C3000 based network devices to install opnsense/pfsense and use as a router/firewall

[poningru]

On networking forums I see multiple questions inquiring about hardware for these freebsd based router distros. While the current consensus seems to be to spend the ~$200 for an Alder lake (N100) based device. I'd like to offer an alternative:
A slightly older C3000 (Denverton) based network appliance. These are a) a lot cheaper (under $50 - $100) b) have similar if not better VPN performance due to intel QAT c) similar if not much less power consumption.
Couple of examples:

1. Dell velocloud edge devices:
   • Hardware specs for the cheapest:
     • 2 core: Intel Atom® C3338 Processor
     • 4 GB of RAM
     • Two 1 GbE SFP and Six 1 GbE networking ports
     • One dedicated MiniUSB 2.0 console port for out-of-band management
     • Two USB 3.0 Type A ports on each side of the platform
     • One M.2 SATA SSD with 120 GB or 240 GB capacity
   • Cheap:
     • 610: Dell VMware Edge 610 / E42W Network Router Switch - White - No Power Cord | eBay : $25 shipped
     • 620: VMWARE DELL EDGE 620 VELOCLOUD SD-WAN E42W 0731RT WIFI 5 ACCELERATOR TESTED | eBay: $95 shipped
       • 4 core: Intel Atom® C3538 Processor
       • 8gb of RAM
       • 2 10gb SFP+
   • Installation:
     • STH thread
2. Silver Peak FWA-ASP1012 EC-XS
   • Hardware spec:
     • 120GB M.2 B+M SATA SSD* (2280), 16GB ECC RAM, Quad Core Intel Atom C35582.20 GHz CPU with QAT, AES-NI Crypto Capability, (2) USB3 ports, (1) Console port (6) Intel Ethernet Ports- lan0, wan0, lan1, wan1 ports use the ix Intel 10Gb Ethernet driver. OPNsense reports these as Intel(R) X553 (1GbE) mgmt0 and mgmt1 ports use igb Intel(R) PRO/1000 PCI Express Gigabit Ethernet adapter driver, reported as Intel(R) I210 (Copper)
   • Cheap:
     • Silver Peak FWA-ASP1012 EC-XS-Security Appliance | eBay
     • Silver Peak FWA-ASP1012 EC-XS-Security Appliance DEVICE ONLY | eBay
   • Installation and further details

Happy to move this thread to Networking if this is not the appropriate spot for it.

 

[luckylinux]

The Dell Velocould Edge 620 I can see has "SFP+" written between the SFP(+) Ports, so it should be probably 10gbps.

The Dell Velocloud Edge 610 I cannot see anything written between the SFP(+) Ports.


According to the User Manual which is mostly broken, both 610 and 620 should have non-SFP+ Ports, so 1gbps only:

Dell EMC SD-WAN Edge 600 Series Installation Guide | Dell UK

The Edge 610 and Edge 620 platforms have SFP ports

All in all these could be a nice Platform.

However since I am in Europe I should use a freight forwarding Service to get those. And they are limited to 1gbps.

Do we know about Power Consumption of these ? Since it's only 1gbps I would expect the Power Consumption Figures to be pretty good.

However ... looking at a Supermicro C3338 Review the Power Consumption of 22w at Idle is like ... YIKES: https://www.servethehome.com/supermicro-sys-5029a-2tn4-review-a-small-intel-atom-c3338-nas/

You could build a System off a Fujitsu TX1320 M3 with a Intel i350-T4 and an Intel X710-DA2 and get 2x10gbps Ports all while being around that Idle Power Consumption level. But much more powerful overall.

Or heck even an Intel Xeon E3 v3 but Power Consumption will be higher in that Case though.

 

[luckylinux]

I don't know what is going on with this Forum. I keep having Issues posting Pictures or Attachments. Extremely Annoying.

Oops! We ran into some problems.

Comparison: Intel Xeon E3-1230 v3 vs Atom C3338 vs Xeon E3-1230 v6 [cpubenchmark.net] by PassMark Software

EDIT 1: @Patrick can you please have a Look at the Server ? Trying to add Attachments works sometimes but not other, same with Pasting Pictures in Posts:

Attachment: a POST Request to

https://forums.servethehome.com/index.php?attachments/upload&type=post&context[thread_id]=47423&hash=0b<hash>

returns

500 Internal Server Error

Copy Paste Image in Post: a POST Request to

https://forums.servethehome.com/index.php?attachments/upload&type=post&context[post_id]=462940&hash=7f<hash>

returns

500 Internal Server Error

 

[Cruzader]

Personally im a sucker for the more standard full 1U formfactor to just stick in the rack, i hate the smaller ones with a external power brick hanging off them.

Like a firebox m270 C3558 is always a few listings of at 50-70$.
Or if going up a model to the m370/m470/m570/m670 (same base unit for all just different cpus + a hdd in 670) with 1151 and xeon/ecc support if wanting that its usualy always some around 100$

 

[luckylinux]

Personally im a sucker for the more standard full 1U formfactor to just stick in the rack, i hate the smaller ones with a external power brick hanging off them.

Like a firebox m270 C3558 is always a few listings of at 50-70$.
Or if going up a model to the m370/m470/m570/m670 (same base unit for all just different cpus + a hdd in 670) with 1151 and xeon/ecc support if wanting that its usualy always some around 100$

Where do you even see Hardware Specifications for those ?

The m370/m470 seem to be Celeron CPUs. m570 seem to be i3. m670 seem to be Xeon.

LGA 1151 is a bit tricky as an Indication as Intel IMHO completely messed up their Naming Scheme there.

For Servers and supporting ECC Memory in terms of Chipsets, you have C232/C236 for Xeon E3 v5/v6 and C242/C246 for Xeon E21xx/E22xx. Those are NOT compatible !

 

[Cruzader]

Where do you even see Hardware Specifications for those ?

Their hardware guides are here with specs

For m370/m470/m570/m670 they share document since same platform but a variation in spec.

 

[mobycl1ck]

Where were you with this info when i needed it?
Went with a M720q and a Intel QuadNic for my Opnsense

 

[Samir]

I don't know what is going on with this Forum. I keep having Issues posting Pictures or Attachments. Extremely Annoying.



Comparison: Intel Xeon E3-1230 v3 vs Atom C3338 vs Xeon E3-1230 v6 [cpubenchmark.net] by PassMark Software

EDIT 1: @Patrick can you please have a Look at the Server ? Trying to add Attachments works sometimes but not other, same with Pasting Pictures in Posts:

Attachment: a POST Request to

https://forums.servethehome.com/index.php?attachments/upload&type=post&context[thread_id]=47423&hash=0b<hash>

returns

500 Internal Server Error

Copy Paste Image in Post: a POST Request to

https://forums.servethehome.com/index.php?attachments/upload&type=post&context[post_id]=462940&hash=7f<hash>

returns

500 Internal Server Error

I don't think it's the forum but the Internet in general because I just got the same type of error from Google of all places. Nation-state level attack? Probably, so we'll hear about it soon enough.

 

[poningru]

The Dell Velocould Edge 620 I can see has "SFP+" written between the SFP(+) Ports, so it should be probably 10gbps.

The Dell Velocloud Edge 610 I cannot see anything written between the SFP(+) Ports.

According to the User Manual which is mostly broken, both 610 and 620 should have non-SFP+ Ports, so 1gbps only:

Dell EMC SD-WAN Edge 600 Series Installation Guide | Dell UK

According to this post the 620 has 10gb SFP+

All in all these could be a nice Platform.

However since I am in Europe I should use a freight forwarding Service to get those. And they are limited to 1gbps.

Yeah, this is fair. I dont know what the availability/pricing of these are outside the US.

Do we know about Power Consumption of these ? Since it's only 1gbps I would expect the Power Consumption Figures to be pretty good.

Again, 10gb for the 620, not 1gb

However ... looking at a Supermicro C3338 Review the Power Consumption of 22w at Idle is like ... YIKES: https://www.servethehome.com/supermicro-sys-5029a-2tn4-review-a-small-intel-atom-c3338-nas/

COMPLETELY different system with an entire backplane for hdd etc. The Edge 620s are between 10-20 watt idle (depending on peripherals, remove the wifi card for less consumption). The 610 is VERY low power, supposed to be around 10 watt idle. Obviously if you put a transceiver in these, you are gonna get an associated jump in power consumption.

You could build a System off a Fujitsu TX1320 M3 with a Intel i350-T4 and an Intel X710-DA2 and get 2x10gbps Ports all while being around that Idle Power Consumption level. But much more powerful overall.

Or heck even an Intel Xeon E3 v3 but Power Consumption will be higher in that Case though.

In the US, at least, complete systems for these go for about $150 not ~$25. And power consumption for these Fujitsu is not going to be in the 10s of watts.

 

[poningru]

Personally im a sucker for the more standard full 1U formfactor to just stick in the rack, i hate the smaller ones with a external power brick hanging off them.

Like a firebox m270 C3558 is always a few listings of at 50-70$.
Or if going up a model to the m370/m470/m570/m670 (same base unit for all just different cpus + a hdd in 670) with 1151 and xeon/ecc support if wanting that its usualy always some around 100$

That M270 looks excellent! any pictures of the internal board? Any links about how to install opnsense/pfsense on it?

 

[luckylinux]

Again, 10gb for the 620, not 1gb

Not according to Dell EMC SD-WAN Edge 600 Series Installation Guide | Dell UK

However I agree, the label on the back says SFP+ on the 620. Very weird ...

And power consumption for these Fujitsu is not going to be in the 10s of watts.

IIRC when I tested it Idle Power was around 18W with an Intel i350-T4 (4x1gbps NIC) + a Intel X710-DA2 (2x10gbps NIC).

Maybe there could be some further Optimization to do, but it's pretty impressive I'd say.

In the US, at least, complete systems for these go for about $150 not ~$25. And power consumption for these Fujitsu is not going to be in the 10s of watts.

Here in Europe it's around 55-60 EUR for the Barebone (Chassis + Motherboard + PSU + Backplane), plus whatever RAM+CPU+SSD you want to put it it.

But we have the reverse Problem on pretty much everything else here it's 3x the Price of the US ...

 

[poningru]

Not according to Dell EMC SD-WAN Edge 600 Series Installation Guide | Dell UK

However I agree, the label on the back says SFP+ on the 620. Very weird ...

I wouldnt trust labeling on these things but I've shared other evidence in my other posts. Take a look at this post and what others around the internet have shared.

Here in Europe it's around 55-60 EUR for the Barebone (Chassis + Motherboard + PSU + Backplane), plus whatever RAM+CPU+SSD you want to put it it.

two things:
first: yeah, that all should come out to > $150 imho
I think ( quad gig card + 2x sfp+ cards + cpu + ram + ssd ) would itself be greater than $100 ( being generous, most likely $130ish) and in the US the barebones alone is $150. Taking the total upto around $250.
So this is again an apples to orange comparison and pointless imho.
second:
If folks want to do a beefier system for their router/firewall, all the power to them. But most of us have large compute requirement of just VPN / IDS at most.
So these built for networking CPUs are great for that purpose.
Obviously at $200 that would be not be worth it, but in this $25 - $100 range this is better than even those N100 motherboards.

 

[Goossens]

At least in Europe, ISPs are moving to offer multi-gig fiber (2/4/8Gbps). This means:

1) You need to buy the more expensive Velocloud models with SFP+, diminishing the price difference (especially given the prices of Velocloud-like devices in Europe).

2) Lots of fiber connections in Europe still use PPPoE, but pfSense and OPNsense can only process PPPoE single-threaded. A C3000-based device doesn't have the single-core compute power to handle multi-gig PPPoE. Compare for example a C3538 and C3558 with a N100.

 

[poningru]

At least in Europe, ISPs are moving to offer multi-gig fiber (2/4/8Gbps). This means:

1) You need to buy the more expensive Velocloud models with SFP+, diminishing the price difference (especially given the prices of Velocloud-like devices in Europe).

2) Lots of fiber connections in Europe still use PPPoE, but pfSense and OPNsense can only process PPPoE single-threaded. A C3000-based device doesn't have the single-core compute power to handle multi-gig PPPoE. Compare for example a C3538 and C3558 with a N100.

Two things:
One: This is mostly meant for folks with 1gb or smaller bandwidth. As stated earlier most of US folks highest compute needs are VPN/IDS in a router.
And these $25-$50 network devices fulfill these needs, like nothing else can in that price range.
Second:
Atleast in the US the sfp+ (i.e 10gb) quad core velocloud model goes for just under $100 on ebay. Would love to see anything like it in a $150 price range.

I have definitely put together 'fantasy' router builds of workstations e.g fujitsu etc. or the N100 series with sfp+ devices that are in the range of $200. But not seen a build in the $150 range. (would love to be proven wrong)
The 620 should be able to handle 5gb up and down pppoe (extrapolating from my pppoe experience i.e constant ~20% single core usage when pushing 1gb during load tests).
My understanding is that *sense router distros have gotten better at handling pppoe, but cant vouch for those claims, so theoretically they can handle 10gb of pppoe.

To be clear: I'm not trying to claim the C3000 series atom cpus are better at performance than the N100/other alder lake procs. I'm just saying, these devices (after some wrangling), provide very good price/performance/watt ratio compared to other options.

Again, would love to see N100 devices that are in the $100 range (even barebones/just motherboard) with a pcie x4 slot (for me to add a separate nic).

 

[blunden]

The point about VPN performance is only true is the case of some VPN solutions. The QAT in the C3000 series can't accelerate Wireguard.

It can however supposedly help OpenVPN DCO reach similar performance to unaccelerated Wireguard. IPSec should also see a nice boost.

Basically, QAT on these is by no means a silver bullet. I have a C3000 based router and I haven't even enabled QAT on it since there is nothing that I do that it can accelerate. Thankfully it's fast enough for my needs anyway.

With that said, I agree that the C3000 series is still plenty capable as a router in many cases, and the fact that they have integrated NICs is a nice bonus.

 

[unmesh]

...

1. Silver Peak FWA-ASP1012 EC-XS
   • Hardware spec:
     • 120GB M.2 B+M SATA SSD* (2280), 16GB ECC RAM, Quad Core Intel Atom C35582.20 GHz CPU with QAT, AES-NI Crypto Capability, (2) USB3 ports, (1) Console port (6) Intel Ethernet Ports- lan0, wan0, lan1, wan1 ports use the ix Intel 10Gb Ethernet driver. OPNsense reports these as Intel(R) X553 (1GbE) mgmt0 and mgmt1 ports use igb Intel(R) PRO/1000 PCI Express Gigabit Ethernet adapter driver, reported as Intel(R) I210 (Copper)
   • Cheap:
     • Silver Peak FWA-ASP1012 EC-XS-Security Appliance | eBay
     • Silver Peak FWA-ASP1012 EC-XS-Security Appliance DEVICE ONLY | eBay
   • Installation and further details

Happy to move this thread to Networking if this is not the appropriate spot for it.

What power supply would I need to get for the Silver Peak boxes?

 

[ericloewe]

That M270 looks excellent! any pictures of the internal board? Any links about how to install opnsense/pfsense on it?

Apparently it has a switch chip in front of all of the exposed ports, and with FreeBSD you need (currently) some driver hacks for the SoC to bring up the connection to the switch (hacks which are implemented in pfSense Plus or whatever they're calling it, but not publicly available). Configuring the switch should also be an interesting exercise, but it's irrelevant if it won't even talk to the SoC.

If someone can figure out, they do look like a great deal, given the C3558 SoC.

 

[nmpu]

Cheap:

• 610: Dell VMware Edge 610 / E42W Network Router Switch - White - No Power Cord | eBay : $25 shipped

Does anyone actually have an Edge 610 up and running Linux? I know there's no updated BIOS (publicly) available. I also thought there was an unresolved problem with the default watchdog? The C3338 processor is very weak by modern standards.

 

[dreamsin]

Sophos SG135 Rev 3 runs pfSense nicely on C3558