Supermicro SuperServer E302-9D Review: A Fanless 10G pfSense Powerhouse
by Ganesh T S on July 28, 2020 3:00 PM EST- Posted in
- Networking
- Intel
- Supermicro
- 10GBase-T
- Xeon-D
- SFP+
- 10GbE
- ASpeed
- Skylake-D
Miscellaneous Aspects and Concluding Remarks
The Supermicro SuperServer E302-9D proved to be an interesting system in terms of developing targeted benchmarks. While processing relevant workloads on the machine, we opted to go with an out-of-the-box experience. Despite spending well over three months with the unit, we blelieve there are a lot more aspects that can be looked into - including, but not limited to, additional tuning of the driver settings, adoption of DPDK-capable software, and evaluation of capabilities such as traffic shaping, VLANs, VPN options, etc. offered by pfSense. The Intel Xeon D-2123IT also supports AVX512, and the native 64-byte registers are bound to offer some benefits for networking applications. In terms of performance - there are bound to be systems that deliver similar number of 10G ports while providing greater firewall packet-processing capabilities. However, they are definitely not going to be fanless or be available in a compact form-factor like the E302-9D. Therein lies the unique appeal of the system.
Evaluation Testbed for the Supermicro SuperServer E302-9D
(From L to R - the Compulab fitlet-XA10-LAN, the Supermicro SuperServer 5019D-4C-FN8TP, the Ubiquiti mFi mPower Pro, the Supermicro SuperServer SYS-5028D-TN4T, and the SuperServer E302-9D)
Dual-LAN motherboards are commonly used for putting firewall distributions like pfSense into production. With the advent of 5G and adoption of fixed wireless broadband, high-speed dual-WAN deployments are going to become more common in the future. Networking engineers, software developers, and home-lab enthusiasts can get a head-start on this using systems like the E302-9D.
Migrating server platforms to embedded desktop systems is attractive for many use-cases. We would like to see some innovation from board component vendors as well as Supermicro to lower the power consumption numbers - particularly when only the IPMI is active. Server OSs are rightly optimized for performance and not power consumption. Despite this context, it is surprising to see FreeBSD and associated drivers lag well behind Windows Server in optimizing the aspect based on the workload being processed.
The Supermicro SuperServer E302-9D is an interesting and unique product from the company's stable. Fanless systems for industrial and embedded applications (particularly those with server credentials such as remote management capability) traditionally cost an arm and a leg. In that context, the pricing of the system is relatively sane at $1100 for a barebones configuration.
The size of the system and its passively-cooled nature greatly widens the breadth of deployment scenarios that it can cover. Avoiding an external power brick would have been nice, but it is quite common for systems in this form-factor. Embedded applications require systems that bundle a number of functions to allow for reduction in BOM cost and installation volume when space is at a premium. Systems such as the E302-9D ensure that no separate switches are needed while being deployed for related functionality. The system's design enables it to operate well in harsh conditions commonly found in industrial automation and communication systems. In the latter domain, load and conformance testing applications can also utilize systems such as the E302-9D.
Customers in need of a traditional 1U rackmount offering with the same capabilities can go for the SuperServer 5019D-4C-FN8TP. It is priced much lower at $870, but the target market is quite different given its noise profile and form-factor. The fanless and rugged nature of the SuperServer E302-9D ensures that the $250-odd premium is quite reasonable for most home-lab and industrial automation use-cases.
Facebook
Twitter
RSS
34 Comments
View All Comments
Jorgp2 - Thursday, July 30, 2020 - link
Maybe you should learn the difference between a switch and a router first.newyork10023 - Thursday, July 30, 2020 - link
Why do you people have to troll everywhere you go?Gonemad - Wednesday, July 29, 2020 - link
Oh boy. I once got Wi-Fi "AC" 5GHz, 5Gbps, and 5G mobile networks mixed once by my mother. It took a while to explain those to her.Don't use 10G to mean 10 Gbps, please! HAHAHA.
timecop1818 - Wednesday, July 29, 2020 - link
Fortunately, when Ethernet says 10Gbps, that's what it means.imaheadcase - Wednesday, July 29, 2020 - link
Put the name Supermicro on it and you know its not for consumers.newyork10023 - Wednesday, July 29, 2020 - link
The Supermicro manual states that a PCIe card installed is limited to networking (and will require a fan installed). An HBA card can't be installed?abufrejoval - Wednesday, July 29, 2020 - link
Since I use both pfSense as a firewall and a D-1541 Xeon machine (but not for the firewall) and I share the dream of systems that are practically silent, I feel compelled to add some thoughts:I started using pfSense on a passive J1900 Atom board which had dual Gbit on-board and cost less than €100. That worked pretty well until my broadband exceeded 200Mbit/s, mostly because it wasn’t just a firewall, but also added Suricata traffic inspection (tried Snort, too, very similar results).
And that’s what’s wrong with this article: 10Gbit Xeon-Ds are great when all you do is push packet, but don’t look at them. They are even greater when you terminate SSL connections on them with the QuickAssist variants. They are great when they work together with their bigger CPU brothers, who will then crunch on the logic of the data.
In the home-appliance context that you allude to, you won’t have ten types of machines to optimally distribute that work. QuickAssist won’t deliver benefits while the CPU will run out of steam far before even a Gbit connection is saturated when you use it just for the front end of the DMZ (firewall/SSL termination/VPN/deep inspection/load-balancing-failover).
Put proxies, caches or even application servers on them as well, even a single 10Gbit interface may be a total waste.
I had to resort to an i7-7700T which seems a bit quicker than the D-2123IT at only 35Watts TDP (and much cheaper) to sustain 500Mbit/s download bandwidth with the best gratis Suricata rule set. Judging by CPU load observations it will just about manage the Gbit loads its ports can handle, pretty sure that 2.5/5/10 Gbit will just throttle on inspection load, like the J1900 did at 200Mbit/s.
I use a D-1541 as an additional compute node in an oVirt 3 node HCI gluster with 3x 2.5Gbit J5005 storage nodes. I can probably go to 6x 2.5Gbit before its 10Gbit NIC becomes a bottleneck.
The D-1541’s benefit there is lots of RAM and cores, while it’s practically silent with 45 Watts TDP and none of the applications on it require vast amounts of CPU power.
I am waiting for an 8-core AMD 4000 Pro 35 Watt TDP APU to come as Mini-ITX capable of handling 64 or 128GB of ECC-RAM to replace the Xeon D-1541 and bring the price for such a mini server below that of a laptop with the same ingredients.
newyork10023 - Wednesday, July 29, 2020 - link
With an HBA (were it possible, hence my question), the 10Gbps serves a possible use (storage). Pushing and inspection exceeds x86 limits now. See TNSR for real x86 limits (wighout inspection).abufrejoval - Wednesday, July 29, 2020 - link
That would seem apply to the chassis, not to the mainboard or SoC.There is nothing to prevent it from working per se.
I am pretty sure you can add a 16-port SAS HBA or even NVMeOF card and plenty of external storage, if thermals and power fit. A Mellanox 100Gbit card should be fine electrically, logically etc, even if there is nothing behind to sustain that throughput.
I've had an Nvidia GTX1070 GPU in the SuperMicro Mini-ITX D-1541 for a while, no problem at all, functionally, even if games still seem to prefer Hertz over cores. Actually GPU accellerated machine learning inference was the original use case of that box.
newyork10023 - Wednesday, July 29, 2020 - link
As pointed out, the D2123IT has no QAT, so a QAT accelerator would take up an available PCIe slot. It could push 10G packets then, but not save them or think (AI) on them.