Pfsense with newer CPUs

[coxhaus]

I wonder if I use a gen 6 Intel I3-6100T CPU vs a gen 4 i3-4130 will I notice a difference in performance? Is the instruction set different enough that it will make a difference? I am getting ready to try it. I want to see if encryption works better or anything else. I thought I had a i3-4130T cpu but I had a i3-4130 cpu which is 57 watts. The i3-6100T will be 35 watts and is a newer gen 6 cpu.

What is the difference between AES-NI based acceleration and AES-NI BSD crypto device in pfsense? Is one hardware and one software?

 

[sfx2000]

Both are HW for AES support... BSD is fine with either.

I suppose it's more the support logic around the CPU - PCIe bamdwidth, etc...

IIRC - there's a bit of IPC uplift on the 6th Gen (Skylake) compared to the 4th Gen (Haswell), but for running PFSense, it won't really matter, IMHO...

 

[Christos]

Why not using an Atom cpu?

 

[L&LD]

While the power consumption will be greater with the 4130 at maximum load, at idle loads, they will be very similar.

As noted, the performance will be effectively the same.

 

[sfx2000]

While the power consumption will be greater with the 4130 at maximum load, at idle loads, they will be very similar.

As noted, the performance will be effectively the same.

That was my thoughts as well - pfsense is fairly efficient in stock form without some of the add-ons (snort IDS can up the load for example) - watch the CPU loads, and for the most part, the CPU is not loaded very hard at all..

 

[sfx2000]

Why not using an Atom cpu?

He's got more bandwidth than some of the older Atom's can do...

More importantly - it's the hardware he has on hand already.

 

[ddaenen1]

I did some trials with a Lenovo NUC which has an Core i3-8300T. Honestly, my 1Gbps WAN connection wasn't enough to notice any difference compared to my Xeon E3-1220v2

 

[Tech9]

Core i3-8300T

This CPU is actually not much faster than your Xeon. It's more power efficient.

 

[coxhaus]

I did some trials with a Lenovo NUC which has an Core i3-8300T. Honestly, my 1Gbps WAN connection wasn't enough to notice any difference compared to my Xeon E3-1220v2

Your Xeon is a 69 watt CPU. I don't want to run something that hot in my closet unless I have to.
I would like to run a i3-8300T. It is only 35 watts like my i3-6100T but my i3-6100T is good enough and only $15. I would want to be able to add a half height 10 gig NIC to my pfsense PC. I don't think with a NUC you can do that. eBay has a i3-8100T $40, not bad. The problem would be coming up with an 8th gen motherboard to run it. I can probably buy a refurbished 12th gen Dell for about the same money as the 8th gen my guess would be around $450. My i3-6100T is a lot less around $150.

Back when I used a Xeon, years ago, I ran a 35 watt Xeon out of a blade server I bought off eBay. I used ECC memory. The Xeon is a great CPU. I did not buy ECC memory for my i3-6100T. I hope I don't regret it. They did not have any when I bought my memory. All the Xeons use EEC memory, error correcting memory.

And honestly, I think the cooling is better in a real PC over a NUC as it has more air space and fans. The trick is to keep the fans quiet for normal running. My i3-6100T is very quiet and not hot. But the fans will probably handle a 80 watt CPU not that I would run one so it will never get hot like a NUC. A NUC is not my choice for pfsense.

I should be able to switch my pfsense PC next week as my granddaughter is going home for a little bit.

PS
What clock speed was the NUC configured at? You can down configure the i3-8100T at 2.5 GHz instead of 3.2 GHz to control the heat. I want a high clock rate with low heat. I would not want anything under 3 GHz.

 

[ddaenen1]

2 things: i have an Intel i350-T4 in the NUC and that fits perfectly fine. There are others that squeeze in x550-T2's without problem. As for CPU speed, i didn't touch the setting so i can only assume it is running at stock speed. My aim for this NUC is to be a backup for the Xeon but as i need to hook it up to my main ISP router/modem to upload the config of my main pfsense box, this is not happening any time soon with the kids now being home to study for the exams this time of the year. I have also been looking at replacing the E3-1220v2 with an E3-1265Lv2 to get consumption down as it would be a plugin solution but they are asking too much money for these things, even on the 2nd hand market.

 

[coxhaus]

The E3-1265Lv2 is a 45 watt CPU so it would bring down the heat. You know the base clock speed is 2.5 GHz. This would work but I like higher clock speeds. The Xeon is a much better server CPU. Running pfsense I am not sure you will notice at home. I don't live in the server world any longer as I have been retired too long. So, I can't tell you what's out there anymore.

You should be able to read the clock speed on the NUC using the dashboard screen in pfsense if the vendor clocked the NUC down to control heat. I have not figured out how to back up and transfer configs in pfsense. I don't really care. I just start from scratch. There are not that many settings. I figure it out as I go. I will start with the Intel dual port NIC and then switch as I get to the later FreeBSD with newer drivers.

I see no reason to use any more than 2 ports for pfsense or any firewall. You don't want multiple paths in your firewall for blocking and passing traffic. VLANs are not paths in your firewall as they are all on the same physical port. I am talking physical ports. If I had a 4 port NIC card, I would only use 2 ports for my firewall. Laggs would be the only exception as they are logically 1 port. I use an L3 switch so there is only 1 physical port and 1 network in my path to and through my firewall. This is something I believe in.

 

[ddaenen1]

The E3-1265Lv2 is a 45 watt CPU so it would bring down the heat. You know the base clock speed is 2.5 GHz. This would work but I like higher clock speeds.

I agree.

You should be able to read the clock speed on the NUC using the dashboard screen in pfsense if the vendor clocked the NUC down to control heat. I have not figured out how to back up and transfer configs in pfsense.

Once you have many things configured like VLAN's, pfBlockerNG and so on, uploading a previous config is a blessing. Done it several times before.

I see no reason to use any more than 2 ports for pfsense or any firewall. You don't want multiple paths in your firewall for blocking and passing traffic. VLANs are not paths in your firewall as they are all on the same physical port. I am talking physical ports. If I had a 4 port NIC card, I would only use 2 ports for my firewall. Laggs would be the only exception as they are logically 1 port. I use an L3 switch so there is only 1 physical port and 1 network in my path to and through my firewall. This is something I believe in.

Agreed. I had the i350-T4 at hand but will still only use 2 ports, as i do with my current pfSense server.

 

[coxhaus]

I did some trials with a Lenovo NUC which has an Core i3-8300T. Honestly, my 1Gbps WAN connection wasn't enough to notice any difference compared to my Xeon E3-1220v2

Your NUC is going to not respond to PowerD. You will need to add the tunning variables for Speed Shift I talked about in my other pfsense thread to keep the heat down since it is an 8th gen cpu when running pfsense. It should give off a lot less heat.

Another thought. Does anybody know?
I was looking at an i7-8700T cpu which is a 35 watt cpu 6 cores and 6 threads. The speed seems a little slow at 2.4GHz but at Turbo it is 4GHz. Turbo I guess is only 1 cpu but if you run SNORT which is single threaded could it benefit from Turbo? Will the heat stay down during Turbo mode?

 

[L&LD]

For maximum power savings, use an 11th Gen or 13th Gen CPU.

Faster, more capable, and use less energy too.

 

[coxhaus]

I have not seen a lot of 35 watt 12th and 13th gen chips except for Micro and all-in-one PCs. Yes on 65 or 60 watt CPUs.
Can you name some and I will look.

PS
I found them. Intel's new Raptor Lake T series CPUs are finally being sold online, including the i9-13900T, i7-13700T, i5-13600T, 13500T, 13400T, and i3-13100T from German. There are none around me that I have seen so I will have to stay with the older generations.

Dell is less than 20 minutes from my house and I bet they have some. I have not seen them on their web site.

I am not sure on being less power draw but they have faster memory and support newer features. Maybe there is a new power saving feature as I don't keep up any more.

Here is an article that sounds like the low watt Raptor Lake CPUs take a big hit in performance on clocking and cache to keep the power down so I wonder if they are really a lot better than their older counter parts using pfsense?

Low-Power Intel 13th Gen T Series CPUs Finally Hit Market

35W Raptor Lake CPUs for the masses

www.tomshardware.com

 

[L&LD]

I'm not talking about the T series CPUs.

A regular CPU will do the work faster and effectively more efficiently than any older model will.

 

[coxhaus]

I only want buy 35 watt CPUs. I don't want more heat in my closet.

 

[Christos]

I only want buy 35 watt CPUs. I don't want more heat in my closet.

Since you buy something, why don't you choose an Atom cpu with around 10 watt?
35 watt is still much for a device that works 24x7

 

[coxhaus]

I was just asking really. I am happy with my old i3-6100T which I think is more powerful than an atom.
If for some reason, If I pick up lag running SNORT then I will want to move up.

My granddaughter needs to be able to game on her computer at my house when she comes over. I don't want any lag in my network running SNORT.

And 35 watts is the max for my CPU. It is only running 2 or 3% so I would think around 10 watts. I need a watt meter.

 

[L&LD]

I only want buy 35 watt CPUs. I don't want more heat in my closet.

You can. Of the generations I stated.