Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: PhilipD on April 02, 2020, 12:17:51 PM
-
Hi
To keep me occupied with a little project and to have a back up router I've just built a new router using PC Engines APU2E4 and their case. The current one I am using is based on a Supermicro X11SBA with embedded Intel processor at 1.6GHz 4 core, so I was a bit concerned about the performance using the APU with a 1GHz AMD SoC, although with the latest firmware it now boosts to 1.4GHz, but was just wanting something as a back up. The beauty with pfSense is the configuration can easily be downloaded and uploaded to another router that also has pfSense even if the hardware is completely different.
So far very impressed and quite a neat and small device. It is coping absolutely fine on my FTTP line at 300Mbps, I'm getting full line speed and no sign of it struggling.
The Supermicro board X11SBA is drawing about 11-12 watts of power at idle, with about 4 watts of that being the management chip which I don't really need and unfortunately can't be turned off. In contrast the APU with the latest bios is idling at around 4 watts and barely reaches 8 watts when under load, so saving about £11.00 of electricity a year. So I'm using it as my main router now.
Hopefully in the future they update these boards with a faster SoC.
Regards
Phil
(https://pcengines.ch/pic/apu2c2_1.jpg)
PC Engines (https://pcengines.ch/apu2.htm)
-
Interesting. Thank you for telling us about your project. :)
-
Great choice, I also have an older version (APU2C4) which has been managing my dual-WAN connection for over 3 years now - I notice there is now a 4 LAN version (https://www.pcengines.ch/apu4b4.htm). Mine has been great and, as you say, is very low power consumption, it has the same Jaguar processor you have.
My only concern is that in the (very) unlikely event of me ever getting access to a fibre connection it won't be able to manage the throughput but as I live in the boonies its never likely to be an issue :no:
Only annoying thing about mine is lack of VGA / video out means you are forced to use SSH or serial connection on set-up.
C
-
Hi
The APU units can go up to a good speed, the main issue seems to be PPPoE that we tend to use in the UK only runs on one thread under pfSense/FreeBSD so only one processor core is used creating a bottleneck which shows up on single threaded downloads. Certainly no issues seen here with a 300Meg connection. Also it might be in time the issue with PPPoE on just one thread is fixed in FreeBSD.
The lack of the VGA is possibly a helper to lower power consumption and maybe the freeing up some memory and processor cycles (assuming it is disabled or left out completely in the version of the SoC used), and I guess is a cheaper as well.
The beauty of course with pfSense is if you need to then you can upgrade the hardware and just transfer across your configuration, or start configuring from scratch without having to learn a new user interface. :graduate:
I just hope PC Engine's come out with an upgraded processor but keeping the same form factor, otherwise they will lose sales as people will need more capable hardware.
Regards
Phil
-
Hi
The APU units can go up to a good speed, the main issue seems to be PPPoE that we tend to use in the UK only runs on one thread under pfSense/FreeBSD so only one processor core is used creating a bottleneck which shows up on single threaded downloads. Certainly no issues seen here with a 300Meg connection. Also it might be in time the issue with PPPoE on just one thread is fixed in FreeBSD.
Well they did eventually multi-thread packet filtering, apparently that used to be single-threaded too for a LONG time.
Being FreeBSD, I expect PPP to go multi-threaded, round about the time every ISP stops using PPP. :lol: Then again I would have expected them to ditch PPP years ago, but still it lives on.
The lack of the VGA is possibly a helper to lower power consumption and maybe the freeing up some memory and processor cycles (assuming it is disabled or left out completely in the version of the SoC used), and I guess is a cheaper as well.
It may save a watt or two but I don't think its likely to save them more than a few $$ to buy.
The beauty of course with pfSense is if you need to then you can upgrade the hardware and just transfer across your configuration, or start configuring from scratch without having to learn a new user interface. :graduate:
I thought that was a big no no because pfSense throws a fit if interfaces are missing on boot?
I just hope PC Engine's come out with an upgraded processor but keeping the same form factor, otherwise they will lose sales as people will need more capable hardware.
Regards
Phil
For starters, switching to M.2 sockets is essential for modern WiFi chips. Not that any of those work on pfSense ::) but there's always OpenWRT.
-
It may save a watt or two but I don't think its likely to save them more than a few $$ to buy.
When you make enough of something a few dollars makes a big difference.
I thought that was a big no no because pfSense throws a fit if interfaces are missing on boot?
Not sure what it might have done in the past but I used the config from a 4 LAN pfSense box to the APU with 3 and it just took me to the interface screen on first logging in to confirm the change. No drama.
For starters, switching to M.2 sockets is essential for modern WiFi chips. Not that any of those work on pfSense ::) but there's always OpenWRT.
pfSense and these types of board are not really meant for Wi-Fi. It isn't aimed at being a one box solution. Most people who go to the trouble of pfSense will have a "proper" home or business network with separate switch and a separate access point.
Regards
Phil
-
When you make enough of something a few dollars makes a big difference.
Yeah for the manufacturer as obviously it saves a few dollars on the chip, the related PCB space and VGA port itself. I was meaning more than from an end-user point of view, its a pretty insignificant difference in price.
Not sure what it might have done in the past but I used the config from a 4 LAN pfSense box to the APU with 3 and it just took me to the interface screen on first logging in to confirm the change. No drama.
When I tried booting with an interface missing, it wouldn't respond to the LAN as the console was sat on the "please assign an interface to the LAN" page. I've also seen it mentioned on forums that this is common and why you can't really use removable interfaces (eg a tethered phone) as pfSense will fail to come back up during a reboot as the phone turns off tethering when USB is disconnected.
pfSense and these types of board are not really meant for Wi-Fi. It isn't aimed at being a one box solution. Most people who go to the trouble of pfSense will have a "proper" home or business network with separate switch and a separate access point.
Granted, but those slots are intended for WiFi modules when using an OS that CAN support it.
I actually use WiFi on my pfSense box as I found 802.11g is perfect for low-bandwidth IoT devices. They are WAY more responsive/reliable than when connected to my nanoHD.
-
Hi
Yeah for the manufacturer as obviously it saves a few dollars on the chip, the related PCB space and VGA port itself. I was meaning more than from an end-user point of view, its a pretty insignificant difference in price.
It might be insignificant for us buying just one to last a few years, but these boards were also used for some time by Netgate themselves, and some firms buy these boards in the dozens or hundreds and ship them off to all their regional offices. Also if there was a VGA connector on board the board size would need to be bigger and the cases would need to be bigger, adding more cost. Also these are meant to be routers or network appliances which don't typically have VGA ports. If you want a small PC motherboard that has a VGA port then there are plenty of other and more powerful options, this one wouldn't be what you look at to buy. Also most router software, certainly for pfSense, they just show a text interface, that looks pretty much the same via a serial port as it does via VGA.
When I tried booting with an interface missing, it wouldn't respond to the LAN as the console was sat on the "please assign an interface to the LAN" page. I've also seen it mentioned on forums that this is common and why you can't really use removable interfaces (eg a tethered phone) as pfSense will fail to come back up during a reboot as the phone turns off tethering when USB is disconnected.
In which case you just attach a serial cable and do what you need to do. ;D
Granted, but those slots are intended for WiFi modules when using an OS that CAN support it.
And the slots support Wi-Fi and are mini PCI Express, not sure what the issue is.
I actually use WiFi on my pfSense box as I found 802.11g is perfect for low-bandwidth IoT devices. They are WAY more responsive/reliable than when connected to my nanoHD.
So shows it works :-)
It is quite easy to come up with a list of issues or negatives with this system or any system for that matter, you can always find faster, better and often more expensive with a higher power draw. It isn't perfect and there is always better and I'd love to see a newer more powerful version.
Regards
Phil
-
pfSense and these types of board are not really meant for Wi-Fi. It isn't aimed at being a one box solution. Most people who go to the trouble of pfSense will have a "proper" home or business network with separate switch and a separate access point.
I agree with the above, but it is unfortunate, I feel like it is very limiting and preventing more widespread distribution and use of pfSense / OPNsense which I think are great.
I can understand for ergonomic and convenience reasons why people buy 'one box' but I think its gone silly, people want their routers to be about 8 devices (router, modem, NAS, firewall, media server etc etc).
I do agree FreeBSD support for peripherals is rubbish btw, so when I do upgrade I am going to have to take a look at Zeroshell, IPFire and VyOS as it would be nice to have options.
-
I do agree FreeBSD support for peripherals is rubbish btw, so when I do upgrade I am going to have to take a look at Zeroshell, IPFire and VyOS as it would be nice to have options.
Another thing is power management. Even with PowerD set to minimum on pfSense on Atom I was using when I moved from OpenWRT, it used about 33% more watts than OpenWRT when idle. But FreeBSD packet processing is much faster than Linux, it literally felt like I'd upgraded my broadband as web pages loaded noticeably faster.
For that reason alone I'm sticking with pfSense.
To be fair, even OpenWRT is a PITA trying to get good WiFi performance. The cards might work, but not nearly as well as a dedicated AP.
-
@PhilipD I was searching for some pre-configured kit (I'm not able to do assembly it myself :baby: ) and this one (https://linitx.com/product/linitx-apu2-e4-network-firewall-4gb-ram-(3nic+usb+rtc)-with-pfsense--pre-configured-kit/15318) looks the one you described, is that correct ?
And can you configure the ports to be independent i.e. not switched in order to assign to each port a different subnet, e.e. port 1 = 192.168.1.0/24 / port 2 = 192.168.2.0/24 etc. ?
-
Hi
Yes that's the exact same one but preconfigured and prebuilt. I also ordered from them.
Regards
Phil
-
That's the company I got the nanoHD from, they also sell some of their products via Amazon which strangely sometimes is slightly cheaper than using their own website.
I've been using them off and on for years, they seem pretty good.
My god, 1Ghz Jaguar cores, definitely not for VPN use then. ;) I think that's the only reason I never got one, the CPU is just too weak to be future proof. It might handle 300Mbit without anything fancy, but start messing with QoS and VPNs, no way its gonna cope.
I went with https://amzn.to/3b1HwZf and I'm still not convinced its going to cope once I go Gigabit. Though granted, this CPU runs HOT when it turbos under heavy load, but that's mostly only directly after changing the configuration. Plus I think they used heatpads to connect to the passively cooled case, replacing with paste would probably make a huge difference.
-
My god, 1Ghz Jaguar cores, definitely not for VPN use then. ;) I think that's the only reason I never got one, the CPU is just too weak to be future proof. It might handle 300Mbit without anything fancy, but start messing with QoS and VPNs, no way its gonna cope.
I'm using various firewall rules plus QoS along with IPv6 as well as 4 and it still works at full line speed of 300. VPN speeds are around 50Mbps which is more than ample for the rare time I need it to get onto my home network when out and about.
Of course you can get faster kit, no one is saying here that an AMD Jaguar running at up to 1.4GHz is beating everything else.
The kit you linked to should be fine for 1Gbps.
Not everyone wants or needs 1Gbps broadband, I don't think I'm going to bother upgrading to 1Gbps FTTP for a while yet as I don't need it, and when I do there will be better kit around by then anyway so no point in buying something over specified for what I need now to never take advantage of just to end up replacing it again later.
Regards
Phil
-
Yeah fair enough not everyone is after my use case, it just kinda sucked that there was no reputable brand making anything that scaled to my plans.
It took months for that appliance to arrive as I think it was built on demand in China, but then it was the cheapest for those specifications so fair enough really.
-
I found LinITX to be expensive for these boards and have bought several from Varia Store in Germany (https://www.varia-store.com/en/suche/search-apu2e4.html). Even with shipping they're considerably cheaper. Their boards ship with a 2-pin PSU, but an alternative can be easily sourced on Amazon etc (12V 2A 5.5x2.5mm).
-
Varia store in my bookmark, thanks !
Also, can someone please comment on this Mikrotik board: https://mikrotik.com/product/rb450gx4
It's not powerful like the PC-Engine PhilipD mentioned, but it's quite cheaper and I was wondering if it could do a good job with my 80/20 line and possibly with a G.Fast 150/20...
Tia.
-
Hi
That is using RouterOS rather than pfSense. I would suggest visiting their online demo at http://demo.mt.lv/ to see how you feel about it and maybe googling some setup instructions to see what the online resources are like. The UI looks outdated and may not work well on mobile devices, but otherwise appears to have everything expected of a router. I'm sure it would cope with 80/20 or even 150/20.
Regards
Phil
-
I agree, RouterOS doesn't look great and I was thinking that after playing a bit with it I could perhaps install OpenWRT as it seems it'd require less resources than pfSense/OPNSense...
-
So, I decided to go with PC-Engines and I bought my kit from the german website suggested by bigsy (I saved 50 quid including shipping)... :P
Next step will be to learn about OPNsense (I find its GUI more 'friendly' than the pfSense one), wish me luck ! :graduate:
-
The APU2's are great boards and I'm sure you'll be pleased. I've found them very reliable.
Some useful resources are at:
https://pcengines.github.io
https://github.com/pcengines/coreboot/issues
https://teklager.se/en/knowledge-base/
Depending on what coreboot bios version your board ships with, you may want to upgrade to a later version. Note that there are problems reported with the latest version (4.11.0.5) so you might want to avoid that.
-
Thanks bigsy and out of curiosity, I believe there is no difference whether I use a mSATA SSD or a SSD, probably the only difference is less power consumption for the mSATA one, right ?
-
Hi hushcoden
I think the PC Engines was the better choice out of the two as it gives you more flexibility to what you install and has a bit more power in reserve.
Regards
Phil
-
Hi PhilipD,
indeed I believe that the right kit to buy :)
May I ask you to confirm one thing, please, i.e. I can install OPNsense on both an mSATA or SSD, am I right? Please see picture: why they don't also mention a boot from SSD ?
Sorry if it's a silly question, but I went for the SSD rather than mSATA one and if it's the wrong choice I can still call them and make the change...
Thanks.
-
My apu2c4 wont power the ssd from internally so it either needs an external power source or as I did I made a usb power leas to power the ssd. I even got windows 10 running on it even though not straight forward due to no video.
Opnsense works fine on the mssd. My unit is now a backup in case my qotom goes down.
-
Hi
Hi PhilipD,
indeed I believe that the right kit to buy :)
May I ask you to confirm one thing, please, i.e. I can install OPNsense on both an mSATA or SSD, am I right? Please see picture: why they don't also mention a boot from SSD ?
Sorry if it's a silly question, but I went for the SSD rather than mSATA one and if it's the wrong choice I can still call them and make the change...
Thanks.
You can boot from SSD which is SATA, or m-SATA. For SSD you will need a power adaptor cable to power the SSD. m-SATA is much easier, it just clips on the board. Also if you are going for their usual case, you will not have room to include a normal SATA drive in the case.
For pfSense and other router OS you can just use an SD memory card, and there is an option in pfSense to just write temporary files to memory so hardly any wear and tear on a memory card. pfSense loads into memory and runs from there, so having a slow SD memory card doesn't actually affect performance. Using a memory card means you can use a couple and easily switch between your router OS types as well whilst you try things out.
Regards
Phil
-
Sorry if it's a silly question, but I went for the SSD rather than mSATA one and if it's the wrong choice I can still call them and make the change...
Varia offer both the PC Engines cases (as sold by LinITX etc) as well as their own. I guess you must have chosen one of their own cases where the build option includes a SATA drive? As stated by PhilipD a normal SATA drive won't fit in the PC Engines case.
-
Varia offer both the PC Engines cases (as sold by LinITX etc) as well as their own. I guess you must have chosen one of their own cases where the build option includes a SATA drive? As stated by PhilipD a normal SATA drive won't fit in the PC Engines case.
Oh thanks, that makes sense, how come I didn't realise that straightaway... :-\
-
Quick update: I'm so pleased about my PC Engines and OPNsense, lots to learn and great satisfaction when I accomplished a new goal :graduate:
One thing I can't find info about it: is there a way from the GUI to monitor the CPU (cores) speed ? I'd really understand if and when the CPU goes up to 1.4 GHz...
Tia.
-
Quick update: I'm so pleased about my PC Engines and OPNsense, lots to learn and great satisfaction when I accomplished a new goal :graduate:
One thing I can't find info about it: is there a way from the GUI to monitor the CPU (cores) speed ? I'd really understand if and when the CPU goes up to 1.4 GHz...
Tia.
Hi hushcoden,
Great choice of router hardware and software, I always planned to change from pfSense to OPNsense for the same reason you state but have not yet got round to it as my PC Engines router is
so reliable!
My pfSense version used to require a small command line intervention to show the CPU load but since version 2.4 was released now seems to support the CPU monitor natively :
(https://forum.kitz.co.uk/proxy.php?request=http%3A%2F%2Fwww.zen101388.zen.co.uk%2Fimages%2Ftemp+pf.jpg&hash=68a9e29a566211853f2da75be3a32a53ca155e89)
and when I trialled OPNsense briefly in am intel PC it also supported CPU monitoring :
(https://forum.kitz.co.uk/proxy.php?request=http%3A%2F%2Fwww.zen101388.zen.co.uk%2Fimages%2Ftemps.jpg&hash=7e6977a7f99667ac8b994da04b7dd8fe0133494f)
CPU monitoring also appears under the 'System Information' dashboard widget - are you sure its not buried in the dashboard options somewhere?
Regards
C
-
Personally I'm sticking with pfSense for the reverse reason, I like that it forces me to learn a little about what is actually happening. That way if you ever need to change OS in the future you have a better idea of how to replicate the same configuration.
-
CPU monitoring also appears under the 'System Information' dashboard widget - are you sure its not buried in the dashboard options somewhere?
Thanks Chunkers, indeed the widget for the CPU temperature is there up and running, I was actually after a widget or third-party plugin to monitor the CPU speed...