Netgate XG 1537 10GBE review with pfsense

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

tom here from lawrence systems and we're going to review this netgate xg1537 now right away i will admit this may look familiar to some of you because it is a super micro chassis and super micro board netgate has contracted super micro to build this for them so yes they use pretty common parts that are from super micro i just wanted to get that out of the way because i know people are always going well isn't that just like yes it is just like a super micro it's the same chassis and i really like this form factor we've used this before even with the direct super micro ones i call it kind of the reverse motherboard because they put the vga here in the front before we dive into all the details of this particular product if you'd like to learn more about me and my company head over to lawrences.com if you'd like to hire a short project there's a hires button right at the top if you'd want to support this channel in other ways there's affiliate links down below and ways to connect with us on our forums twitter and all the other places on social media now this device is pretty straightforward in terms of simplicity i kind of like that i will point out all the ports on the back because there's only one so that's easy place to start and that's where the power cord goes the vga and everything else is front facing so if you have this mounted in your rack it's easy to access everything you would need to access to service it right from the front there is a plenum i have missing right now because it's over here in case anyone's wondering that is just so we can easily show the board and everything in here which is you know pretty basic we have one two three four five six sata ports on board and we'll dive into the details there but the reason for them is one it's still standard motherboard but if we wanted to add some extra hard drives there are certain special situations where you may want some extra logging configured and i've talked about this on the channel before building a psent system with some extra storage dedicated towards logging it is kind of an edge use case but they do leave a little space in this chassis and this being one of their higher end models maybe that's a use case for anyone who's installing one of these and starting right here we have the dedicated ipmi network this is for your lights out management and yes it's the full super micro one then we have the two usbs if you need to plug a keyboard in and maybe another device then we have two dedicated one gig ports then we have two 10 gig ports this over here is just an add-in card four one gig ports that's an add-on to this particular system taking a little closer look here's that m2 right here the riser board with the add-in card here and the cpu the only fan is this one right here that is for you know pulling it across the plenum so once the plenum goes in this makes sure the air draw is right across it has a spot for a second fan but it's just not necessary for this particular configuration once this goes on it pulls the air you know from the front through uh the system here the power supply as noted is not a hotspot power supply but these are easily serviced and readily available now as far as plugging this in before we dive into the software i will be hooking this up with a 10 gig fiber link for the wan side down here at the bottom so we slide that in for that and then i have a 10 gig land and we'll plug in right here then we'll plug in a just a standard one gig for the dedicated ipmi so while we're waiting for this to boot i could plug a monitor in but i don't really have a connector to do vga and show you what's on the screen so by plugging in this way connected to the ipmi and actually i'm going to set this down a little plug it in like this and we'll slide my laptop over here i can show you the ipmi while we're waiting for the system to boot go in there and turn it on noise is the first thing let's talk about i have the decimal meter here when it first turns on there's a ramp up of cpu noise which is all of about 70 decibels but it hits idles down back closer to about 47. so it's a relatively quiet system it's really not that loud not that the noise is usually a huge factor for rack mounted stuff because generally if you're putting a bunch of stuff in a rack it's not going to be a noise issue you're hopefully putting it somewhere where it's temperature controlled nice clean dust free environment and uh noise is going to be with all the other servers that are running in there let's go ahead and grab the cable and plug it into the lan let's look at this and let's log into the ipmi now this is your standard super micro ipmi with of course this right here the html5 kbm so if you're remotely working on this not a problem and you can get in here and watch the boot up sequence get into bios change any settings even reload it if necessary because it does allow connecting virtual media to it so when you're in a remote situation and something goes wrong or you accidentally misconfigured your method that you were getting into the system like let's say you lock yourself out of the way inside you can go over here so you can get right to the console jump in and be able to you know administer the machine and reload it plus this gives us something to do while it boots up and watch this but i like that it's html5 it's not the older java one but i think they still offer you can switch back to the java one in here i just have no idea why you would do that html5 has been around long enough and major browsers all support this no no special plugins required you can see the server health readings this is where you set up the virtual media perform firmware updates maintenance uh reset factory default the ipmi configuration even do your bios updates i just really like that they have all this built in right here makes it really convenient when you have to you know manage things remotely which we manage a lot of remote systems this is going to be among them this is for a client project that's going to be delivered well we bought this system it's just while it's passing through here to be configured i'm taking the time to review it one thing that does come up from time to time is when you're monitoring this type of hardware does it have alert options and yes it does it does have some fine tuning you can do that way if there were a fan failure or some type of heat issue you could get notified of those issues of from the system itself through the ipmi if there was a hardware problem all right now we're booted up and loaded into the system we are running pf sense plus 2102-2 to dive into the details of pf sense goes a little out of scope of this video but i will leave links to my other psns videos including explaining some of the differences between pf sense plus with the netgate hardware versus the pf sense ce community edition that you can load on your own hardware now one of the things i wanted to talk about specifically with this is the 10 gig routing capabilities this is a popular topic that comes up quite a bit and also a talking point when it comes to performance with their other software and i don't want to use the word competing software because the tnsr is not a competition from netgate for pf sense it's a different purpose but this is one of the performance things i wanted to talk about and we're going to demonstrate here the automatic assumption is that you can get 10 gig if there's 10 gig ports that's not a hundred percent true in every circumstance and when they're comparing hardware for this comparison chart of the tnsr versus pf sense they talk about on the same hardware being able to do the 9.8 giga per core versus 1.8 per core for the comparison they were doing for the hardware the way we're going to demonstrate that here is we're going to kick off some 10 gig speed test with our lab and it is routing through here we have this is the wan connected at 10 gig this is the 10 gig lan 2 connected at 10 gig to a vm system now these systems have no problem talking to each other at 10 gig and matter of fact i've been doing a series of tests we'll up arrow this and you can see i'm running iperf and we're getting 10 gigs a second so yes it does 10 gig but you may notice that i broke it up into multiple streams and while you can see the 10g connection you can see it going across here and absolutely doing its job what happens is we tick it and broke it up into a series of streams what happens if we do a single stream we know we get 10 gig with multiple streams but if you do single stream this is where you start running in some of the processor limitations so a single stream as in one dedicated stream from point a to point b routed through the system can do 4.67 gigs but once you start having multiple streams you can have more than one stream doing that speed until you hit the overall limit of 10 gigs which is now hitting the physical port limit these are some of those nuanced differences for the way it is processed in freebsd it's a bigger freebsd issue not necessarily just a pf sense issue for the way it goes through the kernel and the way the performance is uh currently tuned on it they're always working on updates to enhance that but it's one of those things when you run iperf and people go i thought this was 10 gig and i only got on this particular processor 4.67 this is that nuance i wanted to make sure i cover and why i took the time to hook this up to you know show that little demo so yes you do get 10 gigs so if you had a 10 gig provider that was giving you full 10 gig and you had more than one system each of them could easily get 5 through this without a problem and saturate the full 10 gig link and generally speaking you're not pulling single streams at that speed you're pulling a multitude of streams and you want that 10 gig divided up amongst a range of clients so any one client may only be able to hit 4.67 for one stream but most of the time you're running multiple streams and most software most things you are accessing on the web aren't single stream they're multi-stream there's a series of data pipes coming at you iperf is just a you know really focused tool this is also what the differences are between when you look up the specs which by the way i'm not going to dive into the vpn specs because it's already published on netgate's site they have all the different appliance comparisons for the ipsec speed and of course these numbers always get better as they finally tune things with each provision of software or when wireguard comes back in version 2.6 we know we're going to get different speeds than before because well there's been a lot more work and a lot more tuning on it currently wireguard of course in the version 2.5 series is not available at this time other than for side loading it but staying back on topic it's a pretty nice device like i said rack mount standard super micro if you've seen this type of chassis before solid system even without the cover on it's really quiet obviously the microphone's right here and it's not even picking up really any noise from it the decibels are really low so it's not obnoxious and we put the lid on it and it gets that much quieter when we slide this back on and put the screws back in it nice airflow from front to back pretty uh cool overall we've actually had this running for a couple days on the test bench while we were setting things up and doing just a whole series of testing i never even heard the fan ramp up but it can ramp up a little louder if you find enough workload and you know we haven't set up the full uh configuration on this but eventually if you start running ids and ips systems on here and a massive amount of packets with a 10 gig pipe coming in distributed to a lot of clients yeah it's going to ramp up a little bit but like i said it's mostly rack mounted so the noise wasn't too bad the peak noise i got out of this was only about 70 decibels uh leave comments and questions down below and thanks and thank you for making it to the end of this video if you enjoyed this content please give it a thumbs up if you'd like to see more content from this channel hit the subscribe button and the bell icon to hire a shared project head over to lawrences.com and click on the hire us button right at the top to help this channel out in other ways there's a join button here for youtube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the descriptions of all of our videos including a link to our shirt store where we have a wide variety of shirts and new designs come out well randomly so check back frequently and finally our forums forums.laurensystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thank you again and we look forward to hearing from you in the meantime check out some of our other videos you

Info

Channel: Lawrence Systems

Views: 24,470

Rating: undefined out of 5

Keywords: LawrenceSystems, pfsense 10gbe, netgate xg-1537, pfsense firewall, pfsense setup, pfsense tutorial, pfsense build, pfsense setup 2.5

Id: 5PsJ73eVuN0

Channel Id: undefined

Length: 12min 29sec (749 seconds)

Published: Tue May 25 2021