English Forums > Hardware and Performance
1Gb with IPS / help me decide
rungekutta:
Hi all
So in previous threads I’ve recommended Qotom. Still can’t say anything bad about them. However one of my (managed) switches spontaneously broke the other day and it was a pain to replace (and created bad karma in the household)... So I dread the same happening to my router and have decided to look for something a bit more robust. The Qotom can be repurposed into an esxi node, easy to replace if it dies...
The router is such a critical component that I’m prepared to throw a little bit of money at it if it gives me the peace of mind that it’ll then just chug along for 5-10 years (assuming I won’t botch it up with software upgrades...!).
So help me decide.
Requirements: silent or whisper quiet (bedroom cupboard install). Enough grunt to drive 1Gb fiber wan with intrusion detection, vpn, and 20+ clients. 4 NICs.
Considered options:
SuperMicro AMD Epyc 3101 (M11SDV-4CT-LN4F) or 3201 with 4 built-in NICs. SuperMicro mITX case (SuperChassis E300).
Pros: purpose built hardware. Enterprise grade stuff. IPMI. Cons: is the case quiet? AMD compatibility for FreeBSD? Single core performance?
Dell Optiplex 3070 SFF (i3 gen 9) with Intel i350-T4 quad NIC in PCI-e.
Pros: guaranteed quiet. Well-renowned reliability (although no ECC ram). Proper desktop cpu (with fast single core performance). Cons: some reports on the internet of Intel i350-T4 built for server hardware and not working with Dell desktops.
Help me decide!
rungekutta:
I'll reply to myself as I've done some more research... It seems the SuperMicro mITX cases can be pretty loud and particularly the SuperChassis 101F which would otherwise have been the ideal choice.
So leaning towards either Optiplex and taking a gamble on finding a quad Ethernet card that works, or a SuperMicro mITX m/board in a non-SuperMicro mITX case.
marshalleq:
Why more people don't ask this question I don't know :)
Ironically I have an SFF and have been looking at the Qotom, but am not happy how much I have to spend for a home network.
The reason I want to move away from the SFF is simply that in the cupboard, it runs too hot.
Granted it's an older E8400 CPU.
There seem to be a lot of people recommending I5 or higher for gigabit throughput with IPS/IDS. Given my current CPU I'm questioning if it's required or if I've just not noticed that it's slowing some traffic down. I'd be interested in your experience on that. $290+tax brings it up to about US$350 which seems too much for a home firewall. I can pick up a gruntier SFF for about US$60 which other than the power consumption and I assume similar heat to the E8400 CPU, seems like a comparative bargain. When you expand that to NZD, it's saying $150-200 vs $600. A typical consumer grade router goes between $50 and $200 here.
If I could find a laptop grade CPU in a desktop that could work from a heat perspective.
Also regarding the NIC - there are tons of Dual / Quad Intel PCI cards that work in Opnsense which you can pick up quite cheaply.
rungekutta:
--- Quote from: marshalleq on November 06, 2020, 04:13:27 am ---There seem to be a lot of people recommending I5 or higher for gigabit throughput with IPS/IDS. Given my current CPU I'm questioning if it's required or if I've just not noticed that it's slowing some traffic down. I'd be interested in your experience on that.
--- End quote ---
My Qotom has got an i5-5250U laptop CPU. According to passmark it’s roughly equivalent to your E8400 in single thread and overall performance BUT at 15W as opposed to 65W... For what it’s worth it saturates my 1Gb WAN, with Suricata enabled. I can’t get VPN (OpenVPN) above ~300Mb but I don’t know if the bottleneck is my router or at the other end.
I’m still leaning towards a mini itx SuperMicro m/board with AMD Epyc 3201 embedded. And a generic (non-SuperMicro) case. However holding back right now to see if they’ll update the lineup now that Zen3 is out in the wild. The 3201 is almost 2 years old now but still costs as much as it did new.
symgryph:
I did purchase one of the amd 3101 EPYC processors with the supermicro mini itx motherboard. GREAT firewall. As of this summer (last time I tried to upgrade) the opnsense seemed very flaky at best. It 'mostly' worked, but then had tons of problems. I ended up going with pfsense (as much as I I lOVE opensense) due to the stability issues. PFsense seems very stable for weeks/months now.
Navigation
[0] Message Index
[#] Next page
Go to full version