Netgate SG-1000 microFirewall

Author Topic: Gigabit ISP builds at different price points, wattage, and performance (inside!)  (Read 511 times)

0 Members and 1 Guest are viewing this topic.

Offline Msuix

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Hey all,

I've recently upgraded to a 1gbps symmetrical (not pppoe) service from my ISP, and I've been mulling over different possible builds at different price points / wattages / performances. I've already dug around on the forums and gotten the gist of different builds to accomplish this goal, all relative to what will be done with it. I'm making this thread to get a bit more nuanced opinion on the matter from more experienced users with pfsense as it will be my first time.

Stats:
- 1gbps symmetrical service
- 4-10 devices on network at any given point: gaming, file syncing, streaming
- will be connecting an Amplifi HD and using that as a switch / wifi ap.

Needs:
- full utilization of isp throughput at all times
- basic nat / firewall
- ability to L2L ipsec tunnel (not openvpn) at minimum of 300mbps

Wants:
- low power / heat / noise (none ideally)
- Small physical footprint. I know I could buy a ~$120 SFF office pc on ebay and get a decent quadcore, but thats big, noisy, and high wattage.
- light packetshaping for realtime traffic (calls, etc). lowering priority of bulk downloading.
- would be cool to setup surricata / snort and utilize other packages, solely for learning and fun.

I realize there are many ways to accomplish this, and "all of the above" might require a good 50-60w+ desktop CPU and that's okay to know.

Here are some builds i've put together at different price points, each would accomplish part or all of the Needs/Wants - but i'm trying to be efficient with spend. Can you point out the overkill? Trying to min-max:

Price - Build Name (wattage) [ Multithreaded passmark score | singlethreaded passmark score] {#cores}

$253 - J3355B Build (15w) [1289 | 859 ] {2-Core}
ASRock J3355B-ITX                           $55   
Gskill 4GB (2x2GB) 1600 SODIMM   $40
Transcend 32GB mSATA SSD           $38
Silverstone SG13B                           $40
80wPicoPSU + 60w adapter                   $40
Intel I340-T4 (4xGbe) PCI-E           $40   

$377 - Core i5-5250U Build (25w) [ 3608 | 1440 ] {2-Core}   <--Basically a Qotom Q355G4   
ThunderSpeed TK550G                           $277
RAM   Corsair 8GB (2x4GB) 1600 SODIMM   $62
HDD   Transcend 32GB mSATA SSD           $38

$379 - Core i3-7100 Build (51w) [5847 | 2229 ] {2-Core}      
Intel Core i3-7100 (3.9GHz)           $100
ASRock H270M-ITX/ac Mini-ITX           $89
G.SKILL 8GB (2x4GB) DDR4-2133   $76
BiWin 60GB M.2 Sata SSD                   $40
M350S + PicoPSU 60w DC Power           $69
LP4 to P4 Power Adapter                   $5

$395 - Core i3-7100T Build (35w) [ 5168 | 1930 ] {2-Core}      
Intel Core i3-7100T (3.4Ghz)           $116
ASRock H270M-ITX/ac Mini-ITX           $89
G.SKILL 8GB (2x4GB) DDR4-2133   $76
BiWin 60GB M.2 Sata SSD                   $40
M350S + PicoPSU 60w DC Power           $69   
LP4 to P4 Power Adapter                   $5

$475 - Core i3-8100 Build (65w) [ 8177 | 2092 ] {4-Core}      <-- as pointed out by Harvy66
Intel Core i3-8100 (3.6Ghz)           $129
ASRock Z370M-ITX/ac                    $135
G.SKILL 8GB (2x4GB) DDR4-2133   $76
BiWin 60GB M.2 Sata SSD                   $40
M350S + PicoPSU 84w DC Power           $90   
LP4 to P4 Power Adapter                   $5
      
$480 - Core i5-7500 Build (65w) [ 8091 | 2119 ] {4-Core}      
Intel Core i5-7500 (3.4GHz)           $180
ASRock H270M-ITX/ac Mini-ITX           $89
G.SKILL 8GB (2x4GB) DDR4-2133   $76
BiWin 60GB M.2 Sata SSD                   $40
M350S + PicoPSU 84w DC Power           $90
LP4 to P4 Power Adapter                   $5

$496 - Core i5-7500T Build (35w) [ 7180 | 1861 ] {4-Core}      
Intel Core i5-7500T (2.7GHz)           $217
ASRock H270M-ITX/ac Mini-ITX           $89
G.SKILL 8GB (2x4GB) DDR4-2133   $76
BiWin 60GB M.2 Sata SSD                   $40
M350S + PicoPSU 60w DC Power           $69   
LP4 to P4 Power Adapter                   $5
         

$500 is getting kind of steep. Ideally I think the T models (35w) are a good midground in performance, with the J3355B being more of a probably 1gbps wan, but not much else type of build. I read pfbasic's tests regarding 300mbps openvpn so that's promising, however would that be able to do 300mbps openvpn at the same time as other bandwidth maxing out the linespeed? probably not on the J3355B.

Looking it over, its a small premium (~$20) to pay to shrink the tdp on the i5 build from 65w to 35w, while not losing that much in performance. In addition to that, the $253 to $377 jump doubles the single core performance, so unless the J3355B can meet my needs (and some of my wants), then i think i'll be going with one of the i3 builds. the 7100T is pretty tasty to me, 35w-ish and still nearly 2k on the single-threaded score. It's essentially +100% performance over the J3355B for +50% of the money. Hm..

Another note, the i5-5250U build is so close in price to the i3-7100(and T) builds that i'd prefer the better performance and modern architecture over the box from china. I also dont (need) a switch on this device, so the 2x intel gbe on the core i3/5 builds is fine.

There's also the denverton chips starting to become available, I was looking at the supermicro board (Atom C3558) 2.2Ghz [ 2538 | 876 ] {4-cores}. I reckon it would run me about $280 for the board / chip and an addition $170 for ram / ssd / case / psu so ~$450. Seems steep for that level of performance.

Thanks in advance for the comments!

« Last Edit: November 27, 2017, 09:41:07 am by Msuix »

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 633
  • Karma: +50/-1
    • View Profile
A Qotom Q355G4 will do, even the i3 model.

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2209
  • Karma: +204/-12
    • View Profile
Wow, no mention of the $120 3.6ghz quad-core i3-8100?

Offline Msuix

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Wow, no mention of the $120 3.6ghz quad-core i3-8100?

You are absolutely right! Let me add it. Thanks!

EDIT: After adding the new entry, it seems the choice optimally comes down to either:

$395 - Core i3-7100T Build (35w) [ 5168 | 1930 ] {2-Core}
or
$475 - Core i3-8100 Build (65w) [ 8177 | 2092 ] {4-Core}

I wish the i3-8100T was out. As far as single threaded performance is concerned, I would choose the $395 i3-7100T @ 35w over the quad. As far as overall bang for the buck, the i3-8100 is definitely both the deal and performance sweet spot - though 65w is hefty for my tastes. Still undecided!
« Last Edit: November 27, 2017, 09:42:39 am by Msuix »

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 633
  • Karma: +50/-1
    • View Profile
You may want to focus in U and J series builds. The U-series i3 and i5 setups often have about 15W under normal load, even less when idle. Comparing a 15W build to a 35W model is more than twice the power cost while not really getting you much more in terms of performance or options.

Also, keep in mind that upgrades are rather rare. Most often people will add in some RAM or a bigger disk when they want to do extensive logging or maybe add IDS/IPS packages. The CPU and NICs are often untouched from the initial setup unless there is something like a bandwidth limitation based on the NICs themselves (sometimes people will add a 4-port GbE NIC and put it in a LAGG with a managed switch for faster inter-subnet routing and firewalling).

Any embedded build that has a fast enough CPU with room to spare, and already has at least two Intel GbE NICs will probably do as long as you can install anywhere between 4GB and 16GB RAM and have at least one SATA port with at least 3Gbit bandwidth (SATA2). It's when you are going to do line-rate Suricata or Snort where you have to get some really special attention to the main board and CPU.

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11909
  • Karma: +467/-15
    • View Profile
Keep in mind that the Thermal Design Power given in Watts for each CPU does not indicate the power consumption in comparable conditions. It shows you what size heatsink/fan you will need at maximum load.

If your cost calculation includes a 30W electricity consumption reduction between a T and non-T variant in an always on system you will be paying more than you think. The actual power consumption of each doing the same work will likely be far closer.

Steve

Offline VAMike

  • Sr. Member
  • ****
  • Posts: 393
  • Karma: +63/-11
    • View Profile
yeah, the main difference between a low power chip and a regular chip is that the low power chip is throttled and can't run as fast. at idle, they're about the same. the only reason to care is if you're designing a system than can only dissipate N watts and you want to make sure the TDP never exceeds N.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 633
  • Karma: +50/-1
    • View Profile
Ah yes, that is true. Especially post Core2Duo-era.

Offline bingo600

  • Full Member
  • ***
  • Posts: 132
  • Karma: +11/-0
    • View Profile
Isn't the 7100 and other of the new ones prone to the HT bug, if the bios isn't updated ?
If yes , make sure to get a MoBo where you trust that Bios updates will arrive.

I know i dropped a chinese i7 (esxi playtoy), because i didn't trust the Bios was new enough, or ever getting updates.


Now i'm considering an i5 NUC  w. 32G Ram instead (Ought to get updates) , but has a FAN  :-\
https://www.intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc7i5bnh.html

CPU
https://www.cpubenchmark.net/cpu.php?cpu=Intel+Core+i5-7260U+%40+2.20GHz&id=2993


I wish the Qotom i5 would take 2 x 8G , then that would prob be enough for an esxi beginner.

/Bingo
pfSense 2.4.2

QOTOM-Q355G4 Quad Lan.
CPU  : Core i5 5250U
Ram : 8GB Kingston DDR3LV 1600
LAN  : 4 x Intel 211
Disk  : 240G Toshiba Sata SSD

Offline Nex-DFM

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Are you cooling the CPU with a heatsink? Is that included?

I forgot that CPUs come with a stock heatsink. Whoops!
« Last Edit: Today at 08:51:21 am by Nex-DFM »