I'm watching this STH video and it made me consider updating my OPNSense install. https://www.youtube.com/watch?v=wUcDg_ms0is
Currently I'm using an old desktop with a 10G fiber card that connects to my switch. Everything else is 1G. However, as the video mentions, with the advent of 2.5G modems, switches, and APs, I'd like to upgrade. The system mentioned in the video is nice, but I'd lose 10G connectivity and CPU power for running IDS/IPS, etc.
Has anyone come across something similar but that supports 10G and a more powerful CPU? I'm willing to sacrifice size but I want to try and keep the power usage low to extend my UPS runtime.
Maybe you should take a look on the DEC740/750 or DEC840/850 from the opnsense shop :)
I use a DEC750 now and can say it can support 10G via SFP+ ports, but anything serious like IDS will not work at full 10 Gbit/s speeds (see the discussion under this video: https://www.youtube.com/watch?v=853y4ShbpZg). Also, with only one TCP stream, you will be limited by single-thread performance which is around 1.5 GBit/s.
I also have a HUNSN R34g mentioned in the STH video, which also has 4 cores, but no hyperthreading. The CPU is ~66% the speed of the DEC750 and also the power requirements are at ~66%. In this thread: https://forum.opnsense.org/index.php?topic=26705 we discussed a Topton system with an N6005 at slightly higher power draw (much like the DEC750, cheaper, but without SFP+).
Before the DEC750, I had an E300-9D-4CN8TP (there is a video for that by ServeTheHome as well), that is much faster, but uses 75 Watts at idle under OpnSense (I sold it for this reason).
There are new boxes coming out with the Elkhart Lake CPU which should be even faster than the DEC750, I saw this one: https://www.bcmcom.com/bcm_product_BI270-6412J.html and Compulab's Fitlet3, but neither has 10G SFP+ ports. Also, they become available only slowly.
It all boils down to what you expect from the system - if you only want 1 GBe firewalling, all of them will do. If you want IDS, you need more CPU power. If you need 10 GBit/s speed for inter-VLAN routing, you will have higher power draw. 2.5 GBit/s is a nice upgrade, but you cannot use power-efficient DAC cabling to your switch in that case.
Deciso is a trusted supplier and as stated above, other manufacturer are there also.
Have you heard of Teklager? Having 10G boxes also: https://teklager.se/en/products/routers/TLSENSE-10G-D2123IT (https://teklager.se/en/products/routers/TLSENSE-10G-D2123IT)
It's just a question of what you are looking for, from what manufacturer and what price or support.
That Teklager device is just a rebranded (and IMHO overpriced) Supermicro E302-9D, which is the passive counterpart to the E300-9D-4CN8TP I mentioned. It will consume almost the same as my system (i.e. 75 Watts, less 3 internal fans) and most probably get a lot warmer (mine reached ~60°C at idle).
You can check this here: https://www.supermicro.com/en/products/system/Mini-ITX/SYS-E302-9D.cfm.
You can buy the original for a lot cheaper, but without a preinstalled firewall. The RAM and SSD will cost you ~200€ on top of the price of the barebone.
The Xeon D2123-IT is a 2018 CPU model which is inherently much more power-hungry considering its performance than current breeds which is why I switched.
The CSE-E300 case can easily be fitted with 3 Noctua fans which reduces the fan noise substatially. The mounting holes of the Noctuas do not fit the Supermicro provided screws and the Noctua screws don't fit the mounting holes, but that was easily fixed with some M3 flat head screws and self locking nuts. I recommend it.
Are you space constrained? If not you could assemble a system yourself, using tower or rack case of choice, and if you combine with decent fans (e.g. Noctua or BeQuiet) you can make it whisper quiet too. Motherboards could be for example Supermicro X12STL-F (for Intel Xeon E-2300) or ASRock Rack X570D4U (for latest gen AMD Ryzen CPUs). These are modern CPUs that should sip no more than 30ish watts at idle, if that. Throw in an Intel or Chelsio 10Gb PCIe card and you've got a fast, power efficient and quiet setup.
PS I believe the DEC750 uses Ryzen Embedded V1500B. Which in comparison is old (2018) and underpowered. It's got a passmark of approx 1200/5200 single/multithreaded. Current gen Ryzen 5600x measures approx 3300/22000 by comparison and still idles approx 20W.
Yep, but keep in mind the sole purpose of V1500B was to offer cheaper access to 10G. It's not about throughput... it's about connectivity.
Cheers,
Franco
Quote from: franco on March 24, 2022, 11:12:03 AM
Yep, but keep in mind the sole purpose of V1500B was to offer cheaper access to 10G. It's not about throughput... it's about connectivity.
Yes agreed, and it is very small and relatively cheap and also fanless, so definitely fills an important gap. Just saying if you're willing to forego one of those (in this case size and to lesser extent noise) there are alternatives which offer more power at similar price points. As one of the OP's concerns was performance.
I'm not space constrained. As I mentioned, I'm using an old desktop currently. However, the desktop requires add in cards. The cards and case fans add to the power budget. I do need to figure out how much power each of those draw. I seem to recall that the newer versions of my NICs use less power.
I'm contemplating building an i3-12100 system but I don't know if it's worth the hassle. The only real issue with the power right now is runtime on my UPS and the power doesn't go out that often.
You might want to contact Compulab about their Tensor PC. Like the Fitlet, it can be configured with lots of different types of I/O, networking, and storage modules. In their Introduction to Tensor PC doc they list a module with 2x 10 Gbit Ethernet ports. My guess is that this is currently under development but you might be able to set it up with 1G support in the knowledge that 10G could be added later. It has several CPU options including Celeron G4932E, i3-9100HL, and i7-9850HL which all have TDPs of 25w. It's fanless.
http://fit-pc.com/wiki/index.php?title=Tensor-PC
Quote from: CJRoss on April 08, 2022, 03:16:00 PM
I'm not space constrained. As I mentioned, I'm using an old desktop currently. However, the desktop requires add in cards. The cards and case fans add to the power budget. I do need to figure out how much power each of those draw. I seem to recall that the newer versions of my NICs use less power.
I'm contemplating building an i3-12100 system but I don't know if it's worth the hassle. The only real issue with the power right now is runtime on my UPS and the power doesn't go out that often.
Does (for example) an Intel 10Gb chip and two SFP+ ports automatically pull more power if they are on a PCIe card vs soldered straight to the motherboard? A single 120mm fan typically pulls 1-2W (at speed). I think choice of CPU and NIC are going to be your largest determining factors in power draw. Something fast enough to cater for your 10Gb needs but as power efficient as possible. That points to latest gen, and/or embedded/laptop CPUs if you can find them on a suitable motherboard or firewall appliance.
AMDs next generation of embedded Epyc should be interesting when they arrive. Current ones are Zen2 and getting quite old. But SuperMicro has them in interesting motherboard combinations, compact form factor and with 10Gb networking.
Seems you guys don't know the brand new r86s yet.
A human palm size x86 box with 2.5G * 3 rj45 and 10G * 2 sfp+.
64G built-in emmc, two sodimm slot, one m.2 slot with j5105.
I personally use r86s without the sfp+ ports cause I have no fiber cable inside my wall.
Sorry not sure how to make the following pic smaller. Or you can open it with your browser directly
(https://tttemp.oss-cn-shanghai.aliyuncs.com/r86s-site/R86S-ALL.jpg)
Quote from: madper on November 03, 2022, 03:57:37 PM
Seems you guys don't know the brand new r86s yet.
A human palm size x86 box with 2.5G * 3 rj45 and 10G * 2 sfp+.
64G built-in emmc, two sodimm slot, one m.2 slot with j5105.
I personally use r86s without the sfp+ ports cause I have no fiber cable inside my wall.
Sorry not sure how to make the following pic smaller. Or you can open it with your browser directly
(https://tttemp.oss-cn-shanghai.aliyuncs.com/r86s-site/R86S-ALL.jpg)
You could have linked directly to the site. https://docs.r86s.net/#/en/
It looks interesting but I have concerns about the CPU performance. Fortunately, it looks like Patrick has gotten one in and will be reviewing it soon. https://forums.servethehome.com/index.php?threads/r86s-router.37299/