PFsense on NVMe Drive: Will it work?

[techwiz1929]

I wanted to buy a Thinkcentre M720 Tiny so i could install pfsense on it. However, if you add the Intel i350 NIC you can't have a 2.5 inch ssd, only the 128gb nvme ssd. I am fine with that since the nvme ssd is actually cheaper in the end for some reason.

 

But my question is will the NVMe drive work in pfsense? I had a post in the pfsense reddit showing the M720 below and one guy said I may have issues with NVMe drives since he had issues in PFsense with certain drives not showing up and getting errors or something. IDK if that guy was a Netgate shill and trying to scare me off from buying my own hardware, but I just wanted to confirm before I buy and have to wait a couple weeks.

 

 

[Electronics Wizardy]

IDK why you would by this new for a pfsense box, id get something used, like a dell r220 or if you want new, get a nuc with 2 ethernet ports.

 

BUt it should boot from nvme fine. Could also use a usb drive

[Alex Atkin UK]

That does seem overkill for pfSense depending on what you are doing with it and your broadband speed.  Generally I'd go for something with laptop hardware/NUC as that can be the difference between 10-20w vs desktop hardware that is usually 50W+ and could be even more.

Do you need to 4 ports for actual different LANs/WANs or are you thinking of using them just as LAN ports, as its generally a better idea to stick to a proper hardware switch.

I haven't checked how things are on the current build, but when I first installed pfSense I noticed the power consumption when idle was several watts higher than on Linux as FreeBSD doesn't seem to prioritise power management.  On desktop hardware that could be quite a big difference.

This is of course combined with the "it should work but we can't be sure" of using NVME.  Where is the discussion you had, as if it was before FreeBSD 11 it would have been far less likely to work than today, although I'd still be wary.

[techwiz1929]

22 minutes ago, Electronics Wizardy said:

IDK why you would by this new for a pfsense box, id get something used, like a dell r220 or if you want new, get a nuc with 2 ethernet ports.

 

BUt it should boot from nvme fine. Could also use a usb drive

This is for home and unfortunately I dont have a rack mount or space for those dell servers everyone always mentions. And for my gigabit internet I wanted something powerful which also has power left over for add on packages

[Electronics Wizardy]

1 minute ago, techwiz1929 said:

This is for home and unfortunately I dont have a rack mount or space for those dell servers everyone always mentions. And for my gigabit internet I wanted something powerful which also has power left over for add on packages

Id just get a used optiplex then. Something like a optiplex 3020 is still that same size, but cheaper and faster.

[techwiz1929]

2 minutes ago, Alex Atkin UK said:

That does seem overkill for pfSense depending on what you are doing with it and your broadband speed.  Generally I'd go for something with laptop hardware/NUC as that can be the difference between 10-20w vs desktop hardware that is usually 50W+ and could be even more.

Do you need to 4 ports for actual different LANs/WANs or are you thinking of using them just as LAN ports, as its generally a better idea to stick to a proper hardware switch.

I haven't checked how things are on the current build, but when I first installed pfSense I noticed the power consumption when idle was several watts higher than on Linux as FreeBSD doesn't seem to prioritise power management.  On desktop hardware that could be quite a big difference.

This is of course combined with the "it should work but we can't be sure" of using NVME.  Where is the discussion you had, as if it was before FreeBSD 11 it would have been far less likely to work than today, although I'd still be wary.

 

Yes lol its overkill, but for my gigabit internet the netgate products couldn't handle it without maxing the cpu out or spending $700 of the sg5100 which is double this price. The discussion was on reddit just today:

 

[Alex Atkin UK]

10 minutes ago, techwiz1929 said:

This is for home and unfortunately I dont have a rack mount or space for those dell servers everyone always mentions. And for my gigabit internet I wanted something powerful which also has power left over for add on packages

That's a fair point, also the bonus of having desktop hardware is you can at least upgrade the CPU if you find somehow you need even more power.

 

I do find the difference in performance to power consumption on Intel CPUs kind of boggling though. https://www.cpubenchmark.net/compare/Intel-i5-7200U-vs-Intel-Pentium-Gold-G5400/2865vs3248

Its always a bit of a puzzle with pfSense as nobody seems to know for sure what you need for Gigabit.  My box (in my sig) supposedly can do it, but I'm not sure if that's with PPPoE, OpenVPN, etc.  Probably a few years before I can find out as even though there is a chance I can get fibre in the next year, Gigabit is still stupidly expensive whereas 330Mbit Fibre costs the same as I'm paying for two VDSL lines right now.

[techwiz1929]

11 minutes ago, Alex Atkin UK said:

That's a fair point, also the bonus of having desktop hardware is you can at least upgrade the CPU if you find somehow you need even more power.

 

I do find the difference in performance to power consumption on Intel CPUs kind of boggling though. https://www.cpubenchmark.net/compare/Intel-i5-7200U-vs-Intel-Pentium-Gold-G5400/2865vs3248

Its always a bit of a puzzle with pfSense as nobody seems to know for sure what you need for Gigabit.  My box (in my sig) supposedly can do it, but I'm not sure if that's with PPPoE, OpenVPN, etc.  Probably a few years before I can find out as even though there is a chance I can get fibre in the next year, Gigabit is still stupidly expensive whereas 330Mbit Fibre costs the same as I'm paying for two VDSL lines right now.

Having gigabit is a blessing and a curse lol. You need really powerful hardware to push those packets but you also never have to wait for a download

 

Also the cpu in that pc is the g5400T the T is the lower clocked version and takes a bit less power. The only thing holding me back from getting the lenovo is the nvme issue, but if nvme doesnt indeed workout I may just get another mini pc or something. 

 

https://www.cpubenchmark.net/compare/Intel-i5-7200U-vs-Intel-Pentium-Gold-G5400-vs-Intel-Pentium-Gold-G5400T/2865vs3248vs3329

[Electronics Wizardy]

2 minutes ago, techwiz1929 said:

Having gigabit is a blessing and a curse lol. You need really powerful hardware to push those packets but you also never have to wait for a download

  

Also the cpu in that pc is the g5400T the T is the lower clocked version and takes a bit less power. The only thing holding me back from getting the lenovo is the nvme issue, but if nvme doesnt indeed workout I may just get another mini pc or something. 

 

https://www.cpubenchmark.net/compare/Intel-i5-7200U-vs-Intel-Pentium-Gold-G5400-vs-Intel-Pentium-Gold-G5400T/2865vs3248vs3329

Nvme should work fine.

 

Also why pfsense, there are lots of other ngfws out there id try aswell. Look at untangle.

 

17 minutes ago, Alex Atkin UK said:

I do find the difference in performance to power consumption on Intel CPUs kind of boggling though. https://www.cpubenchmark.net/compare/Intel-i5-7200U-vs-Intel-Pentium-Gold-G5400/2865vs3248

 

That chip won't actually use 54w, thats the tdp rating they give it and its means almost nothing.

 

Also those mobile chips will use much more than tdp if cooling lets them,

 

TDP != power usage

[Alex Atkin UK]

Ah stupid search, I DID search for the T but it picked up the wrong link.

 

But yeah before I got the dedicated appliance I had a low-power CPU myself, but it still pulled about 30-40W as I recall compared to the appliance which is actually faster.

[Alex Atkin UK]

4 minutes ago, Electronics Wizardy said:

Nvme should work fine.

 

Also why pfsense, there are lots of other ngfws out there id try aswell. Look at untangle.

 

That chip won't actually use 54w, thats the tdp rating they give it and its means almost nothing.

 

Also those mobile chips will use much more than tdp if cooling lets them,

 

TDP != power usage

True, but its a decent guideline for those generation CPUs.   I specifically went from a 45W chip to a 15W chip and the real-world difference in power consumption was quite close to the relative different in TDP.

Part of the issue is desktop boards use a lot of power on their own, laptop chipsets are more optimised for low power.

You make a fair point though, a Linux based OS would likely bring the power consumption down too, although I'm happy with pfSense myself.  BSD networking is supposed to be every so slightly more efficient and I saw the difference with my own eyes as I had been using an x86 build of OpenWRT prior.

Granted, many kernel changes since then so I have no clue how it compares today.  I think QoS is in a better state on Linux than BSD now, but then would you even need it on Gigabit?

[techwiz1929]

5 minutes ago, Electronics Wizardy said:

Nvme should work fine.

 

Also why pfsense, there are lots of other ngfws out there id try aswell. Look at untangle.

 

That chip won't actually use 54w, thats the tdp rating they give it and its means almost nothing.

 

Also those mobile chips will use much more than tdp if cooling lets them,

 

TDP != power usage

pfsense mainly since it's free and for home use that's good and it fulfills my needs tbh. I think the last time i checked you pay for untangle right? I think if I was using this at work I would probably go that route though.

[Electronics Wizardy]

Just now, techwiz1929 said:

pfsense mainly since it's free and for home use that's good and it fulfills my needs tbh. I think the last time i checked you pay for untangle right? I think if I was using this at work I would probably go that route though.

untangle has a free version that has most all of the features a home user needs, or $50 a year for almost everything on a home license. Give it a shot, I like it.