pfSense Support Subscription

Author Topic: Zotac ZBOX CI323 nano  (Read 45689 times)

0 Members and 1 Guest are viewing this topic.

Offline rajl

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #15 on: February 05, 2016, 08:32:04 pm »
Interesting.  Have you tested the same chip with another OS that supports netmap? I know Linux has different drivers and supports netmap.  If Linux exhibits the same or similar behavior, then the problem is with the chip itself most likely.  If Linux runs better, then the problem is probably with the BSD code (and likely fixable).

Offline interfasys

  • Newbie
  • *
  • Posts: 14
  • Karma: +5/-0
    • View Profile
    • interfaSys ltd
Re: Zotac ZBOX CI323 nano
« Reply #16 on: February 05, 2016, 08:37:21 pm »
Interesting.  Have you tested the same chip with another OS that supports netmap? I know Linux has different drivers and supports netmap.  If Linux exhibits the same or similar behavior, then the problem is with the chip itself most likely.  If Linux runs better, then the problem is probably with the BSD code (and likely fixable).
Not yet. I need to boot into IPFire or something and apply the same pkt-gen test

Offline rajl

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #17 on: February 06, 2016, 08:56:12 am »
Interesting.  Have you tested the same chip with another OS that supports netmap? I know Linux has different drivers and supports netmap.  If Linux exhibits the same or similar behavior, then the problem is with the chip itself most likely.  If Linux runs better, then the problem is probably with the BSD code (and likely fixable).
Not yet. I need to boot into IPFire or something and apply the same pkt-gen test

Well, if you end up testing it out, let me know.  I would be interested in the results.  I just bought one of these things to use as my first PFSense box, but am a little concerned after reading this thread.  But maybe I shouldn't be since I was planning on using Snort instead of Suratica (unless Snort uses netmap also and I am just unaware).

Offline interfasys

  • Newbie
  • *
  • Posts: 14
  • Karma: +5/-0
    • View Profile
    • interfaSys ltd
Re: Zotac ZBOX CI323 nano
« Reply #18 on: February 06, 2016, 09:02:53 am »
netmap is the future, for IPS or just packet forwarding with netmap-fw. I'm sure the problem will be fixed eventually. It could simply be a problem with the 8111G revision. FreeNAS users had similar issues a few years back and were forced to use the Realtek drivers while waiting for a fix, so I think it will just be a matter of being patient (or paying someone to fix the problem).

Offline PjotterThisIs

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #19 on: February 10, 2016, 09:54:29 am »
I've bought the same Zbox (CI323). I would like to do the same thing: Install XenServer and install pfSense or rather Sophos UTM in a VM.

However, I've a probably simple (noob) question: When you install XenServer, you need to specify an IP address etc. But the VM inside this machine is going to be my router, so how is that going to work?

Can anybody help me?

Offline rajl

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #20 on: February 11, 2016, 09:09:22 am »
Not sure.  But this question is probably better answered by the guys who hang out in the Virtualization sub-thread.  Those guys use Xen-Server and VMWare all the time.

Offline PjotterThisIs

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #21 on: February 11, 2016, 09:29:09 am »
Thanks a lot! I've a look at that!

Offline ddarlington36

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #22 on: February 28, 2016, 09:20:27 am »
Really following this thread for the updates,  I'm about to purchase one of these boxes for the same purpose as most here 'pfsense'  guess I'll be using xenserver if  exsi 6.0 doesn't work with the hardware yet was hoping it would

Main role will be openvpn client/pia  plus a PBX voice server with the use of a vlan switch and exclude the VPN to just a certain IP range 

had hopes of using wireless without having to bridge another router
I don't have any issues with replacing the actual WiFi card with one that works I just need advice on which wireless card  to use looking to use dual band ac 1200/  I see a lot of people can't get theirs to work either. Are most of the conflicts just driver support not up to date yet..

Offline rajl

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #23 on: February 29, 2016, 10:55:36 am »
I'm waiting for PFSense 2.3 to hit release before putting this Zotac through it's paces.  However, PFSense 2.3 probably won't hit release until FreeBSD 10.3 is released at the end of March.  I'll be happy to report my experiences on this thread when I do.  However, I would not anticipate any problems.  The hardware is well supported and the only potential issue is using netmap with Suricata on this device (I am more of a Snort guy).

Offline Hugh Jorgan

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #24 on: March 09, 2016, 12:39:46 pm »
Hey guys! I bought a Zotac CI-323 and have had the same experience as OP. Need to make this into a wireless router/dns sinkhole. I can boot pfsense daily without issue, I just dont know how to set this up entirely.

Offline Rango

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +1/-1
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #25 on: March 22, 2016, 12:17:53 am »
Hi guys. I just purchased this box as well. How long did you guys wait before it got to your house?
As far as ESXi 6 and realtek driver it seem this has been fixed by injecting net55-r8168 driver into esxi iso image before installing. If you can confirm that this works would be great
.
http://www.v-front.de/2015/03/vsphere-6-is-ga-ultimate-guide-to.html

Realtek 8168 and VMware 6.0 :

net55-r8168-8.039.01-napi.x86_64.vib

I've also read some threads of some random disconnect in other thread on pfsense forum but that also seem to be fixed. I'm assuing you it's smooth sailing for you guys since it's been a while since you guys posted.

Looking forward to feedback on this box and hoping to get it soon. Hope you guys can assist me if i run into trouble he he.

Offline movax

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #26 on: March 24, 2016, 05:25:42 pm »
Hi.

So, did anybody done some performance tests on this little thing? (pfsense, FreeBSD, Linux, doesn't matter for me).

I am thinking about getting one, but I would like for it to be able to do IPv4 NAT + IPv6 at full gigabit speed (at ~1KB packets) between two ports. Was somembody able to do this? What was the CPU load?


Thanks!

Offline Rango

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +1/-1
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #27 on: March 24, 2016, 06:24:48 pm »
Hi.

So, did anybody done some performance tests on this little thing? (pfsense, FreeBSD, Linux, doesn't matter for me).

I am thinking about getting one, but I would like for it to be able to do IPv4 NAT + IPv6 at full gigabit speed (at ~1KB packets) between two ports. Was somembody able to do this? What was the CPU load?


Thanks!

Throughput testing even with openvpn is tested in this thread. It will easily do 100Mbps on openvpn and 400Mbps on unencrypted lan, although i think intel nic are better but for that you would need to spend $360 plus unless u wanna do applicence but then no vga card. I think this will improve once the drivers get worked out maybe in 2.3 release?

https://forum.pfsense.org/index.php?topic=87217.15

Offline movax

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #28 on: March 24, 2016, 07:31:21 pm »
Hi.

So, did anybody done some performance tests on this little thing? (pfsense, FreeBSD, Linux, doesn't matter for me).

I am thinking about getting one, but I would like for it to be able to do IPv4 NAT + IPv6 at full gigabit speed (at ~1KB packets) between two ports. Was somembody able to do this? What was the CPU load?


Thanks!

Throughput testing even with openvpn is tested in this thread. It will easily do 100Mbps on openvpn and 400Mbps on unencrypted lan, although i think intel nic are better but for that you would need to spend $360 plus unless u wanna do applicence but then no vga card. I think this will improve once the drivers get worked out maybe in 2.3 release?

https://forum.pfsense.org/index.php?topic=87217.15

I seen openvpn results.

I must have missed 400Mbps on unencrypted lan however. I am somehow disappointed about the performance then. Still it doesn't tell if it was due cpu being fully loaded, or something else being a bottleneck, or whatever it was actually trying to load it to the limits.

If you say the drivers might be an issue, would Linux behave possibly better here?

Thanks again!

(I already have a router that is doing about 900Mbps routing and nat, on a almost 10 year old machine. I am just searching for something much smaller and power efficient).

Offline Rango

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +1/-1
    • View Profile
Re: Zotac ZBOX CI323 nano
« Reply #29 on: March 24, 2016, 07:56:56 pm »
Hi.

So, did anybody done some performance tests on this little thing? (pfsense, FreeBSD, Linux, doesn't matter for me).

I am thinking about getting one, but I would like for it to be able to do IPv4 NAT + IPv6 at full gigabit speed (at ~1KB packets) between two ports. Was somembody able to do this? What was the CPU load?


Thanks!

Throughput testing even with openvpn is tested in this thread. It will easily do 100Mbps on openvpn and 400Mbps on unencrypted lan, although i think intel nic are better but for that you would need to spend $360 plus unless u wanna do applicence but then no vga card. I think this will improve once the drivers get worked out maybe in 2.3 release?

https://forum.pfsense.org/index.php?topic=87217.15

I seen openvpn results.

I must have missed 400Mbps on unencrypted lan however. I am somehow disappointed about the performance then. Still it doesn't tell if it was due cpu being fully loaded, or something else being a bottleneck, or whatever it was actually trying to load it to the limits.

If you say the drivers might be an issue, would Linux behave possibly better here?

Thanks again!

(I already have a router that is doing about 900Mbps routing and nat, on a almost 10 year old machine. I am just searching for something much smaller and power efficient).


Don't quote me on 400Mbps as this is what i've seen on different website and could be untrue. I know Realtek will have less throughput then intel nics but i don't really know by how much. I've only looked into openvpn honestly. I may do higher then what i've posted. Freebsd will have an update in april so this may be resolved by then.
Don't think linux will be any different as this is driver related, meaning realtek driver and some better hardware capability of intel nic design.
If you're looking for true 1Gbs performace i would focus on intel nics but you will pay 3x more or you will have to wait and build yourself PC applience with only console access and no vga. That will be in same price range as NUC but you will only have access via console port. I don't like this personally and i don't care for 1GB peformace yet.
You're always limited by ISP speed anyway unless you're doing your own LAN and care about that but not sure what application at home you would need for true 1gb performace.

If you don't care about spending $360-$450 go with atom cpu and one of those boards with intel nic posted somewhere in this forum.