I am looking to pick up a mini-PC for use as a pFSense Router. I have essentially narrowed it down to two machines…thoughts?
I want to run Bufferbloat mitigation scripts, a Firewall, VLANs, VPN (VLAN tag segmented), and anything else that catches my eye. The wireless/LAN will be handled by a VLAN enabled Switch and Ubiquity WAP setup.
PLEASE STICK TO NEWEGG as I use it to build my credit score. AS I HAVE A NEWEGG STORE CARD.
I would actually use neither and build a Ryzen ITX machine.
I have a J1800 based NAS right now and its running alright after 2 years… although if you search into issues related to Atom based CPU’s you will find that Cisco/Oracle just had many routers fail after 2 years apparently for clock drifting issues inside of the Atom SOC.
There are also issues with their USB and network parts that start to degrade after 18 months in service… some information even suggested that 40TB could be around the “threshold” for degradation.
For this reason I am looking to rebuild my NAS now into a Ryzen machine or using a Mobile AMD CPU that comes in a couple barebones configurations on Newegg.
Yes I am well aware what pfsense is.
Considering that there are limitations on Atom in the Network aspect, this is even worse than a NAS.
Oracle just had Atom based routers fail as I explained.
But I am not looking to spend an arm and a leg on a router build. The next best option is a different version of the Zotac. Also, neither of those chips in those two computers are Atoms. Unless intel rebranded Atom chips as Celeron and Pentium.
ECS Liva Z = Intel Apollo Lake Pentium N4200 SOC
Zotac ZBOX-CI327NANO-U = Intel® Celeron® Processor N3450
Both of them are Atoms.
Celeron and Pentium are both Atom now since Atom got such a bad rep for being horrible in most every way.
Celeron N and Pentium N aswell as some with the name C and J are all Atom based.
While the Zbox is $206, I think you could put together a basic AMD system for not much more money. Or you could use a AMD Mobile APU instead for the board.
^This might be a better choice if you want to keep the cost down.
I was going to suggest you go the used route and get an ultra low wattage Xeon (E3 1220L v3) with a cheap ITX board and low power RAM. Or maybe go with a PCEngines system.
But both of the links you provided seem very nice. I was not aware there are prebuilt mini systems that have dual NICs like that. I was looking into making a few very small form factor pfSense routers six or eight months ago and was having a horrible time finding systems that would work and were cheap. That Zotac looks pretty nice, and is DDR3. The ECS is even smaller, and has both RAM and onboard storage. Both those processors have AES-NI support.
Yeah, they’re both atoms. Which is perfectly fine for a router. They do have AES-NI support also.
As long as you don’t run stateful packet inspection network intrusion detection, or care about running a VPN client or server, either of those atoms will handle a gigabit connection no problem. If you do want to run a VPN and care about its speed, you will want a much faster CPU. Unfortunately OpenVPN is pretty pokey, so you won’t get more than 100Mbps or so on an atom.
My only caveat is that I’d do a bit of research to check that the ethernet ports are fully supported in FreeBSD.
It should be possible to get a ryzen system for <250.
(2200G + B350 motherboard + 4GB ram + case w/PSU; assuming you have leftover low capacity USB stick somewhere for the os)
The Braswell / Apollo Lake atoms have aes-ni and generally can’t do more than 350-400 Mbps symetrical with a single OpenVPN session (combination of ipc and low clock rate). Ryzen 2200G (3.5GHz :)) would be quite an upgrade.
That said Braswell/Apollo Lake are fanless, and tiny, you’d need to spend at least another 100 on a 2200G to make it fanless if that’s a concern.
They are indeed fine in terms of performance, the longevity issues that have recently had light shed onto them are the reason why I would not recommend them for literally anything at this point.
I used the CI323 quad core version of the Nano for exactly as specified. You can run it native as a dedicated router for best performance or what I did was run Win10 + Hyper-V running pfSense/Sophos UTM. That way I could use the nano as a lighter browser rather than firing up my Gaming PC all the time.
What I could never get to work in linux was the wifi card for AP duties.
They can get hot under continual load and specifically the SSD at the bottom of the case was running a bit hot but mine didn’t fail in a couple of years use. Ultimately though I did upgrade to an Intel NUC at much more cost but I use that one as a full destop with demanding apps.
If you want to configure your own router they are cool. I had the fibre modem running directly to the nano for my broadband.
I had a lightweight PFsense box at first but quickly ran into “i want a vpn, strong firewall, remote vpn”… so yea go ahead and just build a itx. now i have a box laying around
In a year or two wireguard will be more popular and we can all toss OpenVPN’s crappy performance in the garbage bin. But you’ll still need a beefy box for Suricata, if you really want/need that.
This is totally an option. I am running IPFire myself.
It is a very nice piece of software and has no AES-NI requirement.
Used AM1 stuff should be dirt cheap, does not break apart like the atoms, is relatively low power and has AES-NI.
Here is what I am running at my moms house (well, different memory…), works great.
No I mean issues with the chip/chipset itself just failing due to poor design on Intel’s part.
There is or is about to be a class action suit against them for Atom chips due to the number of failures in the wild.
I have a few A4-5000 1U servers I built and deployed for my company as super low cost colocation boxes.
They actually run incredibly well and are in service now for almost 2 years.