Netgate SG-1000 microFirewall

Author Topic: PC Engines apu2 experiences  (Read 48140 times)

0 Members and 1 Guest are viewing this topic.

Offline dugeem

  • Newbie
  • *
  • Posts: 19
  • Karma: +5/-0
    • View Profile
PC Engines apu2 experiences
« on: February 05, 2016, 09:36:59 pm »
Hello all,

Thought I'd start a dedicated thread on the apu2 for tips, comments and feedback.

PC Engines link to product page is http://www.pcengines.ch/apu2b2.htm

Board form factor is identical to alix and apu1 - although note that apu LAN port numbering is reversed from alix. A 12V/1.5A power supply is required.

There are currently two versions of BIOS:
  • standard version with mSata/Sata/USB boot support dated 160120, and
  • alternate version supporting SD card & USB boot dated 151106

My apu2b4 is running pfSense 2.2.6 with BIOS 160120 and a Toshiba mSata SSD. Previously was running an alix 2d13.

Upstream my apu2 has 2 WANs - a 34Mb/s HFC/DOCSIS service (IPv4 only) and a 10Mb/s DSL line (IPv4 & IPv6). The Alix could manage this bandwidth okay but throw in incoming requests to a NTP pool server (~2k - 20k states) and the memory was getting tight.

Dmesg output:

Code: [Select]
Copyright (c) 1992-2014 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.1-RELEASE-p25 #0 c39b63e(releng/10.1)-dirty: Tue Dec 22 16:57:00 CST 2015
    root@pfs22-amd64-builder:/usr/obj.RELENG_2_2.amd64/usr/pfSensesrc/src.RELENG_2_2/sys/pfSense_SMP.10 amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: AMD GX-412TC SOC                                (998.15-MHz K8-class CPU)
  Origin = "AuthenticAMD"  Id = 0x730f01  Family = 0x16  Model = 0x30  Stepping = 1
  Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x3ed8220b<SSE3,PCLMULQDQ,MON,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C>
  AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
  AMD Features2=0x1d4037ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT,Topology,PNXC,DBE,PTSC,PL2I>
  Structured Extended Features=0x8<BMI1>
  TSC: P-state invariant, performance statistics
real memory  = 4815060992 (4592 MB)
avail memory = 4095557632 (3905 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <CORE   COREBOOT>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
 cpu2 (AP): APIC ID:  2
 cpu3 (AP): APIC ID:  3
ioapic1: Changing APIC ID to 5
ioapic0 <Version 2.1> irqs 0-23 on motherboard
ioapic1 <Version 2.1> irqs 24-55 on motherboard
wlan: mac acl policy registered
random: <Software, Yarrow> initialized
module_register_init: MOD_LOAD (vesa, 0xffffffff80fc4290, 0) error 19
kbd0 at kbdmux0
cryptosoft0: <software crypto> on motherboard
padlock0: No ACE support.
acpi0: <CORE COREBOOT> on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
cpu2: <ACPI CPU> on acpi0
cpu3: <ACPI CPU> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x818-0x81b on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 2.2 on pci0
pcib1: failed to allocate initial I/O port window: 0x1000-0x1fff
pci1: <ACPI PCI bus> on pcib1
igb0: <Intel(R) PRO/1000 Network Connection version - 2.4.0> mem 0xfe600000-0xfe61ffff,0xfe620000-0xfe623fff at device 0.0 on pci1
igb0: Using MSIX interrupts with 5 vectors
igb0: Ethernet address: 00:0d:b9:XX:YY:ZZ
igb0: Bound queue 0 to cpu 0
igb0: Bound queue 1 to cpu 1
igb0: Bound queue 2 to cpu 2
igb0: Bound queue 3 to cpu 3
pcib2: <ACPI PCI-PCI bridge> at device 2.3 on pci0
pci2: <ACPI PCI bus> on pcib2
igb1: <Intel(R) PRO/1000 Network Connection version - 2.4.0> port 0x2000-0x201f mem 0xfe700000-0xfe71ffff,0xfe720000-0xfe723fff at device 0.0 on pci2
igb1: Using MSIX interrupts with 5 vectors
igb1: Ethernet address: 00:0d:b9:XX:YY:ZZ
igb1: Bound queue 0 to cpu 0
igb1: Bound queue 1 to cpu 1
igb1: Bound queue 2 to cpu 2
igb1: Bound queue 3 to cpu 3
pcib3: <ACPI PCI-PCI bridge> at device 2.4 on pci0
pci3: <ACPI PCI bus> on pcib3
igb2: <Intel(R) PRO/1000 Network Connection version - 2.4.0> port 0x3000-0x301f mem 0xfe800000-0xfe81ffff,0xfe820000-0xfe823fff at device 0.0 on pci3
igb2: Using MSIX interrupts with 5 vectors
igb2: Ethernet address: 00:0d:b9:XX:YY:ZZ
igb2: Bound queue 0 to cpu 0
igb2: Bound queue 1 to cpu 1
igb2: Bound queue 2 to cpu 2
igb2: Bound queue 3 to cpu 3
pci0: <encrypt/decrypt> at device 8.0 (no driver attached)
xhci0: <XHCI (generic) USB 3.0 controller> mem 0xfeb22000-0xfeb23fff at device 16.0 on pci0
xhci0: 32 byte context size.
usbus0 on xhci0
ahci0: <AMD Hudson-2 AHCI SATA controller> port 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem 0xfeb25000-0xfeb253ff at device 17.0 on pci0
ahci0: AHCI v1.30 with 2 6Gbps ports, Port Multiplier supported with FBS
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ehci0: <EHCI (generic) USB 2.0 controller> mem 0xfeb25400-0xfeb254ff at device 19.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
isab0: <PCI-ISA bridge> at device 20.3 on pci0
isa0: <ISA bus> on isab0
sdhci_pci0: <Generic SD HCI> mem 0xfeb25500-0xfeb255ff at device 20.7 on pci0
sdhci_pci0: 1 slot(s) allocated
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: console (115200,n,8,1)
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc0fff,0xef000-0xeffff on isa0
ppc0: cannot reserve I/O port range
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
hwpstate0: <Cool`n'Quiet 2.0> on cpu0
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
random: unblocking device.
usbus0: 5.0Gbps Super Speed USB v3.0
usbus1: 480Mbps High Speed USB v2.0
ugen0.1: <0x1022> at usbus0
uhub0: <0x1022 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
ugen1.1: <AMD> at usbus1
uhub1: <AMD EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
uhub0: 4 ports with 4 removable, self powered
uhub1: 2 ports with 2 removable, self powered
ugen1.2: <vendor 0x0438> at usbus1
uhub2: <vendor 0x0438 product 0x7900, class 9/0, rev 2.00/0.18, addr 2> on usbus1
uhub2: 4 ports with 4 removable, self powered
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <TOSHIBA THNSNJ128GMCU JUT10101> ATA-9 SATA 3.x device
ada0: Serial Number 64BAXXXXXXXX
ada0: 600.000MB/s transfers (SATA 3.x, UDMA5, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 122104MB (250069680 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad4
SMP: AP CPU #1 Launched!
SMP: AP CPU #3 Launched!
SMP: AP CPU #2 Launched!
Timecounter "TSC" frequency 998149610 Hz quality 1000
Trying to mount root from ufs:/dev/ufsid/56ab799e3048e296 [rw]...
padlock0: No ACE support.
aesni0: <AES-CBC,AES-XTS,AES-GCM> on motherboard
igb1: link state changed to UP
ng0: changing name to 'pppoe1'
igb2: link state changed to UP
igb0: link state changed to UP
tun1: changing name to 'ovpns1'
pflog0: promiscuous mode enabled
ovpns1: link state changed to UP

Offline dugeem

  • Newbie
  • *
  • Posts: 19
  • Karma: +5/-0
    • View Profile
apu2 OpenSSL AES performance
« Reply #1 on: February 05, 2016, 10:14:16 pm »
With aesni kernel module loaded:

Code: [Select]
openssl speed -elapsed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc       1527.90k     5867.93k    21607.17k    65414.14k   162611.20k

openssl speed -elapsed -evp aes-256-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc       1512.18k     5761.15k    20833.28k    58732.20k   127229.95k

With aesni kernel module unloaded (i.e. use openssl internal AES-NI support):

Code: [Select]
openssl speed -elapsed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc     125586.59k   174393.26k   213315.07k   226097.49k   230883.33k

openssl speed -elapsed -evp aes-256-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     100216.39k   136148.85k   157464.49k   162677.42k   165601.28k

Offline dugeem

  • Newbie
  • *
  • Posts: 19
  • Karma: +5/-0
    • View Profile
apu2 powerd issues
« Reply #2 on: February 05, 2016, 11:09:55 pm »
Enabled PowerD in System: Advanced: Miscellaneous

Later that day noticed that system log was full of message

Code: [Select]
hwpstate0: set freq failed, err 6
Based on comments by yodawg (see thread https://forum.pfsense.org/index.php?topic=106261.msg592098 ) added the lines
 
hint.p4tcc.0.disabled=1
hint.acpi_throttle.0.disabled=1

to /boot/loader.conf.local (you could modify /boot/loader.conf - but it may be overwritten with upgrades)

Some good background info at https://wiki.freebsd.org/TuningPowerConsumption

However in pfSense 2.2.6 (based on FreeBSD 10.1) the problem reoccurred - so I have disabled PowerD for now.
NB Thread above by yodawg is for pfSense 2.3 Beta - so later FreeBSD 10.3 PRERELEASE possibly fixes the issue

Offline yodawg

  • Newbie
  • *
  • Posts: 10
  • Karma: +5/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #3 on: February 06, 2016, 12:57:32 am »
Weird, when I set those on mine i haven't had the messages since. Maybe it has to have something to do with hi adaptive/adapative settings.


Offline dugeem

  • Newbie
  • *
  • Posts: 19
  • Karma: +5/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #4 on: April 07, 2016, 08:11:18 am »
Have recently updated my APU2 from 2.2.6 to 2.3-RC - which was fairly straightforward.

Prior to upgrading, I updated the APU2 BIOS from 160120 to 160307. This BIOS version fixes both the reboot issue mentioned by yodawg (refer https://forum.pfsense.org/index.php?topic=106261.msg592098) and also adds SD boot support (which I have not tested). There is an even later BIOS version 160311 which adds iPXE support. Refer to PC Engines - http://pcengines.ch/howto.htm#bios

NB With the reboot issue fixed, the custom tunables hw.acpi.disable_on_reboot & hw.acpi.handle_reboot can be deleted from System / Advanced / System Tunables.

I have reenabled PowerD albeit with system tuneables:

hint.p4tcc.0.disabled=1
hint.acpi_throttle.0.disabled=1

added to /boot/loader.conf.local

Dmesg output:

Code: [Select]
Copyright (c) 1992-2016 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.3-RELEASE #13 eac8329(RELENG_2_3): Wed Apr  6 06:20:01 CDT 2016
    root@ce23-amd64-builder:/builder/pfsense/tmp/obj/builder/pfsense/tmp/FreeBSD-src/sys/pfSense amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: AMD GX-412TC SOC                                (998.17-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x730f01  Family=0x16  Model=0x30  Stepping=1
  Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x3ed8220b<SSE3,PCLMULQDQ,MON,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C>
  AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
  AMD Features2=0x1d4037ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT,Topology,PNXC,DBE,PTSC,PL2I>
  Structured Extended Features=0x8<BMI1>
  XSAVE Features=0x1<XSAVEOPT>
  SVM: NP,NRIP,AFlush,DAssist,NAsids=8
  TSC: P-state invariant, performance statistics
real memory  = 4815060992 (4592 MB)
avail memory = 4095913984 (3906 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <CORE   COREBOOT>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
 cpu2 (AP): APIC ID:  2
 cpu3 (AP): APIC ID:  3
random: <Software, Yarrow> initialized
ioapic1: Changing APIC ID to 5
ioapic0 <Version 2.1> irqs 0-23 on motherboard
ioapic1 <Version 2.1> irqs 24-55 on motherboard
wlan: mac acl policy registered
netmap: loaded module
kbd0 at kbdmux0
module_register_init: MOD_LOAD (vesa, 0xffffffff810166d0, 0) error 19
cryptosoft0: <software crypto> on motherboard
padlock0: No ACE support.
acpi0: <CORE COREBOOT> on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
cpu2: <ACPI CPU> on acpi0
cpu3: <ACPI CPU> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x818-0x81b on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 2.2 on pci0
pcib1: failed to allocate initial I/O port window: 0x1000-0x1fff
pci1: <ACPI PCI bus> on pcib1
igb0: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> mem 0xfe600000-0xfe61ffff,0xfe620000-0xfe623fff at device 0.0 on pci1
igb0: Using MSIX interrupts with 5 vectors
igb0: Ethernet address: 00:0d:b9:xx:yy:zz
igb0: Bound queue 0 to cpu 0
igb0: Bound queue 1 to cpu 1
igb0: Bound queue 2 to cpu 2
igb0: Bound queue 3 to cpu 3
igb0: netmap queues/slots: TX 4/1024, RX 4/1024
pcib2: <ACPI PCI-PCI bridge> at device 2.3 on pci0
pci2: <ACPI PCI bus> on pcib2
igb1: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0x2000-0x201f mem 0xfe700000-0xfe71ffff,0xfe720000-0xfe723fff at device 0.0 on pci2
igb1: Using MSIX interrupts with 5 vectors
igb1: Ethernet address: 00:0d:b9:xx:yy:zz
igb1: Bound queue 0 to cpu 0
igb1: Bound queue 1 to cpu 1
igb1: Bound queue 2 to cpu 2
igb1: Bound queue 3 to cpu 3
igb1: netmap queues/slots: TX 4/1024, RX 4/1024
pcib3: <ACPI PCI-PCI bridge> at device 2.4 on pci0
pci3: <ACPI PCI bus> on pcib3
igb2: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0x3000-0x301f mem 0xfe800000-0xfe81ffff,0xfe820000-0xfe823fff at device 0.0 on pci3
igb2: Using MSIX interrupts with 5 vectors
igb2: Ethernet address: 00:0d:b9:xx:yy:zz
igb2: Bound queue 0 to cpu 0
igb2: Bound queue 1 to cpu 1
igb2: Bound queue 2 to cpu 2
igb2: Bound queue 3 to cpu 3
igb2: netmap queues/slots: TX 4/1024, RX 4/1024
pci0: <encrypt/decrypt> at device 8.0 (no driver attached)
xhci0: <XHCI (generic) USB 3.0 controller> mem 0xfeb22000-0xfeb23fff at device 16.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
ahci0: <AMD Hudson-2 AHCI SATA controller> port 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem 0xfeb25000-0xfeb253ff at device 17.0 on pci0
ahci0: AHCI v1.30 with 2 6Gbps ports, Port Multiplier supported with FBS
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ehci0: <EHCI (generic) USB 2.0 controller> mem 0xfeb25400-0xfeb254ff at device 19.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
isab0: <PCI-ISA bridge> at device 20.3 on pci0
isa0: <ISA bus> on isab0
sdhci_pci0: <Generic SD HCI> mem 0xfeb25500-0xfeb255ff at device 20.7 on pci0
sdhci_pci0: 1 slot(s) allocated
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: console (115200,n,8,1)
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc0fff,0xef000-0xeffff on isa0
ppc0: cannot reserve I/O port range
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
hwpstate0: <Cool`n'Quiet 2.0> on cpu0
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
random: unblocking device.
usbus0: 5.0Gbps Super Speed USB v3.0
usbus1: 480Mbps High Speed USB v2.0
ugen0.1: <0x1022> at usbus0
uhub0: <0x1022 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
ugen1.1: <AMD> at usbus1
uhub1: <AMD EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
uhub0: 4 ports with 4 removable, self powered
uhub1: 2 ports with 2 removable, self powered
ugen1.2: <vendor 0x0438> at usbus1
uhub2: <vendor 0x0438 product 0x7900, class 9/0, rev 2.00/0.18, addr 2> on usbus1
uhub2: 4 ports with 4 removable, self powered
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <TOSHIBA THNSNJ128GMCU JUT10101> ACS-2 ATA SATA 3.x device
ada0: Serial Number 64BAXXXXXXXX
ada0: 600.000MB/s transfers (SATA 3.x, UDMA5, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 122104MB (250069680 512 byte sectors)
ada0: Previously was known as ad4
SMP: AP CPU #3 Launched!
SMP: AP CPU #2 Launched!
SMP: AP CPU #1 Launched!
Timecounter "TSC" frequency 998166595 Hz quality 1000
Trying to mount root from ufs:/dev/ufsid/56ab799e3048e296 [rw]...
padlock0: No ACE support.
aesni0: <AES-CBC,AES-XTS,AES-GCM,AES-ICM> on motherboard
igb1: link state changed to UP
ng0: changing name to 'pppoe1'
pflog0: promiscuous mode enabled
igb2: link state changed to UP
igb0: link state changed to UP
tun1: changing name to 'ovpns1'
ovpns1: link state changed to UP

Offline dugeem

  • Newbie
  • *
  • Posts: 19
  • Karma: +5/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #5 on: April 07, 2016, 08:27:00 am »
pfSense 2.3-RC - FreeBSD 10.3 - OpenSSL 1.0.1s

With aesni kernel module loaded:

Code: [Select]
openssl speed -elapsed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc       1415.24k     5719.32k    20972.71k    64425.98k   165052.42k

openssl speed -elapsed -evp aes-256-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc       1422.00k     5596.20k    19954.86k    58028.03k   128863.18k

With aesni kernel module unloaded (i.e. use openssl internal AES-NI support):

Code: [Select]
openssl speed -elapsed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc     118951.32k   174348.44k   215569.58k   226972.33k   229908.48k

openssl speed -elapsed -evp aes-256-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     100858.39k   136414.06k   157968.73k   164130.47k   166958.42k

BlueKobold

  • Guest
Re: PC Engines apu2 experiences
« Reply #6 on: April 07, 2016, 07:16:16 pm »
Nice and interesting thread about the new APU2 board.

For the APU I can say we were getting something around ~500+ MBit/s at the WAN Port and with enabled
PowerD (hi adaptive) we got ~650 MBit/s as throughput. Perhaps this will be different from the APU2 with
a quad core CPU. But otherwise I would recommend to enable PowerD (hi adaptive).

Quote
My apu2b4 is running pfSense 2.2.6 with BIOS 160120 and a Toshiba mSata SSD. Previously was running an alix 2d13.
Would you share the full name of the mSATA please? Another user is searching for one that is 100% compatible
with pfSense and able to support TRIM too. Thread about that

Quote
Upstream my apu2 has 2 WANs - a 34Mb/s HFC/DOCSIS service (IPv4 only) and a 10Mb/s DSL line (IPv4 & IPv6). The Alix could manage this bandwidth okay but throw in incoming requests to a NTP pool server (~2k - 20k states) and the memory was getting tight.
What I was not really getting out of your thread here is the following;
What kind of APU2xx you are running now exactly? With 2 GB or 4 GB of RAM?
And why the older Alix board  was not running out of RAM? It has less then the APU as I know it, or?
As I know it it must be something like this
APU2B2 (2 GB)
APU2B4 (4 GB)
APU2C2 (2 GB)
APU2C4 (4 GB)

The name of this boards is likes the following;
APU2A4 = Alpha series (not for the public)
APU2B4 = Beta series (production ready but any hardware and BIOS can be changed)
APU2C4 = Consumer series (production ready but some hardware only and/or BIOS can be changed)
APU2D4 = Distributed series (production ready and only the BIOS code will be perhaps changed)

If someone is bricking his BIOS there is also even a BIOS recovery solution for nearly all PC Engines Boards.
(Perhaps interesting, perhaps not) and I would imagine that there will be also if the APU2 board is fully ready
one for the APU2 too. 
Alix Boards
APU1 Board

Also a single or dual case for some PC Engines boards are able to get from here.
19" DualRack System for PC Engines ALIX, APU Board

Some questions from me about the APU will be;
- Is the WebGui running smooth and liquid?
- Is it faster then the APU1 or significant faster then the older Alix boards?
- Can anyone do perhaps an IPSec speed test with the AES-NI module loaded?

Offline dugeem

  • Newbie
  • *
  • Posts: 19
  • Karma: +5/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #7 on: April 07, 2016, 09:57:47 pm »
But otherwise I would recommend to enable PowerD (hi adaptive).
Thanks - that is what I have configured.
NB Enabling this in pfSense 2.2 resulting in some log spamming (as above) but haven't seen this issue in 2.3.
Quote
Would you share the full name of the mSATA please? Another user is searching for one that is 100% compatible
with pfSense and able to support TRIM too. Thread about that
Sure - it is a Toshiba HG6 128GB mSata (THNSNJ128GMCU). Works well (including Trim) although I don't think it is the fastest SSD around ... but for my pfSense installation it is fine.
Quote
What kind of APU2xx you are running now exactly? With 2 GB or 4 GB of RAM?
You've already quoted me where I mentioned that I'm running a apu2b4 ;) ... so 4GB RAM available
Quote
And why the older Alix board  was not running out of RAM?
The 256MB of RAM in my old Alix 2D13 was insufficient. Occasionally it would run out of memory when booting (although this happened less with pfSense 2.2 release series). Also it would struggle with a large number of FW states - although I tuned the PF parameters to timeout UDP states after 30 seconds.
Quote
If someone is bricking his BIOS there is also even a BIOS recovery solution for nearly all PC Engines Boards.
Good to know - although I have had no problems flashing the APU2 BIOS - I simply followed the instructions  ;D
Quote
Some questions from me about the APU will be;
- Is the WebGui running smooth and liquid?
- Is it faster then the APU1 or significant faster then the older Alix boards?
- Can anyone do perhaps an IPSec speed test with the AES-NI module loaded?
The pfSense 2.3-RC WebGUI is very good and loads quickly on the APU2. When I get time I will run up 2.3 on the old Alix and do some comparison - certainly the pfSense 2.2 GUI was a bit sluggish on the Alix.
Speed wise the APU2 really is much faster than the ALIX - not surprising given the change from a 500MHz single core AMD Geode to a 1GHz quad core AMD GX-412TC. In fact for me it is probably overkill ... but I'm likely to get 100Mb/s broadband next year so it will better handle that. The APU2 has Intel GigE chipsets and AESNI hardware - which also helps increase performance.
Unfortunately I don't use IPSEC so can't really give you any objective performance data but you can probably get a rough idea of AESNI performance with the OpenSSL benchmark results above.

Cheers

Offline dw

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
APU2c4 board openVPN throughput
« Reply #8 on: April 19, 2016, 07:31:09 am »

I recently got 250/100Mbit connection and wounder whats the preformance?
If the board can make OpenVPN/IPsec 100Mbit/s?

I have seen the APU1D4 can make around ~40 mbit/s.
 
The difference is that the APU2 have the double CPU power than APU1, AES-NI support and Intel NICs.


BlueKobold

  • Guest
Re: PC Engines apu2 experiences
« Reply #9 on: April 19, 2016, 03:08:16 pm »
Quote
If the board can make OpenVPN/IPsec 100Mbit/s?
IPSec by using AES-GCM is going to show results around of 400% of the normal throughput or plain
a 4 time higher throughput and OpenVPN will not showing that. In OpenVPN 2.4 also AES-GCM will
be inside and will then giving you perhaps also that throughput too.

Quote
I have seen the APU1D4 can make around ~40 mbit/s.
IPSec or OpenVPN?
 
Quote
The difference is that the APU2 have the double CPU power than APU1, AES-NI support and Intel NICs.
Not really, it comes with 2 more CPU cores but also on 1,0GHz cpu frequency as the APU1 seris.
AES-NI and Intel ports is right and also very nice to have as I see it right.

Offline movax

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #10 on: April 19, 2016, 06:15:23 pm »
BTW> I reported my experienced with APU2C4 here https://forum.pfsense.org/index.php?topic=108231.msg612643#msg612643 , some other benchmarks and power usage included.

The aes performance is the same as reported here.

Offline ktk

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #11 on: April 20, 2016, 02:35:40 am »
Did anyone actually manage to boot PFsense 2.3 on APU2? I ran into an issue as reported here https://forum.pfsense.org/index.php?topic=110366.0

BlueKobold

  • Guest
Re: PC Engines apu2 experiences
« Reply #12 on: April 20, 2016, 03:29:48 am »
Did anyone actually manage to boot PFsense 2.3 on APU2? I ran into an issue as reported here https://forum.pfsense.org/index.php?topic=110366.0
What is the BIOS version you are using? The latest one will be from the 3/11/2016.
- update to the latest BIOS
- prepare a USB pen drive to install from with the right and matching 2.3-amd64-memstick-console-image
- insert a mSATA or HDD/SSD drive
- connect via console via Putty (please set Putty to 115200 8/N/1 and the BIOS settings
too pfSense is coming by default with that settings)
- change the boot order to USB and do a reboot please
- install form the USB pen drive and change after that the boot order back to mSATA, HDD/SSD and reboot again


Offline ktk

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #13 on: April 21, 2016, 02:20:48 am »
Hi Frank,

Did anyone actually manage to boot PFsense 2.3 on APU2? I ran into an issue as reported here https://forum.pfsense.org/index.php?topic=110366.0
What is the BIOS version you are using? The latest one will be from the 3/11/2016.
- update to the latest BIOS
- prepare a USB pen drive to install from with the right and matching 2.3-amd64-memstick-console-image
- insert a mSATA or HDD/SSD drive
- connect via console via Putty (please set Putty to 115200 8/N/1 and the BIOS settings
too pfSense is coming by default with that settings)
- change the boot order to USB and do a reboot please
- install form the USB pen drive and change after that the boot order back to mSATA, HDD/SSD and reboot again



I am on latest bios already. I tried booting on SD card and from USB stick, neither did work. The SD card cannot mount ufs:/dev/ufs/pfsense0 and with USB stick I had so many errors reported on my console that I couldn't see which one actually triggered it.

Offline mattlach

  • Full Member
  • ***
  • Posts: 168
  • Karma: +9/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #14 on: June 03, 2016, 11:09:43 am »
Hi Frank,

Did anyone actually manage to boot PFsense 2.3 on APU2? I ran into an issue as reported here https://forum.pfsense.org/index.php?topic=110366.0
What is the BIOS version you are using? The latest one will be from the 3/11/2016.
- update to the latest BIOS
- prepare a USB pen drive to install from with the right and matching 2.3-amd64-memstick-console-image
- insert a mSATA or HDD/SSD drive
- connect via console via Putty (please set Putty to 115200 8/N/1 and the BIOS settings
too pfSense is coming by default with that settings)
- change the boot order to USB and do a reboot please
- install form the USB pen drive and change after that the boot order back to mSATA, HDD/SSD and reboot again



I am on latest bios already. I tried booting on SD card and from USB stick, neither did work. The SD card cannot mount ufs:/dev/ufs/pfsense0 and with USB stick I had so many errors reported on my console that I couldn't see which one actually triggered it.

I had issues installing using the 2.3.1 serial console images.  The memstick version had problems writing to partitions in the dmesg, and the CD ISO couldn't mount the root partition of the installer at all, all resulting in an error console, and thus no pfSense installer.

On a whim, I downloaded the previous memstick installer from the mirror (2.3, instead of 2.3.1) and this installed just fine.   I was then able to use the web interface to upgrade to 2.3.1_1 without any issues.