Fujitsu Futro S920 Thin Client as opnsense firewall

[userrrr]

I found an S920 with a GX-415GA in my basement and wanted to use it to migrate my old Opnsense box. An I340 quad-port gigabit card is installed with a physical port for WAN and another port with 4 VLANs for my internal network. After I loaded the configuration onto the S920, I only got 500Mbit/s in the download. I have a 1Gbits/500Mbits down/up internet connection.

Does anyone have experience with this setup and get better values?
I've already tried everything from tunables to deactivating IPS, but I can't get past the values mentioned.

 

[gjvanderheiden]

@userrr I've got something very simular:
A Fujitsu S920 with opnsense
CPU: GX-424CC
NIC: Fujitsu quad NIC, I340.

Tested it and it ran around 950Mbit on local little test setup. I have the tunables on and run with simple firewall rules.

Sure you ran iperf3 with the -R option? I didn't and got confused for a bit.

 

[boerni666]

Make sure to have an up-to-date bios and PCIe2.0 with FreeDOS and editcmos.exe enabled.


Also i think OpenWRT runs faster on these machines, since its more lightweight. i get full NAT Performance (2,35gbit/s) with cheap shitty Realtek 8125B Cards on my GX-415GA S920 Router.

 

[userrrr]

Make sure to have an up-to-date bios and PCIe2.0 with FreeDOS and editcmos.exe enabled.


Also i think OpenWRT runs faster on these machines, since its more lightweight. i get full NAT Performance (2,35gbit/s) with cheap shitty Realtek 8125B Cards on my GX-415GA S920 Router.

OK so there isn't really a way of improving my speeds with opnsense? I already installed the latest BIOS, but what do you mean with "editcmos.exe enabled"?

 

[boerni666]

Hello fanoush, very interesting! o)

[...]

> EditCMOS.exe SetID:0x01B7=0x0151

Thank you! o)

This command enables PCIe2.0 on the FutroS920. Boot into FreeDOS and use the attached editcmos.exe tool.

You can verify by looking at the output of sudo lspci -vvv and look at the LnkCap Speeds

 

[userrrr]

Thanks I will try it and See If it Works for me

 

[tomhlewis]

Hi all, if pcie 2.0 is enabled what's the max throughput on one of these s920 units?

Thanks

 

[boerni666]

i can saturate 2.5GB links, i think people with 10GB Hardware in their futros claimed sth about 3.2GB from port to port.

 

[userrrr]

This command enables PCIe2.0 on the FutroS920. Boot into FreeDOS and use the attached editcmos.exe tool.

You can verify by looking at the output of sudo lspci -vvv and look at the LnkCap Speeds

So I tested it out, but I can't get it to work. It says it applie it, but still shows as pcie v1.
I also found an HP NC364T Quad NIC, does anybody have experience with this kind. Does it work better?

 

[ilib5]

Hi,

I bought a Fujitsu Futro S920 and would like to install a dual port gigabit Ethernet Intel card (actually from HP) and also a NVME disk (PCIe 3).
The board has a PCIe and a mini PCIe interfaces available.
Is the PCIe more suitable for the NVME disk and the mPCIe for the Ethernet card?

I've already read about riser cards for connecting the Ethernet card to the PCIe interface, but if the best option would be to connect it to the mPCIe interface are there riser cards for it?

 

[boerni666]

Theres no NVME. The Board has a PCIe x4, Mini PCIe and one mSATA slot. No M.2!

Just buy an mSATA SSD, you won't notice the difference for Openwrt/pf/opensense purposes.

With an PCIe x4 to NVME adapter, you could install an NVME, but i think thats overkill and a waste of bandwidth for this machine.

There are adapters from minipcie to normal PCIe, but you can also just buy gigabit and dual gigabit (or 2.5G) Minipcie cards on aliexpress.The WLGQ PCIex8 riser from Amazon is also a perfect fit. Make sure to buy low profile cards (for the case-slot). Minipcie can be half or fullsize, mine didnt came with an holder, i just used some zip-ties.

 

[ilib5]

Theres no NVME. The Board has a PCIe x4, Mini PCIe and one mSATA slot. No M.2!

Just buy an mSATA SSD, you won't notice the difference for Openwrt/pf/opensense purposes.

With an PCIe x4 to NVME adapter, you could install an NVME, but i think thats overkill and a waste of bandwidth for this machine.

There are adapters from minipcie to normal PCIe, but you can also just buy gigabit and dual gigabit (or 2.5G) Minipcie cards on aliexpress.The WLGQ PCIex8 riser from Amazon is also a perfect fit. Make sure to buy low profile cards (for the case-slot). Minipcie can be half or fullsize, mine didnt came with an holder, i just used some zip-ties.

I'm planning to use this for a router, firewall and small server for some services, so I'll install a full operating system.
I have an extra NVME and a 2.5 SSD extra disks, that's why I asked about it.
The mSATA that comes with the box has only 8GB. It's enough for some time...

I also have the dual gigabit ethernet card, so will not buy another one.
A PCIe riser x1 is enough for the double gigabit, right? 1 Gb/s ~ 120MB/s times 2 = 240MB/s which is roughly at the limit of x1, right? or wrong?

Maybe I need to change the BIOS settings to have a x4 PCIe, still have to read it thoroughly.

Thank you.

 

[boerni666]

well, try out if its enough and see if the driver overhead isnt too big. you can always update the bios and change the bios setting with the editcmos tool to get PCIe Gen 2.

You could also use the 2.5" SSD, just use a 90° angled sata connector to reach the sata port under the heatsink, also you need a floppy power to sata connector, then you can get the power of the board.

 

[ilib5]

Humm,

When I try to do editcmos.exe save=file.txt in the FreeDOS command line there seems to be an error.

Could not find a suitable BIOS interface.
Returning 2 (0x02)

I've already upgraded the BIOS.

What could be wrong?

 

[Pietro395]

Hello guys,
As a personal project I am using the Fujitsu Futro S920 thin client at home as a server for my homelab with Proxmox

At home I have a 2.5 Gbps FTTH with ONT ZTE F6005 connected to a Zyxel 5601 router on the 2.5 Gbps WAN port.

The LAN port is connected to the Futro via a KALEA-INFORMATIQUE PCIe 3.1 1x 2.5 PCIe card ( previously a Tplink TX201 with Realtek chip with same problems).

The card is connected with a PCIe riser and I am doing the speedtests from a Debian container.

The problem is that I cannot do speedtests where I pass the 1 Gbps.

   Speedtest by Ookla

      Server: Vodafone IT - Milan (id: 4302)
         ISP: Telecom Italia
Idle Latency:    11.75 ms   (jitter: 0.11ms, low: 11.61ms, high: 11.91ms)
    Download:   869.52 Mbps (data used: 735.7 MB)                                                   
                 33.05 ms   (jitter: 22.91ms, low: 12.50ms, high: 966.51ms)
      Upload:   979.45 Mbps (data used: 1.0 GB)                                                   
                 15.34 ms   (jitter: 1.25ms, low: 11.47ms, high: 24.54ms)
 Packet Loss:     0.0%

On Proxmox the board appears to negotiate at 2.5:

root@pve:~# ethtool enp1s0
Settings for enp1s0:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
                                2500baseT/Full
        Supported pause frame use: Symmetric
        Supports auto-negotiation: Yes
        Supported FEC modes: Not reported
        Advertised link modes:  2500baseT/Full
        Advertised pause frame use: Symmetric
        Advertised auto-negotiation: Yes
        Advertised FEC modes: Not reported
        Speed: 2500Mb/s
        Duplex: Full
        Auto-negotiation: on
        Port: Twisted Pair
        PHYAD: 0
        Transceiver: internal
        MDI-X: off (auto)
        Supports Wake-on: pumbg
        Wake-on: g
        Current message level: 0x00000007 (7)
                               drv probe link
        Link detected: yes

instead on lshw the strange thing is that it is reported as 1gbps capacity and among the "capabilities" there is maximum 1gbps

root@pve:~# lshw -C network
  *-network                 
       description: Ethernet interface
       product: Ethernet Controller I225-V
       vendor: Intel Corporation
       physical id: 0
       bus info: pci@0000:01:00.0
       logical name: enp1s0
       version: 03
       serial: 88:c9:b3:b5:14:91
       capacity: 1Gbit/s
       width: 32 bits
       clock: 33MHz
       capabilities: pm msi msix pciexpress bus_master cap_list rom ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=igc driverversion=6.5.13-3-pve duplex=full firmware=1079:8770 latency=0 link=yes multicast=yes port=twisted pair
       resources: irq:30 memory:fe700000-fe7fffff memory:fe800000-fe803fff memory:fe600000-fe6fffff

Doing a test with iperf3 between my server and router (the only two 2.5gbps elements) it seems that I can pass the 1gbps lmit

Connecting to host 192.168.178.1, port 5201
[  5] local 192.168.178.10 port 46904 connected to 192.168.178.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   187 MBytes  1.57 Gbits/sec    0    539 KBytes       
[  5]   1.00-2.00   sec   185 MBytes  1.55 Gbits/sec    0    564 KBytes       
[  5]   2.00-3.00   sec   185 MBytes  1.55 Gbits/sec    0    564 KBytes       
[  5]   3.00-4.00   sec   185 MBytes  1.55 Gbits/sec    0    592 KBytes       
[  5]   4.00-5.00   sec   185 MBytes  1.55 Gbits/sec    0    592 KBytes       
[  5]   5.00-6.00   sec   184 MBytes  1.54 Gbits/sec    0    592 KBytes       
[  5]   6.00-7.00   sec   182 MBytes  1.53 Gbits/sec    0    592 KBytes       
[  5]   7.00-8.00   sec   185 MBytes  1.55 Gbits/sec    0    592 KBytes       
[  5]   8.00-9.00   sec   184 MBytes  1.54 Gbits/sec    0    592 KBytes       
[  5]   9.00-10.00  sec   185 MBytes  1.55 Gbits/sec    0    764 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.80 GBytes  1.55 Gbits/sec    0             sender
[  5]   0.00-10.00  sec  1.80 GBytes  1.55 Gbits/sec                  receiver

That said, shouldn't I pass the 1gbps in the speedtests as well? what am I missing? could the problem be on OpenWRT or ONT?

The cable from the router to the ONT?



I would like to add that I have a mini picie card with two ssd's attached.

 

[boerni666]

according to the last iperf3 test, it looks like your card is limited to PCIe Gen 1.

Theres some how tos in this thread how to setup PCIe Gen2. Basically boot up freedos, update the bios, and then use the editcmos tool to change the correct setting, since that cant be done in bios.

Details somewhere in this thread

 

[Pietro395]

according to the last iperf3 test, it looks like your card is limited to PCIe Gen 1.

Theres some how tos in this thread how to setup PCIe Gen2. Basically boot up freedos, update the bios, and then use the editcmos tool to change the correct setting, since that cant be done in bios.

Details somewhere in this thread

Thank you very much for the details, really interesting, I will research and try

 

[Pietro395]

according to the last iperf3 test, it looks like your card is limited to PCIe Gen 1.

Theres some how tos in this thread how to setup PCIe Gen2. Basically boot up freedos, update the bios, and then use the editcmos tool to change the correct setting, since that cant be done in bios.

Details somewhere in this thread

The problem was also in my OpenWRT router, I solved it and from the router I get 2.2Gbps download.

From the Futro I have this results and I see that the CPU goes to 100%, is it still a PCI problem or is it its maximum?

Should I do the Freedos procedure?

      Server: TIM SpA - Ancona (id: 54071)
         ISP: Telecom Italia
Idle Latency:     1.73 ms   (jitter: 0.39ms, low: 1.69ms, high: 2.46ms)
    Download:  1700.13 Mbps (data used: 959.7 MB)                                                   
                  5.49 ms   (jitter: 1.05ms, low: 2.08ms, high: 11.39ms)
      Upload:  1003.23 Mbps (data used: 700.9 MB)                                                   
                  7.20 ms   (jitter: 0.49ms, low: 5.17ms, high: 8.53ms)
 Packet Loss:     0.0%

Thank you

 

[boerni666]

I could get around 2Gbit/s NAT-Performance, but using an upstream Fiber Conection can be sth different. Are you also using PPPoE to connect to your ISP? That can create some CPU-Overhead

 

[Pietro395]

I could get around 2Gbit/s NAT-Performance, but using an upstream Fiber Conection can be sth different. Are you also using PPPoE to connect to your ISP? That can create some CPU-Overhead

On my router I have PPPoE and I reach 2.2Gbps.


I think on my Futro I max out at 1.7 maybe because of PCIe Gen1 since in the miniPCIe slot I also have two SSDs connected, could it be?