Low power consumption parts for a pfsense router?

We’re setting up a new small office space for digital art creation (photos, video, 3D). We will probably have up to three computers to start with and possibly grow from there. I’m in the process of building a new server that will run VM’s for NAS (NFS), plus other things like Asterisk, Cyrus IMAP, etc.

We just got fiber internet installed, and I would like to setup web server VM’s on that server as well, and move our “less critical” websites off of paid hosting.

We’re also going to upgrade to 10gbe for the workstations. The server motherboard already has it.

We may do live streams at some point out of here as well.

That’s the background.

**What I’m looking for here are recommendations for hardware that use low amounts of power (electricity), but is sufficiently powerful enough (CPU+I/O) to run a router/firewall that everything on the network will pass through. **

This machine is just for the router/firewall. I will have a separate switch, and the server is separate. We will probably run pfsense.

I want to pay as little as possible for electricity, but not have it become a bottleneck by being too slow.

I have old motherboards and CPU guts laying around that I could use. Or I could get something old and used (like a Dell 410), or I could build something new like a Raspberry PI (or similar).

What I have around are AMD FX, Athelon, and Phenom II guts.

I’m not familiar with all the options out there for low power draw computer parts, and some of the posts/videos I’ve found from 4 years ago use parts that are no longer available.

What’s a good choice of board/CPU/case/PSU for a network appliance?

It really only needs two 1gigabit ports (LAN+WAN), a USB for mouse and keyboard, basic on-board graphics (for installation). A single on-board SSD is probably fine, or even a SATA dom. Again, this is just for the router/firewall. It needs to be fast enough to run the routing software and pass traffic at the full speed of the interfaces (no CPU bottle-necking).

Max Budget: At least $1 less than the cost of buying a commercial solution that meets our needs.

OR: I estimate that an old Phenom build would use about $10/mo electricity, so assuming a five year service life, that would be $600 in power. Can we get something that uses $1/mo electricity for less than $540? ($600-$60=$540 in power savings).

Since you already have the server, run pfSense in a VM and use VLANs on the switch for your LAN & WAN interfaces. (Router on a stick configuration).

I’d considered that. The only concern I had was “idiot-proofing” the firewall.
With a physical firewall, you have ONT->Firewall/router->Switch->Server. You can see the cables and know that the firewall is in the direct path.

With a VM based solution, the routing is being handled with some type of virtual network (software) bridging device, and it’s easier to screw up the config and end up with the firewall downstream of other VM’s on the server. (Where the open internet is in a trusted context on the wrong side of the firewall).

Is a VM based router/firewall on the host machine that also has VM web servers considered good and common practice?

Given that we would only have one IP coming in, this router would need to do redirection based on port, host-name matching, etc.

Oooh, a challenge.

So, I’m thinking in terms of components:

• 1U case
• mITX board
• 2x1GBit NIC PCIe card
• PCIe 1U riser
• Flex-ATX PSU
• 15W CPU passively cooled
• Cheap RAM (really, anything above 1 GB is sufficient)
• Cheap, small NVME (16 GB is MASSIVE overkill)
• A couple of 40mm fans to move the air in the case

So PC Part Picker obviously is too limited for this kind of special build, so actually gotta go around and hunt stuff. Here is a base build to start with, but I’m in Europe so prices and availability may not match 100%, price is my best estimation to USD. Note that you may want to scavenge some parts from old equipment, to bring down costs even more.

Power draw: around 40W peak inside the box, maybe between 30W-60W outside the box? Worst case monthly draw at 60W: ~45 kWh.

At .11 cents per KwH, that would be about $4.95/mo. Or $300 over five years.

Maybe it’s possible to re-purpose old hardware and make it more energy efficient?

I have an AMD Athlon II X4 630 Processor, 4 core, 2.8Ghz, 95W. I don’t know how much heat it produces, or if can be passively cooled (or if the CPU fan power is negligible).

Power supply calculator for Athlon II says: 190 watts actual, 260w recommended (I put in 50% CPU usage, 2 NIC, one SATA 7,500 RPM drive, 2x4GB RAM). Which would be $15.25/mo or $915.42 over five years, if I did the math right. Ouch!

outervision dot com /power-supply-calculator

It looks like home routers use about 20 watts, which would put them at around $1.584/mo to operate.

Are there any tiny computers that are similar in wattage and performance? Does a Raspberry PI have enough CPU? (Would need a solution that takes multiple NICs though).

I don’t think you can get much lower than 50W for PC parts. Most home routers run on ARM which is a SUPER-DUPER energy efficient platform - but also a low performing platform. Those old 95W dragons cannot run reliably on 10% of the wattage, unfortunately.

Still, it might be possible to go to 30-ish watt with DC/DC and external power bricks perhaps?

The Raspberry Pi does not have enough performance to handle serious loads, even though RPi4 can do the task better than any home router, it just isn’t powerful enough for that scale I think. Previous iterations sucked even more though. Perhaps the RPi 5 works?

For home use as the internet firewall, the RPi4 is great now - provided you add more NICs to it. Around a 5W draw isn’t too shabby.

Do note my 60W calculation is based on router peak performance, e.g. you slam that router to the max all the time. At idle, I think it would perhaps draw 30W, so the real power draw would be around 40W or so over time which is around $200 in five years.

The machine I specced is a high-performing router, but it still does not beat commercial products like this $99 18W router (that is $100 over five years): https://mikrotik.com/product/RB2011iL-RM#fndtn-specifications

When you have access to your own silicon, power savings are so much easier. Unfortunately.

It may make more sense to buy something rather than build it then… (I do like building things though, and open source projects).

I have an old DD-WRT that I used before with OpenWRT on it and it worked great except it bottlenecks the 100/100 fiber connection at about 25/27.

Or run a virtual machine router and have an old physical router as an emergency backup.

Asrock has some lower power embedded options whether looking for components or hold units: https://www.asrockind.com/

I’m thinking 1W=$1 per year - for easy math.

For ~$400 I would consider a ryzen 3/b450 based build, rather than a Celeron. Routing and firewalling doesn’t require it. But if you choose to do traffic shaping and VPN, or some light web/file hosting in a few containers you’ll find it capable enough to do all those things simultaneously and efficiently.

A B450+R3 3100 will be mostly idle when just routing at gigabit, so I’m thinking 20W from the wall. A Gemini Lake J4105 soc based board will probably use around 8W when routing gigabit, but about 5W at idle. Raspberry Pi 4 will be around 4W at idle maybe around 10W at gigabit.

I would like to do VPN. That way I could locate a backup server off-premise, and access files from home or at a coffee shop, provided they ever open the coffee shops again.

Protectli Vaults are a low power consumption option. Barebones start around 179, Amazon has Dual Core Celeron 2.48 GHz, 8 Gb DDR3L ram, Gigabit Intel i211 NIC ports (2), 120 GB mSATA SSD, less than 300 dollars. 10-15 W draw.

Protectli are too old in case of Celeron socs or too expensive for what you get in case of kaby lake. It’s like their whole or product line is made up of 5+ year old hardware that people pay you to get rid of attached to a painted black heatsink.

Intel i5 7200U Dual Core with hyperthreading, up to 3.1GHz turbo frequency w/ 4GB RAM and 8GB hard drive: $558.

What I’d like to know is, where can I get the parts that Protectli is using?

Here’s a photo of the motherboard. I don’t see a processor, it must be embedded.

1600×1600 937 KB

This kind of setup is familiar to me - you have only have two options:
Power limiting or Performance limiting.

Small Atom and Pentium boards do not offer the best value per watt, but offer idiot proof ceiling.
Any better CPUs can be configured to take less power and offer better value per watt at even lower floor. Their disadvantage is high ceiling - any SW bug or BIOS reset can triple your power consumption.

Until we have the preference, recommendations are worthless.

This is true, going under 40W at the outlet is a dream on x86. There is not really a market for a router with such low performance to make custom silicon.

Personally I always make customer count the difference between added monthly cost and buying cost. Any high thread old Intel will do an amazing job and you can gen them so cheap so going new is not saving money, but rather producing ewaste. Especially if you are not limited by contract (common in serverhousing). BIOS and OS can be set to limit spikes to minimum.

Let’s say I wanted to use an old board I already had and save on buying something new. How much could I reasonably reduce the total draw on a 95w CPU? Is it basically under-clocking?

What CPU it is? TDP 95W does not mean much when ti comes to power consumption or curve.
I used to get Core 2 Duos, Sandy Bridges and Skylake below 50W at the outlet.

Governor configuration (stepping behaviour)
Limiting power output in BIOS or under-clocking

Stepping is the main thing, CPUs used to switch all the time to the lowest possible value. This has changed with Web 2.0 and demand for quick jump frequency. By setting powersave and even tweaking the limits I got down to a 2/5 in average.
Combine this with garbage bin prices on Skylake and Haswell - it will take years to make up the prices.

The main reason to buy new are features - like a board with many NICs, form-factor, ECC …

I have an AMD Athlon II X4 630 Processor, 4 core, 2.8Ghz (with mobo and ram) in an NFS server that’s about to become available after an upgrade. I also have a Phenom II X6 1090T and two AMD FX chips both are eight core if I recall, one is 3.8Ghz and one is 4.0Ghz.

Also going to want to build a low-power box for automated backups that’s physically separate (and possibly offsite).

Thin clients are enough to run pfsense - personally I prefer OPNsense (based on hardened-bsd) - one nice feature is the ability to restart all services from the terminal (you cannot do this on pfsense).

HP 620 plus is what you probably want (a thin client that a pcie ethernet can be added to) - with 4gb RAM run it on bare metal - 8gb RAM virtualize the firewall (so you can snapshot before upgrades)

I’ve been in the same boat. I currently run a sophos XG vm in the homelab but I’d like to make it a physical appliance so it’d be easy to diagnose issues. I 'm leaning toward the Odroid H2+ as its x86 and 22 watts max.

Ha! For years I used my old 500MHz AMD K6-2 as a firewall, it ran at 7W. I’ve got dual-socket, 16-core Xeon servers drawing under 100W.

These days a quad-core Atom systems run on less than 5W, just not many have multiple network ports. e.g.:

Maybe throw-in a USB3 gigabit ethernet adapter?