intel Xeon E3 v3 @3,5GHz or @3,7GHz it is not really interesting what you are running
installing or doing, just do it! It is powerful enough to serve you and many clients for years!!!
You might be run many of them as Squid & SquidGuard, ClamAV, SARG, Snort or Suricata,
pfBlockerNG, apinger, the APC UPS package, the Captive portal, ect…....And pending on the CPU support of that board you will be able to start with a lower one
and upgrade from time to time if needed too, but I personally would consider to go with
an Intel Xeon E3 model because its some more power saving but delivers multiple fully
1 GBit/s throughput at the WAN port and it doesn`t matter if over PPPoE or not.That is the reason why I am a little bit worried about HW requirements.
There are three different stages you can rest or you will be able to reach:
- underperformed - nothing goes as expected and the whole unit is lame as a duck
- right performed - all is running but without or only a small amount of headroom to be future proof
- over performed - is no really existing in my eyes, its like the point two but for a longer time and future proof!
Other may thing different about that, but if I have a fine and false free running pfSense firewall that must
be turned into a fully featured UTM device I would be more happy about the saved time of my life solving out
any kind of problems or if some thing is changing at someday like the number of users and/or the Internet line
speed that would be not really lowers the entire throughput and/or reaction time.Be aware of the newest available hardware it can be not fully supported and/it can be coming to
BIOS issues you will not be able to solve out. And the latest funny things and newest features or
gimmicks in the Intel Xeon E3 v5 CPUs would not be really interesting running a firewall or fully
featured UTM on it, or in any other kind of version interesting and useful. -
The N2930 is Celeron, not Atom ;D
Well, yes and no.
In the past Celeron and Pentium chips were all based on the main desktop core line (Sandy Bridge, Ivy bridge, Haswell, Broadwell, Skylake, etc.)
Starting with Silvermont (Bay Trail, braswell, etc.) Celeron and Pentium branded chips were based on the Atom line instead of the desktop lines. Now, this is not the old Atoms, they ahve been improved with out of order execution and other features since then, but they still perform a lot slower than their full desktop counterparts, but on the flip side they also use less power.
So, the Intel Celeron and Pentium Decoder ring for Core i3/i5/i7 and newer chips looks something like this:
Desktop (Core) based:
Celeron Gxxx or Gxxxx
Pentium Gxxx or GxxxxAtom (Silvermont) based:
Celeron Nxxxx
Pentium Nxxxx
Celeron Jxxxx
Pentium JxxxxThe Celeron G and Pentium G models will perform MUCH better than the Celeron/Pentium N and J models.
-
@BlueKobold:
- Intel Ethernet Server Adapter I350-T4 bulk on eBay for ~$99
Not trying to hijack the thread but while I was tempted to go for such a card, threads on this forum got me scared.
Basically these cards use an intel controller but that's about it which apparently causes the card to act weird or just die after some months.
A genuine intel card seems to be 150-200$ or higher… -
Not trying to hijack the thread but while I was tempted to go for such a card, threads on this forum got me scared.
What is scary here? if you are aware to use that card please don´t use it, but don´t tell me that I should not
suggest it or use it by my own, thank you.Basically these cards use an intel controller but that's about it which apparently causes the card to act weird or just die after some months.
I was not speaking about faked cards or cheap Chinese reproductions here, I was talking about refurbished cards
or used items at eBay and not the new ones! And yes this cards will be able over eBay or Amazon.xyz refurbished
and/or used for $99.A genuine intel card seems to be 150-200$ or higher…
Yes this is right but this ones are then the pretty newer one that will be not in usage before, or so called
factory new or brand new. This ones I love too, for 200 € - 300 € here in Germany (Intel i350 & i354)
this are fine cards acting fast and stable, in my eyes. -
The i210at works on my Supermicro board (X10SLV-Q) works perfectly using the em driver which is preinstalled and autodetected by pfSense, so I wouldn't worry about that.
My board is a little odd in that it is mixed i210at (em driver) and i217 (igb driver) which is a little inelegant, but works well none the less.
Hi Everyone.
Im currently running a PFsensebox in a Hyper-V VM at the office. However its a bit of a hassle, especially if the hardware on the host vere to break down (and also when i want to reboot the host).So im planning on getting a new small 1U Server to run the firewall. The office has about 40 users, 100Mbit WAN. A few simple VLANs (to separate clients from servers, and one DMZ). All users use OpenVPN to connect to to pfsense to get access to the servers from home. I was hoping to run a cheaper Xeon E3 CPU and 4GB of RAM for the new machine and ive started to like some of the SuperMicro servers that should fit my needs.
However it seems that most of the supermicro boards use Intels i210AT NICs. And after doing a bit of googleing, it seems that there are issues with this NIC and Pfsense.
So my question is simpy: Are the i210AT supported by Pfsense (since its a new build i could use a later version of pfsense).
I was unaware of this when I built my new router a few weeks ago, but apparently BSD's pf (on which pfSense is based) has become remarkably well multithreaded over the alst year or two, to the point where having fast desktop-style cores is no longer a huge requirement like it used to be. A multi-core Atom/Avoton board should do the trick just fine these days, as long as you don't need PPPoE which still requires a fast core.
If I had known what I know now a few weeks back, I would likely have gone with an atom based build, instead of a 2.9ghz dual core haswell with turbo up to 3.6.
I used to have an old ALIX board with an AMD Geode CPU and that fall flat on its feet as soon as had a permanent OpenVPN Tunnel up. Thats why im a bit "Afraid" to use a low power CPU.
So im thinking of getting:- Supermicro motherboard with a C2758
- 2x 4GB DDR3L ECC SODIMM
- 4x Intel 354 NICs
-
I used to have an old ALIX board with an AMD Geode CPU and that fall flat on its feet as soon as had a permanent OpenVPN Tunnel up. Thats why im a bit "Afraid" to use a low power CPU.
So im thinking of getting:- Supermicro motherboard with a C2758
- 2x 4GB DDR3L ECC SODIMM
- 4x Intel 354 NICs
Come on…...AMD Geode was introduced in 2002...which is 14 years ago, technology evolved a lot already, with the advanced silicon technology high processing power & low power consumption is longer mutally exclusive.
-
What is scary here? if you are aware to use that card please don´t use it, but don´t tell me that I should not
suggest it or use it by my own, thank you.I didn't tell anybody what they "should" do; I simply mentioned the issues with ebay lottery. Sorry you took it that way, it's not what I meant.
I was not speaking about faked cards or cheap Chinese reproductions here, I was talking about refurbished cards
or used items at eBay and not the new ones! And yes this cards will be able over eBay or Amazon.xyz refurbished
and/or used for $99.Fair enough - I looked some time ago to some auctions and personally, I couldn't tell the difference between a "fake" refurbished and an actual one. The pictures were reused and some comments indicated some sellers were dishonest. But that was just my experience.
I think the network card is great and it would have been amazing to see that the so-called OEM cards were somewhat reliable; a 4x intel card at around ~50$ would make a lot of folks happy :)
Yes this is right but this ones are then the pretty newer one that will be not in usage before, or so called
factory new or brand new. This ones I love too, for 200 € - 300 € here in Germany (Intel i350 & i354)
this are fine cards acting fast and stable, in my eyes.I'm still debating whether for a home firewall (with 2 ports) a 4x card would make sense. The network card has bigger buffers but at the same time it looks like the power consumption is higher as well…