Netgate SG-1000 microFirewall

Author Topic: PC Engines apu2 experiences  (Read 44722 times)

0 Members and 1 Guest are viewing this topic.

Offline acascianelli

  • Jr. Member
  • **
  • Posts: 46
  • Karma: +1/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #45 on: November 23, 2016, 02:08:31 pm »
Does anyone know of a way to enable TRIM support on the SSD without having to boot of a recovery device?

https://forum.pfsense.org/index.php?topic=66622.0
https://forum.pfsense.org/index.php?topic=113803.msg633795#msg633795

Is there no way to set it so that it's enabled on the next reboot without going into single user mode?
PC Engines APU2C4

BlueKobold

  • Guest
Re: PC Engines apu2 experiences
« Reply #46 on: November 25, 2016, 07:36:33 pm »
Quote
Is there no way to set it so that it's enabled on the next reboot without going into single user mode?
Actually is there no way or workaround, as I am informed right.

Offline kevindd992002

  • Sr. Member
  • ****
  • Posts: 409
  • Karma: +5/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #47 on: November 29, 2016, 03:38:32 am »
Thanks for the insight, I managed to finally get close to 1Gbps on the lan interface.

I had to uncheck Disable hardware large receive offload, and Disable hardware TCP segmentation offload

Under System > Advanced > Networking

Based on what I've read so far I know this unit won't route more than 500 Mbps or so but I wanted to at least understand why, the nic was so hobbled right off the bat.

Does that mean these two should be unchecked to get the full potential of the NIC's of the APU2C4? Any disadvantages of keeping them unchecked (enabled)?

Offline hda

  • Sr. Member
  • ****
  • Posts: 599
  • Karma: +32/-4
    • View Profile
Re: PC Engines apu2 experiences
« Reply #48 on: November 29, 2016, 04:48:49 am »
... Any disadvantages of keeping them unchecked (enabled)?
Possibly, like no or a snappy WAN-PPPoE connection.

Offline hda

  • Sr. Member
  • ****
  • Posts: 599
  • Karma: +32/-4
    • View Profile
Re: PC Engines apu2 experiences
« Reply #49 on: November 29, 2016, 05:08:19 am »
...Is there no way to set it so that it's enabled on the next reboot without going into single user mode?
https://forum.pfsense.org/index.php?topic=121515.msg673176#msg673176 / pfSense 2.4

Offline kevindd992002

  • Sr. Member
  • ****
  • Posts: 409
  • Karma: +5/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #50 on: November 29, 2016, 05:24:56 am »
... Any disadvantages of keeping them unchecked (enabled)?
Possibly, like no or a snappy WAN-PPPoE connection.

But why is the NIC performance hampered with these settings disabled anyway?

...Is there no way to set it so that it's enabled on the next reboot without going into single user mode?
https://forum.pfsense.org/index.php?topic=121515.msg673176#msg673176 / pfSense 2.4

So if I understand this correctly, a fresh install of 2.4 will already enabled TRIM automatically with no user intervention? And same goes with older versions of pfsense that upgrade 2.4, TRIM will be enabled?

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +962/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: PC Engines apu2 experiences
« Reply #51 on: November 29, 2016, 06:00:56 am »
But why is the NIC performance hampered with these settings disabled anyway?

You clearly are confused. When you check them, you DISable the HW offloading features.
Do NOT PM for help!

Offline kevindd992002

  • Sr. Member
  • ****
  • Posts: 409
  • Karma: +5/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #52 on: November 29, 2016, 06:44:16 am »
I don't think I am. Clearly, unchecking the boxes = ENABLES these features. checking the boxes=DISABLES these features. It's very easy to distinguish between the two.

j4k3 said in his post: "I had to uncheck Disable hardware large receive offload, and Disable hardware TCP segmentation offload". Which means that enabling (very different from "checking") them improves performance.

So then I asked: "But why is the NIC performance hampered with these settings disabled anyway?". Or in other words: "why is the NIC performance hampered with the boxes CHECKED anyway?"

Does that make sense? Again, disable=checked and enabled=unchecked. Please check the terminologies that I used in my posts.

BlueKobold

  • Guest
Re: PC Engines apu2 experiences
« Reply #53 on: November 29, 2016, 07:44:42 am »
Quote
Does that mean these two should be unchecked to get the full potential of the NIC's of the APU2C4?

Here under this link you will be able to read what is really needed for getting 1 GBit/s at the
WAN interface, there is told something likes, Server grade hardware and ~2,0GHz CPU speed.
And as I see it right the APU1D4 and APU2C4 are only sorted with something around ~1,1GHz
or 1,2GHz CPU power, that's it in short. Please read under under CPU selection

Quote
Any disadvantages of keeping them unchecked (enabled)?
Tunings and pimps can be done on each machine for sure to high up the
throughput but in that case, you should be followed to that guidance
from above at first.

Offline cwagz

  • Full Member
  • ***
  • Posts: 118
  • Karma: +5/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #54 on: December 01, 2016, 12:34:56 pm »
I am looking for some opinions on downsizing my current pfSense system with an APU2C4.

Currently I have:
Supermicro A1SRI-2558
8GB Ram
120GB SSD
Akasa Fanless Enclosure

There are 6 people in my house and 30 or so devices.  I am the only person that ever uses OpenVPN and it is usually from a mobile device on LTE so OpenVPN performance is probably not a huge deal.  I run Squid and Squidguard to proxy the internet for my kids.  Our internet connection is FiOS 150/150 Mbps.

It seems like I could build an apu2c4 and sell my current hardware.  I would probably have money left over and a smaller, slightly cooler running device for pfSense.

Do you guys see any potential performance issues or reasons why this is a bad idea?

I went ahead and built the apu2c4 and am very happy with the outcome.  The performance seems to be the same for our usage.  Also, the overall footprint and heat output into my small network cabinet is improved.

Offline HackedComputer

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #55 on: December 12, 2016, 09:39:11 am »
Hey,

I recently took delivery of an APU2C4. It is certainly a decent performer for the size of it!

I am wondering, has anyone got the AES-NI to work with the OpenVPN? The reason I ask is that I don't appear to see any acceleration happening with AES-128-CBC / AES-256-CBC. The rough maximum I have achieved is 30Mbps.

I have tried enabling the AES-NI within Advanced Options, and then enabling the cryptodev within OpenVPN. As well as disabling AES-NI and leaving Cryptodev enabled vice-versa.

However, I see no changes whatsoever.

I am on the latest PFSense 2.3.x release

Kindest Regards
HC

BlueKobold

  • Guest
Re: PC Engines apu2 experiences
« Reply #56 on: December 12, 2016, 10:17:17 pm »
Quote
I am wondering, has anyone got the AES-NI to work with the OpenVPN? The reason I ask is that I don't appear to see any acceleration happening with AES-128-CBC / AES-256-CBC. The rough maximum I have achieved is 30Mbps.
From what total line speed you archived the 30Mbps? And how strong was the other VPN Peer end?

Quote
I have tried enabling the AES-NI within Advanced Options, and then enabling the cryptodev within OpenVPN. As well as disabling AES-NI and leaving Cryptodev enabled vice-versa.
At the moment only IPsec is really benefitting from the AES-NI, so you might be having
perhaps more luck if the OpenVPN version 2.4 is out there.

« Last Edit: December 17, 2016, 02:10:12 pm by BlueKobold »

Offline HackedComputer

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #57 on: December 14, 2016, 05:05:48 pm »
Quote
From what total line speed you archived the 30Mbps? And how strong was the other VPN pear end?

Connecting from a 317Mbps line, the other end is serviced by a 10Gbit (SFP) line @ Rackspace

Quote
At the moment only IPsec is really benefitting from the AES-NI, so you might be having
perhaps more luck if the OpenVPN version 2.4 is out there.

I'll hold out, I'm not too fussed - I didn't expect a lot. But I expected a tad better as my old equipment was a dual core 800Mhz MiPS. I had tried the "fix" here:

http://1101entrails.blogspot.co.uk/2016/05/getting-aes-ni-to-work-using-pfsense-on.html

Offline VAMike

  • Sr. Member
  • ****
  • Posts: 429
  • Karma: +65/-11
    • View Profile
Re: PC Engines apu2 experiences
« Reply #58 on: December 14, 2016, 06:58:32 pm »
At the moment only IPsec is really benefitting from the AES-NI, so you might be having
perhaps more luck if the OpenVPN version 2.4 is out there.

I'll hold out, I'm not too fussed - I didn't expect a lot. But I expected a tad better as my old equipment was a dual core 800Mhz MiPS. I had tried the "fix" here:

http://1101entrails.blogspot.co.uk/2016/05/getting-aes-ni-to-work-using-pfsense-on.html
[/quote]

That page is mostly correct--openvpn does use aes-ni, having pfsense try to load any cryptographic stuff will slow things down, and you should be getting significantly more than 30Mbps. Make sure you're connecting with aes on the client side and turn off all the hardware crypto settings in pfsense.

Offline HackedComputer

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: PC Engines apu2 experiences
« Reply #59 on: December 15, 2016, 12:00:51 pm »
Just an update:

So, changing the cryptographic options within pfSense didn't yield any differences. Perhaps, by 5Mbps.

However, I looked more into the OpenVPN configuration and appended the following to the client configuration:

sndbuf 393216;
rcvbuf 393216

and thus, this was achieved:


« Last Edit: December 15, 2016, 12:04:11 pm by HackedComputer »