Xeon D-1518 vs Atom C2758 for home router application

Discussion in 'Networking & Security' started by fmatthew5876, Mar 20, 2017.

  1. fmatthew5876

    fmatthew5876 n00bie

    Jul 7, 2016
    Hi everyone,

    I've finally come to realize how sh**ty consumer grade routers and custom firmware like dd-wrt are. Long story short I tried to upgrade my current router with a new Linksys WRT3200ACM which was advertised as "ddwrt ready". Trying to get it working with dd-wrt was a complete disaster and the stock firmware is completely useless.

    Not only stability, but if these custom firmwares barely even function on new hardware how you can you have any confidence that it will not also be riddled with security bugs as well? After registering on the dd-wrt forum to ask some questions, and then receiving my password in plain text in the initial registration email I was done.

    So I'm building a real router for my home network which will run pfsense. I will use a Ubiquiti AP for my wireless, so now its a question for hardware.

    After doing a lot of research, I've pretty much narrowed it down to 2 options:

    1. SuperMicro 5018A-FTN4 - Intel Atom C2758 cpu

    2. SuperMicro F018D-FN8T - Intel Xeon D-1518 cpu

    Option (1) Pros:
    * Its cheaper - about $800 for the system + 32GB ram (4x8gb)
    * Its confirmed quiet out the box
    * Uses less power than (2)

    Option (1) Cons:
    * Older and slower than (2)
    * The Atom C2000 series bug, which according this should be fixed on any SuperMicro board I buy today.
    * Only 4 1g ports and no 10g.

    Option (2) Pros:
    * Has 2 10g SFP+ ports
    * Has 6 1g ports
    * Faster than (1)

    Option (2) Cons:
    * More expensive - about $1400 for the system + 64GB ram (2x32 rdimms, with expansion to 128GB later if needed)
    * LOUD - I haven't found a review to confirm 100%, but those 3 40mm 13K RPM fans don't look very friendly. I've also read reviews of the E300-8d which is the desktop version of this saying its not quiet.

    My setup is that I will have a 15u rack next to my desk. I live in a small apartment so there's no basement to throw this stuff. I have a 4u freebsd file server which doubles as my main workstation and a 4u windows 10 box for gaming and other windows related things.

    I'm thinking about later setting up 10gb connection between freebsd and windows. So option (2) is nice that it already has support for that built in. I could always buy a 10gbe pci-e card for the atom though, or just use a 10gbe switch. I also like the fact that (2) has more ethernet ports in general, but again just use a switch..

    Noise is an absolute show stopper. This rack sits next to my desk in the living room. With option (1), noise is not an issue.

    If I were to go with (2) I would have to come up with some hack solution to quiet it down. One idea I had was to try this 2u case and just buy the base X10SDV-TP8F motherboard. I'm not even sure if this 2u case can mount a flex-atx mobo inside or if even after that if its even quiet on its own.


    Doing all of this crap with buying fans, different chassis, replacing the heat sink. Trial and error, RMA's and returns for stuff that didn't work is even more expensive and time consuming. Finally, you also risk damaging the equipment if you play games replacing the stock fans and the static pressure gets compromised. I also have to use up 2u of scarce rack space instead of just 1u.

    Either one of these projects requires dropping some money down, so I want to do it right the first time and not be in the market again. I'm on a slow home connection now, but I'll be moving soon and probably have a better one. Also its possible in 5 - 10 years gigabit ISP's will be more and more common.

    Assuming the best scenario of a 1gig home internet connection, do you have any reason to believe the extra power and cost of the Xeon-D is actually necessary for a router? I'm inclined to think the Atom C2758 should be plenty powerful for this use case but wanted to confirm.

    If I put a 10gig pci-e card into (1) sometime later, do you have any reason to believe the Atom cpu would have trouble keeping up?

    A lot of places I've read people just say to get the Xeon because its "better", but better costs almost twice as much and comes with all these problems and caveats with noise. Xeon really doesn't sound worth it at this point to me but wanted to confirm if anyone has more knowledge in this area?

  2. PigLover

    PigLover [H]ard|Gawd

    Jul 11, 2009
    The Xeon-D doesn't need to be much louder than the C2000. Both systems you've spec'd are essentially the same ironwork but with 3 fans equipped in the Xeon-D. Not sure the extra fans in that chassis are really needed.

    If noise is an issue you can always replace the heatsink on the SoC with the active version - SNK-C0057A4L - which should spin around 3,000 RPM under PWM control and be reasonably quiet. With that keeping the SoC cool the other fans can spin down to a quiet operating level (you can probably even disconnect two of them). At that point you are definitely no louder than the C2000 would be.

    Note: while the D-1518 is faster in most respects than the C2758, the C2758 will win for SSL, TLS and IPsec VPN if (and this is a big if) the software you are running has the QaT library enabled. The C2758 has Quickassist "built in" while the D-1518 requires an add-on card. It is an esoteric difference, but if you are running pfSense and upgrade to the (currently pre-release) version 2.4 you could see a large difference depending on your use case.

    Note 2: Your cost comparison is not fair - you've compared a 32GB build of the C2758 vs a 64GB build of the D-1518, with at least a $couple $hundred of the cost different purely contains in additional memory. Apples to apples, 32Gb vs 32Gb, they are quite a bit closer in price.
  3. fmatthew5876

    fmatthew5876 n00bie

    Jul 7, 2016
    Are you absolutely sure that the thermal requirements for the Xeon-D platform are equivalent? Its a more powerful cpu, more powerful memory, more stuff onboard like the 10gb interface. All that doesn't add to the heating requirements? I'm assuming SuperMicro put those 3 fans in the case for a good reason.

    Assume you're right, the mods you propose sounds reasonable. The problem of course is that its impossible to know for sure until actually making the purchase and trying it out. To make matters worse, newegg usually doesn't accept returns on SuperMicro gear and replacing the heatsink will void any warranty. This is going to be the backbone of my network and running 24/7, so I'm really kind of wary of doing fan hacks and compromising stability.

    Still I really do like the Xeon-D platform better. Mostly due to the extra network ports and the 10gig interfaces.

    Good to know, but its hard to say how much this really matters. Pfsense 2.4 will be released soon enough to take advantage of QuickAssist. On the other hand, a faster general purpose cpu and the possibly of up to 4x the memory capacity seems more useful than esoteric crypto acceleration. Also its not like the Xeon-D is going to severally under performing or slow at this.

    That's fair, but at least when I look at cost I look at what I'd actually end up spending on both. Apples to apples to me is what ends up coming out of my wallet. The Xeon D option supports up to 128Gb, so I'd probably at least go for 64 there. Curiously, 2 32GB ram modules actually turns out to be cheaper than 4 16's.

    With 32GB of ram, option (2) is around $1100. Still more expensive, but now you could attribute most of that on those 2 SFP+ nics.
  4. Bandalo

    Bandalo [H]ard|Gawd

    Dec 15, 2010
    I think you're going WAY overpowered for a home network. You can get more than enough power for routing any kind of home network for half that price, either by buying direct from pfsense with one of their boxes, or building something cheaper yourself. The memory is massive overkill, you're not going to need more then 2-4GB peak, and that's with lots of packages loaded.

    And yes, those options will handle 1G bandwidth just fine. There's no point in having a 10G router if your max possible bandwidth up to the ISP is 1GB. Buying now with plans of a faster connection in 5-10 years is nuts, because a whole lot will change in the hardware in 5-10 years as well.

    If you're worried about noise, but still want some power, check out one of these: https://store.netgate.com/SG-2220.aspx

    Unless you have a whole lot of network requirements you never mentioned, you're throwing a ton of money into a system that's going to sit and never go above 10% load (CPU/RAM). Hell, I have a pfsense board with a simple Intel N2930 CPU & 4GB of RAM, and it's never been above about 20% CPU load.
    DrLobotomy likes this.
  5. fmatthew5876

    fmatthew5876 n00bie

    Jul 7, 2016
    This is the kind of answer I was hoping for, which confirmed my suspicions. Even the Atom is overkill and so fretting over the Xeon, paying more, and trying to solve all of these noise problems just doesn't seem worth it.

    There's a lot of people on STH playing with heatsinks and larger cases on the Xeon. All of the hoops they are jumping through doesn't make it look promising:


    I actually started this journey looking at the SG-4860 in the pfsense store. But for that money I can get a hell of a lot more buying direct from SuperMicro.

    I'm going to try playing with squid and snort, and there it sounds like extra memory and especially extra disk can help.
  6. Bandalo

    Bandalo [H]ard|Gawd

    Dec 15, 2010

    I'm using one of these: http://www.jetwaycomputer.com/NF9HG.html in this case: http://www.silverstonetek.com/product.php?pid=419

    I have 4GB of RAM, and a 32GB SSD. Plenty for home use for Squid and Snort and a few others. If you want more, you can always add a larger SSD or stick in a 2.5" disk too.

    My temps with NO fans were around 50C typically. Just for the "fun" factor, I cut a hole in the top and stuck in a slim 120mm fan, and it's stayed around 30C under load ever since. There's a thread with a similar build here: https://forum.pfsense.org/index.php?topic=95286.15
  7. Dawizman

    Dawizman Gawd

    Jul 9, 2003
    We use both variants at work. They both run pfsense quite well within a vm. Performance in the atom is plenty for home use unless you're running some ridiculous amount of vpn traffic through it.

    The xeon version we use as a gateway/traffic shaper for large segments of our isp network.
  8. WhoBeDaPlaya

    WhoBeDaPlaya [H]ard|Gawd

    Dec 16, 2002
    OP, that sounds way overkill. Then again, I did just setup DD-WRT x86 in a VirtualBox VM, running on a dedicated seed / VM / occasional encode box.
    My Netgear WNDR4500v2 wasn't quite cutting it on DD-WRT (since you lose Broadcom's proprietary hardware acceleration).