OPNsense Forum

English Forums => Hardware and Performance => Topic started by: smawuascht on July 12, 2017, 04:15:01 pm

Title: Which hardware to choose for home setup
Post by: smawuascht on July 12, 2017, 04:15:01 pm
Hi guys,

I'm currently in the process of renewing my network setup at home.

Currently I'm using a Igel Thin Client running IPCop.
Basic specs are:
Prozessor Typ: VIA C3
Prozessor: 1GHz
Arbeitsspeicher: 256MB
RAM Typ: PC3200U
Chipsatz: VIA Apollo CLE266 + VIA 8235

I use it with three NICs (WAN/LAN/WLAN - connected to an AP)




I'm planning to switch to OPNsense and with the switch get new hardware.


I'm looking for a system featuring 2-4 Nics (still not completely sure if I'll physically separate interfaces like in my current setup or go for a VLAN setup.

During my research I came across these two options:

APU3A2 (http://varia-store.com/Hardware/19-DualRack-Box/Komplettsystem/APU3A2-19-Rack-Bundle-PSU-board-case::29246.html) - which features 3 NICs like my current setup, 1GHz quad core with AES-NI support and 2 gigs of RAM
or
SuperServer 5015A-H (http://www.supermicro.com/products/system/1U/5015/SYS-5015A-H.cfm?typ=H) - which features an Intel Atom 1,6GHz dual core CPU - not sure if this one supports AES-NI though, PCIe expansion slot to put in additional interfaces.

My current ISP connection is 40MBit down and 10MBit up.
My network features about 6 wired clients (including a NAS) and about 15 WIFI Clients


Which one would you rather get?
The APU3A2 or the Supermicro Server?

Cost wise they're pretty much the same.


Thanks a lot
Greets
Michi
Title: Re: Which hardware to choose for home setup
Post by: weust on July 12, 2017, 05:12:46 pm
As always, it depends on which features you want to use.
Especially IPS/IDS can be heavy on the CPU.
If not, either system will do fine, but keep in mind that the SuperMicro option is EOL.
Title: Re: Which hardware to choose for home setup
Post by: monstermania on July 13, 2017, 08:13:15 am
Hi,
why do you look at the APU3A!? Do you need more than 1 celular card into your firewall?
I think that an APU2C4 is the better choice for most SOHO installations.
If you don't want to use featueres like IDS/IPS or VPN then OPNsense work on rather old HW fine.

At home i use for my OPNsense an rather old Terra Black Dwarf (Lexcom 3V700) with VIA Eden 500 MHz, 1 GB RAM, 3 x 100Mbit LAN and CF Card.
I've get such a box at ebay for ~ 35€.
I've tested the speed into our company and the Dwarf ist good enough for > 50Mbit. More than enough for my 8Mbit DSL at home!

Greets
Dirk
Title: Re: Which hardware to choose for home setup
Post by: smawuascht on July 13, 2017, 11:34:14 am
why do you look at the APU3A!? Do you need more than 1 celular card into your firewall?
I think that an APU2C4 is the better choice for most SOHO installations.

You're absolutely right! 
I'm not planning to use any cellular connection on the appliance since it's located in the basement anyways.


If you don't want to use featueres like IDS/IPS or VPN then OPNsense work on rather old HW fine.

IPS/IDS are probably way overkill for a home setup I guess.

I might setup VPN to connect to my home network when I'm on the road.
But that'd only be one user.

And maybe - but only maybe setup a site to site VPN between my mums house and mine.


I've tested the speed into our company and the Dwarf ist good enough for > 50Mbit. More than enough for my 8Mbit DSL at home!

I currently got a 40MBit connection here. Which seems to work ok with my current Igel thin client. It just struggles with the heat in summer although being in the basement. Probably that's why a NIC died last week.

As I'm planning to do new cabling around the house I'll most likely also get a 19 inch rack and thus I was looking into 19" solutions to replace my current one ;-)

If not, either system will do fine, but keep in mind that the SuperMicro option is EOL.

Good to know - thanks.
Do you know of any predecessor to the SuperMicro one in the same price range?
I couldn't find anything online.


Title: Re: Which hardware to choose for home setup
Post by: weust on July 13, 2017, 11:45:59 am
I haven't checked prices, but I think these would be suitable.

https://www.supermicro.nl/products/system/1U/5015/SYS-5015A-EHF-D525.cfm
There are two other models, so look for de 5015A in de 1U list on the site.

https://www.supermicro.nl/products/system/1U/5017/SYS-5017A-EP.cfm
Also two models in this serie. Check for 5017A.

https://www.supermicro.nl/products/system/1U/5018/SYS-5018A-LTN4.cfm
5018A is a whole series with different Atom model CPU's.
Personally I have the 2758F model (8 cores) which runs as a hypervisor, with OPNsense as a 2 CPU VM just fine.
No IPS/IDS, because I would need to run it dedicated then with my internet speeds.
Title: Re: Which hardware to choose for home setup
Post by: monstermania on July 13, 2017, 01:04:53 pm
As I'm planning to do new cabling around the house I'll most likely also get a 19 inch rack and thus I was looking into 19" solutions to replace my current one ;-)
You can buy the APU2C4 as a Bundle for a 19" rack:
http://varia-store.com/Hardware/PC-Engines-Bundles/APU-2C4-Bundles/APU2C4-19-Rack-Bundle-Netzteil-SSD-Board-Gehaeuse::28815.html
If you need an HA solution (based on 2 APU2C4 into one 19" case) you get it also here:
http://varia-store.com/Hardware/PC-Engines-Bundles/APU-2C4-Bundles/APU2C4-19-Dual-Rack-Bundle-2x-Netzteile-2x-Boards-Gehaeuse::28822.html

If the 3 NIC's is ok for you the APU-Boards by PCengines are the best solution for the money.

Greets
Dirk
Title: Re: Which hardware to choose for home setup
Post by: smawuascht on July 13, 2017, 02:57:10 pm

You can buy the APU2C4 as a Bundle for a 19" rack:

That's probably exactly what I was looking for!


If you need an HA solution (based on 2 APU2C4 into one 19" case) you get it also here:

I think that a high availability system is kinda overkill for my home setup.
But good to know :-)


If the 3 NIC's is ok for you the APU-Boards by PCengines are the best solution for the money.


Should be plenty.
If I go for a VLAN setup actually two NICs could be enough.



Thanks a lot for your help Dirk!




Title: Re: Which hardware to choose for home setup
Post by: bobbythomas on July 18, 2017, 11:31:01 pm
Why dont you have a look at intel NUCs,they have aes-ni and other features. I am using an Intel NUC5PPYH (quad core Pentium based) and running OPNsense in a Proxmox VM along with 2 other VMs (a NAS and Zabbix server), the power utilisation is very less (less than 10watts/hour) and performance is quite good. It doesn't have multiple NICs so you will need to rely on USB NICs, as the NUC comes with USB3 you can easily plugin a USB3 gigabit NIC. I also have an Archer C7 running Lede(Openwrt) which can do the switching part. Let me know if you need more details about the hardware.

Regards,
Bobby Thomas
Title: Re: Which hardware to choose for home setup
Post by: smawuascht on July 19, 2017, 02:01:47 pm
Why dont you have a look at intel NUCs,they have aes-ni and other features. I am using an Intel NUC5PPYH (quad core Pentium based) and running OPNsense in a Proxmox VM along with 2 other VMs (a NAS and Zabbix server), the power utilisation is very less (less than 10watts/hour) and performance is quite good. It doesn't have multiple NICs so you will need to rely on USB NICs, as the NUC comes with USB3 you can easily plugin a USB3 gigabit NIC.

Hi Thomas,

Running a firewall as a VM somewhat defeats the purpose of the firewall in my opinion.
I'm planning to use dedicated hardware for it :-)

I personally haven't used any USB NICs thus I can only rely on what I read online where PCI/PCIe NICS seem to be the much preferred option.



Title: Re: Which hardware to choose for home setup
Post by: bobbythomas on July 20, 2017, 03:31:46 pm

Running a firewall as a VM somewhat defeats the purpose of the firewall in my opinion.
I'm planning to use dedicated hardware for it :-)
[/quote]

That's really a debatable topic, I don't see any issues with running firewalls in VM, infact most of the enterprise firewall vendors have VM deployment packages. It actually depends on how you configure the VM and the host.
Title: Re: Which hardware to choose for home setup
Post by: smawuascht on September 12, 2017, 09:33:15 am
Hey there,

Would you rather buy this APU2C2 (http://varia-store.com/Hardware/PC-Engines-Bundles/APU-2C4-Bundles/APU2C4-19-Rack-Bundle-PSU-SSD-board-case::28815.html) (AMD Serie Embedded G GX-412TC, 1 GHz Quad-Jaguar with AES-NI support)

Or get this appliance (http://www.hcipctech.com/Home/ProductCon?productid=591) and load it with a Sandy/Ivy Bridge CPU (most of them support AES-NI) & RAM.
I uploaded an English version of the product description here. (https://drive.google.com/file/d/0B11f1_fak6ovRjdQbnk4aHlhNHQ3aVBZQ0RkcERxWE1SOEM0/view?usp=sharing)
One obvious advantage of this are the 6 LAN ports which could give additional opportunities.


Which one would you prefer and why?

Thanks
Michael
Title: Re: Which hardware to choose for home setup
Post by: monstermania on September 12, 2017, 12:33:31 pm
Which one would you prefer and why?
Hi,
i already wrote that IMHO the APU2C4 is a very good choose for home setup. Of course, if you need more than 3 NIC (physical) the APU2 is not the solution you should choose.  ;) But remeber you can use VLAN's!  8)

Maybe an Sandy/Ivy Bridge has also more CPU Power as an APU2. But will you really need this in your home setup!?
Do you have looked on this posting? https://forum.opnsense.org/index.php?topic=5377.0
Sounds also interesting for a home setup.

regards
Dirk
Title: Re: Which hardware to choose for home setup
Post by: fabian on September 12, 2017, 01:42:27 pm
On a home setup, you should keep power consumption low as it is a device, which is permanently running. The CPU of the APU1 board (Geode 40E) is fast enough for me and 4GB RAM is more than enough for the current release.

There are some things that will need lots of memory - for example:
- ClamAV
- Surricata (IPS)
- Squid (Proxy) if caching in memory is used

Which one makes sense depends on your needs in your network.
Title: Re: Which hardware to choose for home setup
Post by: chemlud on September 12, 2017, 04:23:00 pm
IPS/IDS (such as Surricata or Snort) not only need RAM, but also a powerful CPU, in my experience. Had Snort on pfsense for some years on small embedded device, starting/stopping for each interface was a PAIN (7-9 minutes).

For a little "firewall" (some rules, and NAT, DHCP) an embedded device is OK, but if you want more (like Surricata/Squid etc.) don't waste money on a small solution and buy something bigger the year later.

re: Electrical consumption: what you "loose" for electricity, you safe by the reduced heating costs of your house :-)