Mini/Micro ITX Needed For BSD PfSense Firewall / Router (More Than 2xGigabit?)

BfA

Limp Gawd
Joined
May 21, 2007
Messages
184
I'm trying to find a good motherboard for building a BSD PfSense firewall / router. I'm looking for something that might be able to be a bit more versatile than a regular pre-built appliance from Cisco etc.

My main application will be using the box as an OpenVPN client so I will require processing power to get over a 100mbps encrypted connection so I'll need a CPU that support AES on hardware.

What I'm looking for is something that matches the following specs, although if you see me missing anything let me know, thanks!

Must Include:
- Support BSD
- Simple built in graphics
- 8GB RAM (2 x 4GB is fine) support
- 4+ Gigabit lan ports

Nice To Have:
- Core i3 4XXXT support
- M.2 SSD
- DisplayPort
- 8 Gigabit Lan ports
- Wireless A/C included on motherboard or via PCIE card
- 1 x Front USB 3 header
- 1 x Rear USB 3 connection
- Bluetooth

Would be great if the Lan / Wireless was Intel

Not needed:
- Audio
- Advanced graphics
- Sata ports

So is this possible or would I have to change what I'm looking for?
 
Last edited:

BfA

Limp Gawd
Joined
May 21, 2007
Messages
184
Not sure why USB3 or a Core i3 CPU are necessary for that.

Thanks for the info. I'm looking to future proof a bit and if I want to do something else in addition to the router/firewall I can have that extra horsepower with an i3. It would also definitely be of the T variety to keep the power requirements to a minimum. Though the only requirement for CPU is it supports AES. Thanks for pointing that out, I've moved those two items to the nice to have as they aren't 100% needed.

Something like this should be ideal for your needs: http://www.supermicro.com/products/system/1U/5018/SYS-5018A-TN7B.cfm

You can look up the capabilities of the CPU and that the system is designed exactly for what you're after. I'd also just use one of the Supermicro DOMs for storage.

That does look good however, I don't have the room to support a 1U box in the space I'm looking to put this and I was hoping I could find a mobo for under $200 if possible.

I'm curious what you meant by Supermicro DOM for storage though, I haven't heard that terminology before.
 

Blue Fox

[H]F Junkie
Joined
Jun 9, 2004
Messages
11,811
Ah, well, at that point you're probably looking at just buying a consumer motherboard and sticking a couple dual port gigabit NICs in (about $20 each). Anything with 4+ NICs integrated tends to be pricey. That motherboard is actually sold on its own (and the others like it), but still not cheap, however the CPU is integrated, so one less thing to buy. I figured with those kinds of requirements budget might have been higher.

This is what a DOM is: http://www.supermicro.com/products/nfo/SATADOM.cfm Think very small SSD. They're not exclusive to Supermicro.
 

Romale23

Gawd
Joined
Dec 12, 2006
Messages
866
Soekris, spelling might be off but look at that and make sure you get intel NICs
 

Dr.Nut

Limp Gawd
Joined
Dec 13, 2011
Messages
171
I'm using a Supermicro A1SRi-2558F. It's a 4-core Atom ITX motherboard with 4 Intel ethernet ports. The CPU is powerful enough and supports AES and VT. There are micro ATX and 8-core versions also. The A1SRi-2558F requires ECC RAM, but the micro ATX version can use standard RAM.

Mini ITX:
http://www.supermicro.com/products/motherboard/Atom/X10/A1SRi-2558F.cfm

Micro ATX:
http://www.supermicro.com/products/motherboard/Atom/X10/A1SRM-2558F.cfm

I'm using Linux, but it will work with pfSense.

/proc/cpuinfo:

Code:
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 77
model name      : Intel(R) Atom(TM) CPU  C2558  @ 2.40GHz
stepping        : 8
microcode       : 0x121
cpu MHz         : 1800.000
cache size      : 1024 KB
physical id     : 0
siblings        : 4
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 
xtpr pdcm sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes rdrand lahf_lm 3dnowprefetch arat epb dtherm tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms
bogomips        : 4800.22
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
 

XcPNehVYlE4A3C

Limp Gawd
Joined
Jan 20, 2010
Messages
302
the Avoton above is good but Rangeley is a bit better for this application. with a i3 and quad nic pci card the price adds up fast... rangeley will be more economical than building it all with a socketed board
 

GiGaBiTe

[H]ard|Gawd
Joined
Apr 26, 2013
Messages
1,616
It would also definitely be of the T variety to keep the power requirements to a minimum.

It doesn't make much sense to pay more for a T model CPU when you can just buy the regular CPU and underclock it to the same speed as a T model and get roughly the same power savings.

I don't know how much of an AMD fan you are, but this might work:

http://www.amazon.com/A75ITX-B-E-Socket-USB3-0-Mini-ITX-Motherboard/dp/B00FB0SPUG

And pair it with like an A8-6500 and a dual/quad port PCIe network card for 4/6 ethernet ports. Most of the higher end APUs have AES support.
 
Last edited:

BfA

Limp Gawd
Joined
May 21, 2007
Messages
184
After doing A LOT of research, I'll be going down the Xeon D path. I was looking at the single use boards but I determined that I also want to run some VMs and setup a NAS as well. This led me to start researching the Xeon E3's. Then the Xeon D's came out and were much more along the lines along what I wanted as I could run more VMs on that box rather than have to get another. They support AESNI as well. I think the Xeon D 1528 is the sweet spot as it has the 6 cores. I'm just waiting for them to go on sale. I'll be running a pfSense box on the setup.
 
Top