pfSense box or Edgerouter lite?

[push]

So I'm getting 1gig/200 internet in the next couple of weeks and looking to get a beefier router so I can maximize my WAN\LAN performance. I don't currently use any QOS or anything like that, just the standard firewall and NAT that the r7000 comes with, so it seems if that's all I want to do is the simple NAT\block everything firewall an ER LITE may be ok, right? I know if I turn on QOS the ERLITE performance takes a dump, and given I'll have a bigger pipe and more tempted to use it, QOS may be something I look more toward now. Below is a picture of my network as it sits now:

http://ctrlv.in/699538

My Build: A1SRi-2758F-O Intel Atom 2758 2x4 (8 gig total) Kingston 4GB 204-Pin DDR3 1600 ECC memory Kingston SSD 60gb SuperMicro CSE-505-203B 1u rackmount case with 200w psu

I do like the flexibility and add-in modules that pfsense has to offer like snort, squid, various reporting tools, etc and I'm sure i'd play with them some. The big question is, is it $400 better? This build will come in around the $500 mark versus $100 for an ERLITE.

The other thing I noticed for others who may have built more rack mounts is that SuperMicro has a barebone that comes with the motherboard\chip and the case I was looking at. It's called the SYS-5018A-FTN4. It also looks like it comes with a riser card (don't think i'll need) and it's about 80 bucks more than if I build it separately. Is there something I'm missing the barebone has that I don't have accounted for and need? Or is the above all I'll need to get my pfsense rig up and running? Thanks ahead of time!

 

[coxhaus]

I always tried to stay from 1U cases as they are pretty noisy if that is an issue. The little fans run at high rpm. You can check the specs. At my house I liked 3 U cases as they are quieter. I have 3 SuperMicro 3U server cases and power supplies. Now days I might look for one of those small footprint machines. It would fit in my rack on a shelf and they are real low power and quiet.

The x86 based software routers are more powerful than the consumer little routers but cost more to buy and run.

If only Intel would allow dual NICs in their Intel NUC machines. I think we would have a winner. I could put several on a shelf.

 

[System Error Message]

the ERPRO is 1U and has 2 fans that are quiet. Does intel Atom support ECC memory? Its important to know the kind of 1U cooling the case has and the type of 1U heatsink as well. pfsense is faster than ERL and offers more. The ERL is less reliable because of its USB flash storage.

You can get cheap 1U cases and just get the motherboard and such yourself to save a lot more money and go with i3. You will need a riser for the NIC and you will need to make sure your board's main PCIe port is the first one for the riser and card to fit. I suggest you look at 3U, 4U or mid sized ATX cases or even ones for micro-ATX. There are also media boxes that is basically 2 or 3U rack size but doesnt follow the rack width or length.

 

[sfx2000]

If only Intel would allow dual NICs in their Intel NUC machines. I think we would have a winner. I could put several on a shelf.

http://www.amazon.com/dp/B00P2TE0DM/?tag=snbforums-20

 

[coxhaus]

sfx2000 have you tried pfsense or Untangle on one of these. How fast are they? I will

PS
While looking at your Jet PC I found an Intel NUC.
I came across this Intel NUC a DC53427HYE. It has a mini full length PCIe slot. I wonder if you can add second NIC in this slot?

 

[push]

The super micro board I'm looking at does support ECC memory and has the intel NICs built in. The 2758 also support intel quick-assist so it should help a lot with VPN encryption.

Motherboard\CPU:
http://www.amazon.com/gp/product/B005TWE6B8/?tag=snbforums-20

Case:
http://www.newegg.com/Product/Produ...m_re=supermicro_1u-_-2KH-0001-00031-_-Product

This is what I was looking at:

http://ctrlv.in/699609

 

[coxhaus]

push, I can't find any noise db values. It does say it is a low noise power supply. I even looked on SuperMicro's web site.

 

[push]

There are people running this board in a 1u case without any fans. Either way it's tucked away in a room away from where anyone will be, so if there is a little noise I don't mind.

 

[sfx2000]

There are people running this board in a 1u case without any fans. Either way it's tucked away in a room away from where anyone will be, so if there is a little noise I don't mind.

1U servers/cases can be extremely loud - they were intended for data centers after all - but there are some that are fairly quiet, and with a board like this, one could get away with a half-length case and minimal fans - the board doesn't generate that much heat...

The board itself is a mini-ITX format, so any Mini-ITX case should be fine - the Silverstone DS380 or U-NAS NSC-800 cases come to mind...

Can make it a combo NAS/Router box from a HW perspective, and either customer roll a BSD/RedHat/Debian (or derivatives) build - or just drop in pfSense and run the NAS in a BSD jail...

Might also consider the ASRock Rack C2750D4i board, pretty similar to the SuperMicro you referenced earlier...

 

[coxhaus]

There are people running this board in a 1u case without any fans. Either way it's tucked away in a room away from where anyone will be, so if there is a little noise I don't mind.

You are going to need a low voltage i7 to try this. I tried in Texas to run a low voltage Xeon with just a heat sink. In July and August I would get occasional thermal shutdowns. I had to add fans.

 

[push]

You are going to need a low voltage i7 to try this. I tried in Texas to run a low voltage Xeon with just a heat sink. In July and August I would get occasional thermal shutdowns. I had to add fans.

Atoms are 20w tdp, so no real heat. Plus the server rack is located in my basement where it's like always 65-70 degrees. I'll probably have one or two super quiet fans in it.

 

[push]

I'll let you know how it goes, just built a c7258 beastie 1u machine. Should have all the parts in a week or so, then building and loading pfsense onto it.

 

[System Error Message]

for those in the UK theres this NUC i found that is cheaper than the ASUS AC88U in the UK.
http://www.amazon.co.uk/dp/B019ZLUQAS/?tag=smallncom-21. (at this time the link is £256)

So for the price of the AC88U which is £300 in the UK you can get something much better and a managed switch that will do everything the asus does but at gigabit speeds. Since it also has SATA and USB3 it also makes a better NAS if only pfsense would add that capability. Although wifi capability would be lacking in performance it at least will run more reliably as a wifi router but as a router with some anti malware or UTM, firewall, QoS, and other functionality it will do it at gigabit speeds which is something even the highest end ASUS or netgear cannot handle and for half the price. Router manufacturers really need to redo their pricing and designs if x86 is beating them in price and performance.

 

[L&LD]

for those in the UK theres this NUC i found that is cheaper than the ASUS AC88U in the UK.
http://www.amazon.co.uk/dp/B019ZLUQAS/?tag=smallncom-21. (at this time the link is £256)

So for the price of the AC88U which is £300 in the UK you can get something much better and a managed switch that will do everything the asus does but at gigabit speeds. Since it also has SATA and USB3 it also makes a better NAS if only pfsense would add that capability. Although wifi capability would be lacking in performance it at least will run more reliably as a wifi router but as a router with some anti malware or UTM, firewall, QoS, and other functionality it will do it at gigabit speeds which is something even the highest end ASUS or netgear cannot handle and for half the price. Router manufacturers really need to redo their pricing and designs if x86 is beating them in price and performance.

You're ignoring the part that the RT-AC88U (or any other consumer router) has between 2 to 6 dual band antennae or more that will put to shame any WiFi wireless card that can be installed in any NUC or similar sized system.

As a router and with enough knowledge or handholding, yes the dual NIC NUC will be a formidable router for many, many years to come. But the WiFi side of things will still need to be addressed and that will cost the same or more if the RT-AC88U or higher level of WiFi performance is expected.

You pay more, you get more. That never changes.

But to get significantly better than the highest consumer rung, you need to spend roughly twice as much to get there. Whether that is in hardware, expertise or time.

 

[coxhaus]

for those in the UK theres this NUC i found that is cheaper than the ASUS AC88U in the UK.
http://www.amazon.co.uk/dp/B019ZLUQAS/?tag=smallncom-21. (at this time the link is £256)

So for the price of the AC88U which is £300 in the UK you can get something much better and a managed switch that will do everything the asus does but at gigabit speeds. Since it also has SATA and USB3 it also makes a better NAS if only pfsense would add that capability. Although wifi capability would be lacking in performance it at least will run more reliably as a wifi router but as a router with some anti malware or UTM, firewall, QoS, and other functionality it will do it at gigabit speeds which is something even the highest end ASUS or netgear cannot handle and for half the price. Router manufacturers really need to redo their pricing and designs if x86 is beating them in price and performance.

The NUC looks good. So now the question is pfsense or UNtangle?

 

[sfx2000]

The NUC looks good. So now the question is pfsense or UNtangle?

Don't forget Sophos UTM...

 

[coxhaus]

Don't forget Sophos UTM...

I think they are going through growing pains as they are developing a new version. Maybe after the new version is out for a while. Looks like the beta has issues. I was going to play with one this winter but I think I will wait.

 

[System Error Message]

While using x86 with a wifi AP for decent wifi costing more than the ac88U it will be usable for more upgrade cycles compared to consumer. You would only need to get an AP with the wifi chip you want and it can use a MIPS or a cheap chipset as long as it is fast enough to bridge wifi to wire. overall it is still cheaper and more reliable (no reboots). The example i posted is for i5 though there are x86 boxes that are cheaper.

You're ignoring the part that the RT-AC88U (or any other consumer router) has between 2 to 6 dual band antennae or more that will put to shame any WiFi wireless card that can be installed in any NUC or similar sized system.

As a router and with enough knowledge or handholding, yes the dual NIC NUC will be a formidable router for many, many years to come. But the WiFi side of things will still need to be addressed and that will cost the same or more if the RT-AC88U or higher level of WiFi performance is expected.

You pay more, you get more. That never changes.

But to get significantly better than the highest consumer rung, you need to spend roughly twice as much to get there. Whether that is in hardware, expertise or time.

Consider how much cheaper it would be to recycle a core2 based xeon or even older unused PCs and the rest of the cost would simply go for getting an AP instead of a high end wifi router. If you had an older system laying around you could just reuse it and the cost would just be the wifi AP and a NIC. Its not necessarily more expensive, it can be much cheaper as well.

 

[coxhaus]

I am preparing my pfSense install with my layer 3 switch and my router VLAN. I am going to try it out on an old Xeon low voltage server I have in my rack. If I like it I may buy one of the new Intel NUC boxes.

 

[Nullity]

I gotta mention, FreeBSD/pfSense only recently (last year or so?) added 802.11n support (no AC, AFAIK), sooo... you are most likely still going to need a not-exactly-inexpensive WiFi AP.