New 1U pfSense build - Can't decide on hardware

Discussion in 'DIY Server and Workstation Builds' started by link470, Aug 18, 2018.

  1. link470

    link470 New Member

    Joined:
    Mar 26, 2017
    Messages:
    4
    Likes Received:
    1
    I'm working on a new pfSense build to replace a SuperMicro 1U D525 build (which of course, doesn't have AES-NI support and will therefore be incompatible with future pfSense releases).

    I've decided on the SuperMicro SC505-203B as the case because of the front facing I/O. Comes with a PSU, which I may swap for the 160w Pico I have in the D525 right now (because it's 100% silent), and install a couple 40mm fans in there for airflow. Hard drive and RAM are easy; I'll find something and install 'em.

    The real question is which board to get. I'm between 4 at the moment with the 1U form factor in mind (so it'll fit nicely in my enclosed wall rack in a closet). I'm very open to another suggestion as well; I'm not limited to these boards in any way. This is just what I've found. Also, if one of these pros or cons isn't actually a pro or con to you, please explain! It might help me decide and learn.

    Board 1: SuperMicro X11SBA-LN4F (Pentium N3700)

    Pros:
    •Quad gigabit ethernet with dedicated IPMI interface
    •Low price
    •6w TDP chip

    Potential Cons:
    •Intel i210; I've heard the i3xx is better and should be the one to aim for over the i2xx because of queue handling and the potential for pfSense to take better advantage of that down the road
    •No QuickAssist
    •Installation problems - I'm sure many of you are familiar with this post on pfSense forums where 'Engineer' is working extremely hard to find a solution and runs into issues with board revisions that require a hardware fix.

    Board 2: SuperMicro A1SRi-2558F (Atom C2558)

    Pros:
    •Quad gigabit ethernet with dedicated IPMI interface
    •Intel i354 NIC
    •QuickAssist

    Potential Cons:
    •C2000 series. As much as this board seems like it's used for pfSense builds all over the place, the fact that it has a potential time bomb of its life is concerning.
    •Oldest of the 4 board chipsets here

    Board 3: SuperMicro A2SDi-4C-HLN4F (Atom C3558)

    Pros:
    •Quad gigabit ethernet with dedicated IPMI interface
    •QuickAssist
    •New chip that doesn't seem to be affected by the C2000 bug
    •Still keeping the heat relatively low with a 16w TDP, just 3w TDP higher than my rather toasty D525

    Potential Cons:
    •New C3000 based Intel network chipset (X553 I believe) which it sounds like the next version of pfSense will support, but not sure how stable this technology is right now. Thoughts appreciated.
    •Rather pricy, but I'll put the money into it if it's worth it

    Board 4: SuperMicro A2SDi-LN4F (Atom C3850)

    Pros:
    •Quad gigabit ethernet with dedicated IPMI interface
    •QuickAssist
    •New C3000 chip
    •Well known i350 NIC

    Potential Cons:
    •Pricy
    •Highest CPU TDP at 25w

    Thanks for your time in advance everyone!
     
    #1
  2. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    3,591
    Likes Received:
    543
    So you have a nice list of options, but over that you totally forgot the most important information:

    What are your (specific) requirements;) ?
    Was the D525 sufficient and you just need a future save replacement? Was it lacking in any way?

    Whats up&down, features you are currently using/will be, user count etc?
     
    #2
  3. link470

    link470 New Member

    Joined:
    Mar 26, 2017
    Messages:
    4
    Likes Received:
    1
    You're absolutely right, my apologies. I had the list of parts on my mind so much that I completely forgot that.

    It needs to be able to handle traffic from a relatively small number of devices (less than 50) on a 150/150 connection, which may be a 300/300 connection down the road. The biggest thing is that it doesn't sound like a jet, and the D525 with 2x 40mm fans has been great.

    This is essentially what I'm after, yes. The D525 will very soon be unsupported by pfSense for future versions as well. Other than that, it's been good.

    To be honest, since I implemented it a year and a half ago, there's always been something "not quite right" since, but I think a lot of it comes down to the fact that IPMI was on a shared port and enabled by default, and I now have the jumper disabling IPMI on the board, and also, I'm now no longer using either the DNS forwarder or DNS resolver (or with forwarding enabled) services because no matter how hard I tried, my internet response performance somehow seemed quicker with my 12+ year old Linksys consumer router. I've never had this issue before and install pfSense in many other environments and haven't run into that problem, but it's working pretty well now just bypassing pfSense as DNS and pushing my ISP DNS servers to clients directly.
     
    #3
  4. Robert Fontaine

    Robert Fontaine Active Member

    Joined:
    Jan 9, 2018
    Messages:
    113
    Likes Received:
    26
    I'm looking at the same question:

    I picked up
    - a couple of the iStarUSA D-118V2-ITX-DT for about 50$USD each shipped.
    - a couple of the Noctua NF-A4x10 FLX 40x10mm fans (I may have to come back around for 20mm thick fans if not enough air volume
    - Silverstone SST-FX350-G Standard FLEX ATX 80 PLUS Gold 350W Power Supply arrived yesterday. $130USD shipped.

    The supermicro boards are compelling and make up most of the available boards on fleabay
    other options seems to include

    Mitac PD10AI MT Intel Apollo Lake N3350
    Supermicro A2SAV
    * Supermicro MBD-X11SBA-LN4F-O
    * Supermicro A1SRI-2558F
    Jetway JNF591 Intel Braswell Celeron N3150
    * Supermicro A2SDi-2C-HLN4F

    Neither the Mitac and Jetway have IPMI which seems like less watts at idle so depending
    on your requirements could be good or bad things.

    I am fairly addicted to Supermicro, but in this case (PFSense 300 down , 20 up, rarely use vpn, as an edge router I don't honestly need a server grade motherboard. If I move to 40/10gbe internally I may need an internal router but on the edge to my cable modem what I need is reasonably reliable (wife doesn't yell that the network is down) and quiet (network cabinet is in my office space).

    To me this comes down to aes-ni, 2 intel nics ( the ability to fit a 4 port intel card is nice to have but not really necessary ), passively cooled or pretty darn close ( low db fans acceptable ). In my environment this box will mostly be running at idle and when it is I don't really want to hear it.

     
    #4
  5. nthu9280

    nthu9280 Well-Known Member

    Joined:
    Feb 3, 2016
    Messages:
    1,418
    Likes Received:
    358
    @Robert Fontaine - either HP T620 or T730 should meet nicely for your use case. Not sure if you saw the threads here on these.
     
    #5
  6. Robert Fontaine

    Robert Fontaine Active Member

    Joined:
    Jan 9, 2018
    Messages:
    113
    Likes Received:
    26
    @nthu9280 Yes but I have an addiction.
    already have an optiplex 990 sff with a 4 port intel nic, 8gb and an ssd but it's not pretty and it's a little noisy.
     
    #6
  7. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    3,591
    Likes Received:
    543
    If you look at the official appliances you see that the C3558 with x553 is one of the options (NG-7100) so I would assume it should be supported and issues will receive proper attention.

    But if the 525 was sufficient and you want less power I'd go with the X11SBA-LN4F. Most of the discussion is from 2 years ago, so either thats discouraged all people from buying this for pfsense or the impact is minimal with newer bios versions...
     
    #7
  8. Robert Fontaine

    Robert Fontaine Active Member

    Joined:
    Jan 9, 2018
    Messages:
    113
    Likes Received:
    26
    That said you could save 4 watts at idle by removing IPMI and maybe a little bit more with a 3150 but both the 3700, 3160 and 3150 are all rated for 6 watts so going the 3700 route gives better peak and the same idle.

    The xeon-d territory may suit our friends with gigabit pipes and a dedicated vpn with multiple users but in my basement dungeon I'm really thinking the that my choice is this or the Jetway. I don't really want the 4 watts of the IPMI on one hand but the 4 intel ethernet ports on the motherboard are appealing although again not terribly necessary.

    ... I've convinced myself , the X11SBA-LN4F is the best fit for purpose pfsense motherboard for my needs.... Now I just need to find it for half price. :)
     
    #8
    Last edited: Aug 19, 2018
  9. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    3,591
    Likes Received:
    543
    Can't you disable IPMI via Jumper to save the 4W?
     
    #9
  10. Robert Fontaine

    Robert Fontaine Active Member

    Joined:
    Jan 9, 2018
    Messages:
    113
    Likes Received:
    26
    @Rand_ thanks. didn't know this.... Found a long thread on hardware issue with ethernet port on early revisions of this board.
    X11SBA-LN4F vs A1SRi-2558F still reading. sigh. learning is fun and all but finding a board for pfsense is an unusually drawn out process. PCB 1.02 and better implement the fix.

    Best price for Canuckistan seems to be newegg.ca 275CAD (210USD). Not exactly half price used but not terrible for new with warranty and at least that ensures that if it's old stock that RMA or return is an option.
     
    #10
    Last edited: Aug 19, 2018
  11. PD_ZFS-User

    PD_ZFS-User New Member

    Joined:
    Jul 13, 2018
    Messages:
    6
    Likes Received:
    1
    Robert,

    I've successfully installed OPNSense on my Supermicro X11SBA-LN4F rev. 1.02 with no issues (purchased from Newegg, March 2018). I can confirm that this revision of the board does not have problems with the ethernet ports.

    Currently I'm running Sophos XG Firewall v17.1 and I've also had Sophos UTM 9.508 installed on the same motherboard.

    OPNSense was actually the easiest install of the three, IIRC I was able to use UEFI to install from an ISO on a USB Flash. During the short time I was trying out OPNSense, I never had any issues with the onboard i210 NICs and I've never had any NIC issues with either version of Sophos' firewalls.

    I'm using it for home internet and not really tasking it hard with a 50/50 Mbps service. I have not tested Sophos XG with any VPN setup yet.

    Good Luck with your hardware search,
    PD
     
    #11
    T_Minus likes this.
Similar Threads: pfSense build
Forum Title Date
DIY Server and Workstation Builds Pfsense Build - 1U, Quiet, Short Depth Aug 2, 2018
DIY Server and Workstation Builds Open Compute PFSense Build, Maybe a little overkill ? Jun 28, 2018
DIY Server and Workstation Builds Low Power pfsense build ... Denverton? Aug 21, 2017
DIY Server and Workstation Builds Small and Silent PFSENSE build recommendations Jul 30, 2017
DIY Server and Workstation Builds First build: ESXi 6 all-in-one (Napp-it, pfsense, plex) Jun 21, 2016

Share This Page