How To Secure: DIY Router at home with PfSense part 2
Part 1 is here if you didn’t read it 😉
Using my pfSense router for a while, I saw spikes of 50% and sometimes 70% when downloading Windows Hyper-V updates. It turned out, that ClamAV was the culprit of checking in real-time and slowing things down. Yes, I know. It is task intensive and adding things like Snort and PfBlockerNG does not help either.
So… I have to upgrade CPU then? But onto what? My 1220L v3 has 2110 points in Passmark, I don’t want to upgrade to next in line Xeon 1220 v3 (over 9700 points), once because cheapest I can find is £99 and two it is 80W TDP (yes, I will explain later), then there is 1230L 25W TDP (4 cores 8 threads) and over 7200 points on the Passmark still costing minimum £115 occasionally on eBay. All I need is ECC and AES-NI and low power (ish)…
Behold… The i3 enters with 4130T 35W (it’s 4130 but with chopped cohones, aka lower TDP), dual-core (2 cores 4 threads), 2.9GHz and no turbo benchmarked at 4133 points (nearly twice of my 1220L v3). Can be purchased for about £45 used. It has AES-NI, can utilise ECC with Cxx chipset, has all of the Xeon features, but no trusted computing, no turbo.
After installation first positive impressions: power consumption didn’t increase at idle and at full speed 100% on both cores, maximum usage was… 45W total. WHAAAT? Is only about 8W increase utilising full speed? I can live with this.
Next upgrade will SSD 120GB and Xeon 1230L v3, if I find the power of 4130T not enough, but it cost twice more and has 4 cores, what means for me maybe more heat in my Antec case… although it is 25W TDP… but who knows 😉
What is the TDP? People often confuse it with power consumption or maximum power consumption (can be… kind of). TDP acronym translates to Thermal Design Power, and it is the maximum heat (not electricity) output of the processor operating under stress. Simply saying: if you utilise your CPU at 100%, it will emit a maximum of TDP in Watts of thermal energy into the cooler via heat. In layman’s terms: if you have low or no airflow, then you should be choosing CPUs with as little TDP as possible. It is also essential to know that the T (i3) or L (Xeon) versions of CPU have reduced clock and are undervolted as well, thus making them CPUs with smaller TDP. If you have a motherboard with this ability, then you can create artificially lowered TDP of that CPU without paying a premium for L version.
In my case Antec ISK300-150, there is no much space, even if my CPU cooler can dissipate temperatures from most of the big CPUs, but not in this small case. Also, my motherboard cannot do underclocking nor undervolting CPU, so I am stuck with default maximum speed (by utilising low TDP CPUs with lower max frequency). This is where T or L versions come in very handy. My i3 4130T has TDP of 35W, and it will idle at around 45…50 deg centigrade, where 1220L v3 was comfortable at 36…40 degrees. Now, if I open the case, it drops to 33…36 degrees.
Just realised something: Antec case has internal exhaust fan with a 3-speed controller at the back. Even with the lowest setting, you can still hear it easily and it’s worth mentioning that the highest settings… it is basically small vacuum cleaner. You can feel air pulling from top case opening so there is air movement anyway and if this bothers me too much, I will replace the fan with fractal silent 80mm and 4-pin, whisper-quiet 😉 Shame that this board don’t have any means of fan control in bios, even though is using 4-pin PWN headers. Strange… No IPMI access and no fan control…
Power consumption with the fan on lowest (quietest) settings: 30…31W, with highest only 1W more. Not bad. Thermal Sensors in pfSense:
hw.acpi.thermal.tz1.temperature: 29.9 °C hw.acpi.thermal.tz0.temperature: 27.9 °C dev.cpu.1.temperature: 40.0 °C dev.cpu.0.temperature: 37.0 °C
All that with 27 deg centigrade in my room. Not bad… Not bad at all.