Mainboard for Router (pfsense)

[dieserkai]

Hey,

 

i'm currently thinking about building a new home Router. I thought about running pfsense or something comparable on it.

The main focus is on a low power consumption. Also it should be able to handle at least 2*10gbit. It doesn't need so much ports or any wireless lan.

 

I plan on buying two ubiquity Access Point for wireless lan.

 

I've found the supermicro X10SDV series. They come with a intel D1508 cpu and with two 10GB nics on board. I'm not quite sure if the CPU is powerful enough to handle those 10G ports.

 

Does anyone have one of those boards and is it really capable to handle the 2 x 10gbit/s

 

best regards,

Kai

[Electronics Wizardy]

What is your wan speed?

 

What features do you need? VPN? IPS? 

 

CPU requirements vary on usage and network speed, so we need to know that first. 

 

[dieserkai]

the wan speed is irrelevant. i want to have the possibillity to run 10gbit/s to connect my nas with full speed. So it need to be capable of 10gbit/s.

[Donut417]

6 hours ago, dieserkai said:

the wan speed is irrelevant. i want to have the possibillity to run 10gbit/s to connect my nas with full speed. So it need to be capable of 10gbit/s.

PFsence doesn’t act like a Switch well. Most people who use it have 1 interface for Wan and one for LAN. Then they use a Switch to provide more LAN ports. So what you should look for is a Switch that has 2 10Gbps ports. 

 

The reason @Electronics Wizardy Is asking about WAN is because depending on your WAN connection and the other stuff asked, depends on the CPU suggestions we can give. As you need enough CPU to do NAT. Fast connections like 1Gbps need more than let’s say a100Mbps connection. 

[Alex Atkin UK]

For low power consumption, you are better off buying a pre-built appliance as they use laptop parts.  Desktop motherboards are not energy efficient down to the low wattage savings you will be trying to achieve for a router.  You can easily end up with a CPU twice as powerful using less power than a desktop equivalent. (which is pretty much what happened when I changed mine)

 

As mentioned above, for 10Gbit you'll need a Switch.  A good pfSense box will software switch at Gigabit without any trouble, but 10Gbit it really wont.

[dieserkai]

The pfsense (or something comparable) needs the 10GB as its connection to the switch.  I want to be future proof and don't want to bottleneck myself when i start to invest a few thousand bucks on such a system.  Therefore i need one 10G port for the WAN connection and one to the switch.

 

There are low power embedded boards available, like the mentioned super micro board with a Pentium D1508 and 2x10GB ports, or something like the ibase MBN802 wit a 8 core Intel atom and 4 x 10GB/s

 

Both are advertised with a 25w TDP. My question was if the CPU of those boards are powerful enough to handle those 10gbit/s interfaces.

 

Currently i have just a cable internet connection, but looking for hardware for a future FTTH connection.

 

[Electronics Wizardy]

41 minutes ago, dieserkai said:

The pfsense (or something comparable) needs the 10GB as its connection to the switch.  I want to be future proof and don't want to bottleneck myself when i start to invest a few thousand bucks on such a system.  Therefore i need one 10G port for the WAN connection and one to the switch.

 

There are low power embedded boards available, like the mentioned super micro board with a Pentium D1508 and 2x10GB ports, or something like the ibase MBN802 wit a 8 core Intel atom and 4 x 10GB/s

 

Both are advertised with a 25w TDP. My question was if the CPU of those boards are powerful enough to handle those 10gbit/s interfaces.

 

Currently i have just a cable internet connection, but looking for hardware for a future FTTH connection.

 

What is your wan speed? What features do you want? Thats what we need to know if the router will be enough.

 

Do you have a network diagram?
 

Your router should only be touching the wan traffic. A switch is much better at dealing with LAN traffic. If you need to route your lan traffic with subnets, get a l3 switch instaed, there much bet better at this.

 

If you don't have >1gbe internet now, id just get a board with no 10gbe as it won't help you at all here. 

[dieserkai]

as i already mentioned. my current wan speed is irrelevant. I want to be future proof to avoid that i have to upgrade in 3 years. my goal is a 10G solution. so the hardware has to be capable of handling 10g throughput. It needs to be powerful enough to route 10G between to interfaces.

 

i know what a router should do and what not. I know what pfsense is capable of and what not. neither a network diagram, nor any information about my usage is relevant to answer my main question:

 

Is a Pentium D1508 or a Atom C3758 really powerful enough to handle at least 2 x 10G of bandwidth. This question is about experience with the corresponding hardware.

 

So: just ignore anything else, just focus on the question if those cpu's are powerful enough for 2 x 10G

 

I know that i will also need a switch, thats nothing we need to discuss.

 

So please stop focusing on what you think i need. i know exactly what i need / want.

 

All i need in this thread are experience reports for 2 x 10G capable embedded mainboards with a TDP below 35w

 

 

[Electronics Wizardy]

4 minutes ago, dieserkai said:

 

i know what a router should do and what not. I know what pfsense is capable of and what not. neither a network diagram, nor any information about my usage is relevant to answer my main question:

There are a lot of features like vpn's, ips and other features that need much more cpu power. Do you need to use them.

 

4 minutes ago, dieserkai said:

Is a Pentium D1508 or a Atom C3758 really powerful enough to handle at least 2 x 10G of bandwidth. This question is about experience with the corresponding hardware.

The answer is it depends on what you want to do with that bandwidth. Your not running ips on 10gbe with a pentium.

 

 

[mynameisjuan]

2 hours ago, dieserkai said:

i know what a router should do and what not. I know what pfsense is capable of

 

2 hours ago, dieserkai said:

Is a Pentium D1508 or a Atom C3758 really powerful enough to handle at least 2 x 10G of bandwidth. 

You obviously vdont know what it's capable of. 10gig is not possible right now (will be in the near future) but definitely are not going to get close to 10gig on an atom or Pentium.

 

Highest I've seen people pull is 8gig with just routing, no firewall, queues, switching...etc

 

5 hours ago, dieserkai said:

Therefore i need one 10G port for the WAN connection and one to the switch. 

You are not future proofing yourself, 10gig to the home is no where close to ready for the public, at least in the us.

 

You seem to be snippy with others helping you while also having unrealistic expectations. 10gig routing is not cheap nor power efficient.

 

It's laughable that you want 10gig routing at 35w. You're pulling that in the NIC cards alone

[Alex Atkin UK]

Yet I thought I went overkill with an i5-7200U for an under 100Mbit connection! (should be able to handle well over a Gigabit based on other users reports, though I do run several OpenVPN clients too)

Quite frankly, NOTHING is 10Gig capable right now as pfSense itself can't handle it yet.

I believe pfSense 2.5 is supposed to fix that, but you're likely talking a very high-end CPU to achieve that.

Just look at it logically, if you can route Gigabit at 15W or so, then you're potentially going to need 150W to route 10Gig.  The money wasted on electricity between now and when you actually NEED 10Gig support (because even idle desktop parts are unlikely to pull less than 40-60W or so) could easily pay for a newer, more more efficient router years down the line once 10Gig broadband is actually available.  You can't even be sure the hardware will still function by then.

[Tony V11]

I stumbled on this tread while searching for a similar answer that OP wanted to find. Here is my take, hopefully this helps the next peer

 

I was considering as well Supermicro's X10SDV series Pentium D-1508 with 2 core /4 threads (which is a rebrand/downscaled Xeon D) and 10gbe NICs to future proof my new 1U pfSense router. With work from home becoming more prevalent and multi-gig fiber more available in metro areas, this makes sense. So to find out what can a 2-core CPU can do in pfSense I researched Netgate's appliances page where they post the IPERF and IMIX tests for their hardware. The Pentium D-1508 would fall between their SG-3100 (ARM 2core) and SG-5100 (Atom 4core) specs which roughly translates into 1.5 Gbps of Firewall traffic and 350 mpbs of IPSec VPN using IMIX chart which more realistic scenario.

 

So to answer the OP's original question, the Pentium D-1508 with pfSense 2.4 won't be suffice above 2 gigabit internet connection. The Xeon D-1518 35W is really the sweet spot for a firewall appliance. With future pfSense 2.5 optimizations this CPU might actually be able to route above 2 gig.

 

Important notes to mention here. The  Intel D15x8 SKUs are specifically designed for edge networking. They should perform better than any other 2 core CPUs as they take advantage of QuickAssist accelerator.

Source: https://www.anandtech.com/show/11152/intel-announces-xeon-d1500-network-series-socs-with-quickassist-four-10-gbe-ports

 

Side note: I Initially tested the 4-core 45W variant Xeon D-1521 which gets melting hot. It absolutely needs active cooling. Not recommended for 1U case and household temps.

[eece_ret]

I agree the Xeon SOC variants are most likely your best bet.

 

 

 

Depending on what you are trying to do here will dictate your hardware requirements.

 

 

 

The aforementioned quick assist will only be helpful for IPSEC and payload compression.

You will need a multiport 10G-BaseT swtich.  Do your switching there.  Attempting to do it all on teh router is a mistake often made by those more familiar with consumer equipment where Switching Routing and Wifi are all integrated.  If you are trying to "future proof" (exercise in futility) it would behoove you to approach this with an enterprise mindset and architecture.

 

If you MUST have disparate internal routed segments, then do so with a purpose built router south of your network border.  In this way you can achieve full line speed routing without a session table in the mix.

Then you can peer in your pfSense/whaterver at your network border.

In this design you are spending your cash where you will actually see a benefit.  Throwing all your cash at a Xeon based router that will sit there until FTTH happens isnt going to be helpful.

 

So think of it this way.  If you really want to future proof....  Build your core, not your border as you have no need for blazing stuff at your border.  Once the FTTH/etc future thing happens, build your blazing border router THEN. This will allow you to construct using silicon and software which will have evolved etc in the interim.  This strategy will yield an infrastructure with vastly greater potential to achieve 10G routing on general purpose CPU.  As your Core would already be 10G+ (dont forget ether lag as a way to beef up your interconnects)...

 

[S1N7H3T1C]

I'll just throw it out there (since 10Gbps seems to be a sticking point here)

 

The Unifi Dream Machine Pro does offer both a 10Gbps SFP+ WAN and LAN port.

 

I know.. it's not pfsense, but it's an edge solution that fits that requirement for you, while still offering pretty granular level control of your network. 

[eece_ret]

So there is another option.  From the folks who bring you pfSense, is their TNSR project/product.  Recently made free for HOME/Personal use.

https://docs.netgate.com/tnsr/en/latest/intro/index.html

The stated goal of this project is to achieve 10G and beyond on server grade off the shelf hardware.

If you have the chops, then one of those SuperMicro Xeon Boards and an Intel X-5xx network adapter should get you there.

 

But again....   I wouldnt worry about the border.  Concentrate on your core.