Canadian Looking for Build Suggestions / Parts Sources



  • Hi All

    I've been reading the forum for a few days to research a cost effective pfSense build.  Being in Canada makes this a bit more complicated since a lot of Amazon sellers don't ship to Canada, and/or the import costs are prohibitive.

    I'm looking to support a home network 250Mbps Download/20Mbps Upload with a VPN,  packet capture, and security packages like Snort/ Suricata/Squid.  I assume a J1900 would be about a minimum CPU spec, and about 8-16GB of RAM and an SSD to support the security packages and an extensive list of blocked ip's.  Need a minimum of 3 NICs, but 4 would be better. (Have I got the spec's right or do I need to go to a C2558/2758)?

    Since it sits under my desk in my office I need something relatively small and noise-free, and given the ever increasing cost of hydro, low power as well.

    I'm hoping there may be Canadians in this forum that may have built something similar and can offer suggestions as to potential hardware and places to get it most cost effectively.  I would hope to keep the cost to $500CDN (excluding hard drive) if at all possible, but if extra cost is justified, I'll likely stretch the budget within reason.

    Any help would be much appreciated.



  • Going to keep this simple:
    1. Why 3-4 nics, are you running multiple vlans? - if not, just get a half decent switch and go 2.
    2. Modern basic systems will idle about 30w. You can go under this with embedded. How much does power cost you?
    3. 16 gig of ram is overkill, I run my home pfsense box with 4 gig and could probably get away with 3.
    4. If you run snort (I don't, but have) you want good peak single thread performance. I recommend i3's for this kind of scenario.
    5. If you are content to use suricata (and you should be) then the c2558 will be ample.



  • @guardian:

    Hi All

    I've been reading the forum for a few days to research a cost effective pfSense build.  Being in Canada makes this a bit more complicated since a lot of Amazon sellers don't ship to Canada, and/or the import costs are prohibitive.

    I'm looking to support a home network 250Mbps Download/20Mbps Upload with a VPN,  packet capture, and security packages like Snort/ Suricata/Squid.  I assume a J1900 would be about a minimum CPU spec, and about 8-16GB of RAM and an SSD to support the security packages and an extensive list of blocked ip's.  Need a minimum of 3 NICs, but 4 would be better. (Have I got the spec's right or do I need to go to a C2558/2758)?

    Since it sits under my desk in my office I need something relatively small and noise-free, and given the ever increasing cost of hydro, low power as well.

    I'm hoping there may be Canadians in this forum that may have built something similar and can offer suggestions as to potential hardware and places to get it most cost effectively.  I would hope to keep the cost to $500CDN (excluding hard drive) if at all possible, but if extra cost is justified, I'll likely stretch the budget within reason.

    Any help would be much appreciated.

    A cheaper option for you is the Supermicro X11SBA-LN4F-O, the N3700 supports AES-NI which is great for VPN, and the N3700 is better than J1900.



  • Thanks very much Keljian.  I'm pretty new at this stuff, so I appreciate the input/advice.

    @Keljian:

    1. Why 3-4 nics, are you running multiple vlans? - if not, just get a half decent switch and go 2

    I want to keep my lan with my computers totally separate from my IoT network which I will set up for remote access with port forwarding.

    2. Modern basic systems will idle about 30w. You can go under this with embedded. How much does power cost you?

    This is less about power than size/heat and noise… I want small, quiet and cool because I'm in a "living" environment not a server room.

    4. If you run snort (I don't, but have) you want good peak single thread performance. I recommend i3's for this kind of scenario.
    5. If you are content to use suricata (and you should be) then the c2558 will be ample.

    Thanks… still not 100% sure what I want at this point... all I know is I have outgrown dd-wrt on a consumer grade router and I need something to be able to inspect,
    block and monitor the network with all the garbage out there that phones home and worse... I figure this solution should be able to evolve over time as I learn and technology evolves.



  • @edwardwong:

    A cheaper option for you is the Supermicro X11SBA-LN4F-O, the N3700 supports AES-NI which is great for VPN, and the N3700 is better than J1900.

    Thanks… I had overlooked the N3700... and that's a nice little board... I'm going to do some looking around the forum to see what others are doing with it.

    It seems to be about $280 CDN, but maybe a bit of shopping will improve on that...
    (Have any Canadians found found a good source for this type of hardware?)



  • You might want to have a look at this recent post:https://forum.pfsense.org/index.php?topic=111048.msg620068#msg620068

    My personal experience has been to reuse older but serviceable hardware for home use.

    Don't know what part of CAN you're from (I'm on the West Coast) but worst case power costs here are <$0.12 /KWh.
    That translates to ~$45/yr for every 50W either saved or "lost" because of an overpowered box.

    Maybe the math works for you, but often it doesn't.

    Just my $.02



  • I recently bought a J1900 fanless barebone with 4 NICs from Aliexpress (http://www.aliexpress.com/item/Cheapet-celeron-baytrail-J1900-2-42G-Quad-core-Fanless-X86-Industrial-computer-4-LAN-1080P/1000001324492.html) and 8 Gb of Crucial RAM and 60Gb of Kingston MS200 mSATA SSD from NCIX. All in, total cost to the door was CAD 345 and it took 2 days. I actually got the barebone from Hong Kong faster than the stuff from NCIX…



  • @schlouf:

    I recently bought a J1900 fanless barebone with 4 NICs from Aliexpress (http://www.aliexpress.com/item/Cheapet-celeron-baytrail-J1900-2-42G-Quad-core-Fanless-X86-Industrial-computer-4-LAN-1080P/1000001324492.html) and 8 Gb of Crucial RAM and 60Gb of Kingston MS200 mSATA SSD from NCIX. All in, total cost to the door was CAD 345 and it took 2 days. I actually got the barebone from Hong Kong faster than the stuff from NCIX…

    Hi schlouf

    Thanks for the reply…It looks like a very nice little box.

    Good to hear about the speedy service... bought some stuff from China on EBay, and "A slow boat from China" was the norm. 
    What shipping method did you choose?  Were there any "surprise" charges like brokerage etc.?

    A couple of questions if I might:

    • How is the build quality?  What about heat?

    • Are you using it for pfSense?  If so what kind of throughput are you getting? Running any packages or just base pfSense?

    Thanks!



  • @guardian:

    Good to hear about the speedy service… bought some stuff from China on EBay, and "A slow boat from China" was the norm. 
    What shipping method did you choose?  Were there any "surprise" charges like brokerage etc.?

    A couple of questions if I might:

    • How is the build quality?  What about heat?

    • Are you using it for pfSense?  If so what kind of throughput are you getting? Running any packages or just base pfSense?

    The build quality is good, anyway good enough for the price. It gets quite warm to the touch but, according to pfSense, the CPU runs at 47C with adaptive powerD enabled. With powerD disabled, CPU temperature was a few degrees higher. However, mine is mounted in a closet with limited airflow, so that might explain the warmness.

    I experienced a problem with one of NICs, which I managed to solve, see https://forum.pfsense.org/index.php?topic=110634.0. I don't know how easy it would have been to RMA it. This is something to weigh in your decision process.

    I am running base pfSense, no packages. My connection is 100/30 and I am running an OVPN client. The highest my CPU load ever gets is about 25%.

    There is some good discussion going on about the barebone in https://forum.pfsense.org/index.php?topic=75415.255. This is where I got the idea of buying it and so far no regrets, it fits my needs perfectly.



  • A cheaper option for you is the Supermicro X11SBA-LN4F-O, the N3700 supports AES-NI which is great for VPN, and the N3700 is better than J1900.

    Like @schlouf was explaining it, there are reported issues wit that board so please be patient and read that
    longer forum thread there and then you might be getting out some interesting informations about that issue.

    Budget option:
    Jetway NF2930HG ~$205
    4 GB - 8 GB RAM

    Mid size:
    Supermicro A1SRi-2758 ~$340
    4 GB - 8 GB RAM

    High end:
    ASUS Q87T or
    Gigabyte Q87TN
    Intel Core i3, i5, i7 (embedded) or E3-12xxv3
    8 GB - 16 GB RAM



  • @BlueKobold:

    A cheaper option for you is the Supermicro X11SBA-LN4F-O, the N3700 supports AES-NI which is great for VPN, and the N3700 is better than J1900.

    Like @schlouf was explaining it, there are reported issues wit that board so please be patient and read that
    longer forum thread there and then you might be getting out some interesting informations about that issue.

    Budget option:
    Jetway NF2930HG ~$205
    4 GB - 8 GB RAM

    Mid size:
    Supermicro A1SRi-2758 ~$340
    4 GB - 8 GB RAM

    High end:
    ASUS Q87T or
    Gigabyte Q87TN
    Intel Core i3, i5, i7 (embedded) or E3-12xxv3
    8 GB - 16 GB RAM

    Thanks for the reply - If I've done my homework correctly:

    Jetway-NF9HG-2930 - not great for encryption because it doesn't have the encryption instructions.
    If I understand things correctly, this would likely be not too bad except for the encryption… VPS connections will take a huge hit.

    Supermicro A1SRi-2758 - looks like a good platform...
    This one is under consideration - I've seen some interesting feedback on it. ... Just don't know if I can justify the cost

    • $449.99+6.99 CAD for shipping... NewEgg is the best I can find.
    • It also appears to need a couple of fans (NOISE is a huge concern for me)

    Gigabyte Q87TN - Likely a bit overkill... also only 2 NICs



  • Jetway-NF9HG-2930 - not great for encryption because it doesn't have the encryption instructions.
    If I understand things correctly, this would likely be not too bad except for the encryption… VPS connections will take a huge hit.

    It all depends on the awaited throughput.

    Supermicro A1SRi-2758 - looks like a good platform…
    This one is under consideration - I've seen some interesting feedback on it. ... Just don't know if I can justify the cost

    • $449.99+6.99 CAD for shipping... NewEgg is the best I can find.
    • It also appears to need a couple of fans (NOISE is a huge concern for me)

    Not really loud if you will get a case that is offering enough space.

    Gigabyte Q87TN - Likely a bit overkill… also only 2 NICs

    Here able to get for ~150 € (board) + ~99 € for a Intel i350 (quad port NIC) = ~250 €
    and the CPU can be chosen likes you need or want it, and it is upgradeable for perhaps more awaited load.
    Pentium G, Intel Core i3, i5, i7 or Xeon E3 delivering 1 GBit/s at the WAN with guarantee. From 2 GB to
    16 GB RAM likes you need and in the mini-ITX format too.



  • What about that RealTec NIC, is this good one / supported by pfSense?



  • @NEK4TE:

    What about that RealTec NIC, is this good one / supported by pfSense?

    From what I understand from reading the forum, FreeBSD does not do well with RealTec NICs,
    and therefore they are best avoided.



  • Thats why i don't understand why they recommend these boards then.



  • @NEK4TE:

    Thats why i don't understand why they recommend these boards then.

    Which board(s) are you talking about?



  • sorry for confusion

    
    High end:
    ASUS Q87T or
    Gigabyte Q87TN
    Intel Core i3, i5, i7 (embedded) or E3-12xxv3
    8 GB - 16 GB RAM
    
    


  • @NEK4TE:

    sorry for confusion

    
    High end:
    ASUS Q87T or
    Gigabyte Q87TN
    Intel Core i3, i5, i7 (embedded) or E3-12xxv3
    8 GB - 16 GB RAM
    
    

    Good point…

    ASUS Q87T has:
    Intel® I217LM, 1 x Gigabit LAN Controller(s)
    Realtek® 8111G, 1 x Gigabit LAN Controller(s)

    Gigabyte Q87TN has:
    1 x Realtek® GbE LAN chip (10/100/1000 Mbit) (LAN1)
    1 x Intel® GbE LAN chip (10/100/1000 Mbit) (LAN2)

    That would be enough to disqualify it for me.

    I've got a FreeNAS box (FreeBSD Also) with a RealTek NIC... it works, but the performance is not great.  It was the best I could do at the time (4 years ago), and I didn't really know better either.

    Finding a board is an exercise in frustration... either way too expensive, sold as a system with options that don't work for me, not available in Canada, or compatibility/stability problems.

    I'm thinking I may go for a  X11SBA-LN4F-O ... looks like they have finally gotten to the bottom of the problems with it. 
    The price is somewhat sane ($316 CDN with shipping)

    Supermicro A1SRi-2758 is about $456 CDN with shipping which is a bit rich for my taste, and overkill for a 250/20 home network with only a handful of machines on it.



  • That would be enough to disqualify it for me.

    ASUS Q87T is for ~150 €
    a refurbished Intel i350 is for ~99 € 
    a refurbished Intel CPU for ~150 €

    But then together with CPU support of:
    Intel® Core™ i7 (Haswell), Intel® Core™ i5 (Haswell), Intel® Core™ i3 (Haswell),
    Intel® Pentium G (Haswell), Intel® Celeron G (Haswell), Intel® Xeon E3 v3 (Haswell)

    This allows anybody to built a nice pfSense box strong as he needs it and upgradeable from the lowest bottom
    to the highest top. So I don´t understand what should be wrong with it.

    For sure for a 250/50 MBit/s Internet line it would be really to powerful, but if at someday that line speed
    will be getting higher or is growing up, you would be able to upgrade that box too!

    And if the dimensions are counting or are important you could also have a better look on a fully assembled
    Supermicro SuperServer E200-9B in the mini-ITX format and matching well all criteria and small on top of all.

    Since pfSense is not more single CPU threated and more then one core is counting well, it would be also
    interesting to get a A1SRi-2758 & SC101i from Supermicro also small and really quiet.

    It is not really easy to tell peoples what is running well for them because it is also mostly based on their own
    use case and how many packets they want to install or if silent, power consuming or high load is their main
    goal to archive. The best would be to know even at first what they want to install and turn on and then choosing
    the right hardware. For 5 peoples or users or devices it could be also nice to have a miniPCIe WiFi option and
    mSATA option for using low power and preventing heat inside or be able to upgrade the hardware if the Internet
    line speed is growing. If this might be not really urgent I personally would be trying out to get a A1SRi-2758
    platform at these days to get the best out from all. 8 CPU Cores, up to 64 GB RAM, Intel NICs, IPMI for free
    on top of all things and 100% compatible and able to built a full UTM device would be matching more for
    me then other things.

    From what I understand from reading the forum, FreeBSD does not do well with RealTec NICs,
    and therefore they are best avoided.

    Well this is right but for what you think is the Intel i350 or i354 quad port NIC then?

    Thats why i don't understand why they recommend these boards then.

    • It is 100% running the pfSense version 2.2.4, 2.2.5 and 2.2.6 only a BIOS update is needed.
    • Multiple CPU support (E3-1240v3 @3GHz) with 100% routing 1 GBit/s at the WAN port
    • 2 x miniPCIe for WiFi and mSATA
    • max. RAM size is 16 GB
    • a real PCIe 3.0 x4 slot for add on cards.

    Finding a board is an exercise in frustration… either way too expensive, sold as a system with options that don't work for me, not available in Canada, or compatibility/stability problems.

    This would be matching more to the Supermicro X11SBA-LN4F-O and not the ASUS Q87T available over newegg.com for $154.



  • That would be enough to disqualify it for me

    This comment was because of the Realtek NIC-Performance on Realtek is poor.

    This allows anybody to built a nice pfSense box strong as he needs it and upgradeable from the lowest bottom
    to the highest top. So I don´t understand what should be wrong with it.

    VERY GOOD POINT - I like this one. 
    If it was not for the NIC issue, I would have looked at it.  Would need to see if I could put in an M350 and still keep it cool and quiet. Faster processors need big heat sinks and/or fans which would be a problem for my application as I need small and quiet.

    And if the dimensions are counting or are important you could also have a better look on a fully assembled
    Supermicro SuperServer E200-9B in the mini-ITX format and matching well all criteria and small on top of all.

    I'm looking at this, but will likely buy the X11SBA-LN4F-O motherboard (which is the board used in that server),
    and install it in an M350  http://www.mini-box.com/M350-universal-mini-itx-enclosure  because of:

    Thanks for the input.  :)


Log in to reply