Looking for low power CPU with VT-d and AES-NI for new pfSense build

Zack Hehmann

Member
Feb 6, 2016
67
5
8
I wanted to get everyone's thoughts on a new pfSense build I'm looking at doing. I might consider making this build a light ESXi build that runs pfSense, a TurnKey Linux build with phpIPAM packages installed, and maybe an Asterisk server.

I currently am using a Dell optiplex 755 and it's workign great.
CPU: E4600
RAM: 3GB DDR2
HDD: Spinning 160GB
pfSense 2.2.6 x64
Thermal sensors are reading 27C in pfSense.
Chipset should be an Intel Q33 @ about 15W TPD
It has been a while since I put the kill-a-watt on it to check its consumption but I want to say it was about 50W.


I came across a Bomgar B200 that I ended up using for my pfSense box. The blower fan is a lil loud and I might look at adjusting/replacing it later. The specs of the Bomgar box were a good enough replacement to the Dell I was using so I thought I would give it a shot and it's rack mountable.

CPU: E8400
RAM: 4GB DDR2
HDD: 500GB WD RE Drive
MOBO: Supermicro X7SBi
Case: Supermicro SC512L-260B
pfSense 2.3.2 x64
Thermal sensors are reading 46C in pfSense. These are at idle because I only have the LAN connected and just browsing the WEBUI.
Chipset is an Intel 3210 @ about 21.3W TDP
Kill-a-watt is reading 72-78W when I pulled out one of the 1GB sticks or RAM to be like the other system.

I ended up leaving the new build on for a few days and it ended up getting hotter than 46C and was still doing nothing more than having its LAN int connected.

I considered replacing the motherboard/cpu/ram and adding a small SSD (30 - 120GB) in the new box to make it more efficient, powerful, and cooler without being too expensive. I would love a new Atom build, but they are over $250 easy... I also plan on adding some packages to pfSense the will be more CPU intensive. (SNORT/ SURICATA, HAVP antivirus, and squid). I currently have openvpn configured for a RA VPN, and might end up doing a S2S with it or setup several ipsec tunnels. Is the AES-NI going to help a lot?

I also might want these 2 features on the new CPU.
AES-NI
VT-d

I came up with a L5630 and its $6-10 on eBay!!

I only need to pick a motherboard for the build.

I would like it to be a Supermicro board and it has to be an ATX board or smaller to fit in the case. The cheaper the better. I don't care about RAID controllers, but I do care about IPMI and dual NICs. I would be fine without IPMI if the price is right. I could go with a DP board, but I think I loose out on the other ram slots since I'm only installing 1 CPU. I don't think that it will matter that much any way. I could install (3) 2GB or (3) 4GB sticks of RAM giving me plenty to assign to the few VMs. What ever the cheapest option is the one I'm looking for.


Parts breakdown
Heatsink: SNK-P0037P $10 eBay
CPU: L5630 $6-10 eBay
MOBO: Supermicro X8STi-F $80 eBay

I'm at $100 and I still need RAM.

This board has the x58 chipset so it should be better on power consumption @ 24.1W TPD.

The downside to the single CPU boards, is that they are workstation builds and lack the ability to use RDIMMS. That forces me to use unbuffered ECC memory which is more expensive. I don't really care about the ECC part, so has anyone used this series of the boards and used regular unbuffered DIMMs? Hopefully this board isn't picky about memory and I can get some cheap 1-4GB sticks.



I have read several threads about power consumption and 1U case fans that have been helpful in making my decisions.

Do you think that I will be about the same wattage as the Bomgar appliance I was planning on using?

Does anyone have any of these parts to sell that will work for me?

I noticed that the blower fan that is in the case is not the same model that supermicro provides in that case. I have a louder one... Delta bfb1012hh. Is there any hope to make this quieter? I'm ok with the PSU fan.
 
Last edited:

Patrick

Administrator
Staff member
Dec 21, 2010
12,367
5,497
113
Anything you are getting these days you will want AES-NI on. We have seen AES-NI hardware for over six years now so adoption in common packages (and pfSense) is certainly there.

Power wise, I might be inclined to get an Atom C2758 / C2558 instead. Quad NICs built-in and probably half the power consumption. If you can find one used you will likely make up initial purchase differential on power.
 

Zack Hehmann

Member
Feb 6, 2016
67
5
8
Anything you are getting these days you will want AES-NI on. We have seen AES-NI hardware for over six years now so adoption in common packages (and pfSense) is certainly there.

Power wise, I might be inclined to get an Atom C2758 / C2558 instead. Quad NICs built-in and probably half the power consumption. If you can find one used you will likely make up initial purchase differential on power.
Thanks Patrick!! I think that I need AES-NI support on the new build. I have been looking at prices on a C2758/C2558 boards. They are starting at about $250 for just the C2558. I have crunched some numbers to see what total energy costs might be and the breakeven points.

Assuming my numbers are right at 20W for Atom and 100W for the L5630 it will take 2.38 years to break even with the prices for the Atom @$300 and the L5630 @$150 and if the Atom is listed at $500 for everything it will take 5.5 years. Even by 2.38 years I might be looking at a new device, so I don't know if it will make sense..?

I don't know if I could justify the more expensive Atom boards given the numbers especially being unemployed...


I'm not in a rush to make a purchase, so I might wait a lil while before making a purchase. Is it a bad idea to go with the L5630 setup? It should handle everything I need it to do.

Anyone have an idea about power consumption for the L5630 system I'm looking at?
 

cesmith9999

Well-Known Member
Mar 26, 2013
1,351
454
83
Is there an easy way to do a price/power/mb comparison with the processors that support AES-NI?

I am about to embark on a new server/network project with a friends network. and while I would love to spend $300 on a new 2358/mb/ram/case. I was wondering of other possibilities (dedicated server).

Chris
 

Patrick

Administrator
Staff member
Dec 21, 2010
12,367
5,497
113
@cesmith9999 that is one of three longer term projects I am working on. I realized that the review format we use is good, but it does not lend itself well to that kind of comparison. We generate a lot of data but I want a better way to present it.

BTW: Supermicro X11SBA-LN4F Review - Sweet! may be another option.
 
  • Like
Reactions: wsuff

BLinux

cat lover server enthusiast
Jul 7, 2016
2,600
1,052
113
artofserver.com
Check out systems built around the celeron n2930. I got a complete system w/ 5 1Gbps ports for about $260 ish. If I recall, the n2930 is 7w tdp. I measured with a kill a watt and the entire system used between 18w to 27w.
 

whitey

Moderator
Jun 30, 2014
2,771
872
113
40
YAWN...APU2 :-D

HAHA I TOTALLY am biased since I have had nothing but steller results using pc-engine boards.

I understand the desire for AES-NI (which if memory serves me correct is supported on the APU2 units) but why the desire for vt-D if it's just a pfSense router/FW? Can't imagine you could squeeze THAT much more outta passing through nics to pfSense.
 

Zack Hehmann

Member
Feb 6, 2016
67
5
8
Since I'm going to do an ESXi install, to run other low resource intensive VMs, I would like the ability to pass 2 nics directly to pfSense. I agree that the performance differences probably won't be noticeable, but this gives pfSense direct access to control the hardware. I like that ability better than just turning off or disconnecting a virtual NIC. The other added benefit I see is that if I wanted to do packet captures directly on the pfSense box, I don't have to worry about the hypervisor getting in the way and its closer to running to bare metal than in a vm.

Sent from my Nexus 6P using Tapatalk
 

Zack Hehmann

Member
Feb 6, 2016
67
5
8
It's really frustrating trying to find a solution. Most of the Pentiums/Celerons/Atoms do not support vt-d which is understandable. The new D15XX Pentiums do, but they are more expensive. Anyone have good numbers for a L5630 system at idle, hopefully one with 1 CPU. I think its reasonable to think for a SSD, 1 CPU, 1-4 sticks of RAM, and a board that it could be around the 50W or so mark idling...?
 

BLinux

cat lover server enthusiast
Jul 7, 2016
2,600
1,052
113
artofserver.com
It's really frustrating trying to find a solution. Most of the Pentiums/Celerons/Atoms do not support vt-d which is understandable. The new D15XX Pentiums do, but they are more expensive. Anyone have good numbers for a L5630 system at idle, hopefully one with 1 CPU. I think its reasonable to think for a SSD, 1 CPU, 1-4 sticks of RAM, and a board that it could be around the 50W or so mark idling...?
reduce the number of DIMMs to reduce power consumption. Using denser DIMMS so you only need 1 or 2 will help reduce power consumption.

I had some Supermicro Atom 8-core 5018A-FTN4 machines (sold here recently) that drew about 24-30W and it had 1x 4GB DIMM and 1x 60GB SSD; this was mostly at idle.

I know it's nice to have more features, but you said these were not resource intensive VMs you want to run, so does vt-d really matter? A decade ago I could run VMs with 128MB RAM and everything in software emulation. With SSD speeds, would software emulated disk I/O just not be enough?
 
  • Like
Reactions: Zack Hehmann

Zack Hehmann

Member
Feb 6, 2016
67
5
8
reduce the number of DIMMs to reduce power consumption. Using denser DIMMS so you only need 1 or 2 will help reduce power consumption.

I had some Supermicro Atom 8-core 5018A-FTN4 machines (sold here recently) that drew about 24-30W and it had 1x 4GB DIMM and 1x 60GB SSD; this was mostly at idle.

I know it's nice to have more features, but you said these were not resource intensive VMs you want to run, so does vt-d really matter? A decade ago I could run VMs with 128MB RAM and everything in software emulation. With SSD speeds, would software emulated disk I/O just not be enough?
Thanks for the tip about using few sticks of RAM. I read where it's about 2W or so for each stick... I'm only wanting vt-d to pass through 2 NICs to the pfSense VM, not for storage.

I stumbled across this thread Interesting ITX Socket G2 (laptop sandy) Dual Intel NIC, vPro: $55 shipped.

It looks promising, but will be trouble trying to get it in my case and I would have to locate an IO shield. The second and third gen mobile i5s and i7s are perfect. I don't know if I could find a good board though.

I have been looking some more and cam across a few skt 1155 i5s and i7s that support all the features I'm looking for. I would look at then buying a x9scm or a x9scl w/ or w/o ipmi. The i5 I found is 35W. I think this should be a better solution than the mobile and the L5630... What do you guys think?
 

Zack Hehmann

Member
Feb 6, 2016
67
5
8
Supermicro says that the x9scl/m boards don't support i5s or i7s. I did just stumble across this. I don't know how reliable it is. I have a x9scm-f, but no i5s or i7s to put in it.