In our series of fanless firewalls, we have seen two regular requests. One is for 10GbE units, and the other is for reviews of units based on AMD. Today, we have the AMD Ryzen 7 5825U-based machine that has been a hot topic with its 4x 2.5GbE ports. As we reviewed this unit, we found a lot to like but also many funky features that we did not expect. We found enough that we changed our publishing order to get this review out earlier than planned.
AMD Ryzen 4x 2.5GbE Background
As we have been doing with this series, we have a video that you can find here:
This was done on the new set, so we could show the overhead view on this one. We always suggest watching the video in its own window, tab, or app for a better viewing experience.
The unit itself was a top-bin unit. The barebones were around $435 via KingNovyPC and Topton on AliExpress. Stepping down to the AMD Ryzen 7 5800U saves around $17. The Ryzen 5 5600U is about $90 less than the unit we reviewed, albeit with fewer cores.
We also configured this unit with 16GB of DDR4-3200 and a 512GB NVMe SSD for a total price of $555. That is firmly in “Mini PC” pricing and less in the <$250 router/ firewall range.
We found that the configuration we purchased was severely constraining performance, but we also found hidden features and specs on AliExpress that were conflicting and often did not make sense between sellers reselling this unit.
In the video, we showed the system running OPNsense 22.7, pfSense 2.7-development, Proxmox VE, Ubuntu Desktop, and Windows 11. The biggest challenge was the compatibility of the Intel i226-V 2.5GbE NICs.
With that, let us get to the hardware.
AMD Ryzen 4x 2.5GbE External Hardware Overview
On the front of the unit we get a power button and two blanks for WiFi antenna posts. We also get a TF slot. In this case, the TF slot is a MicroSD card slot without the vendor paying for licensing the MicroSD name. There are five USB ports. The four Type-A ports are split between USB 2 and 3.
The Type-C port is perhaps the most interesting. This is actually a third display output, and one can power the device via this Type-C port as well.
The back of the unit has a HDMI and DisplayPort output. That means we get a total of three 4k60 display outputs on this little machine designed to be a firewall/ router.
Next to these, we get four 2.5GbE ports. These are powered by the new Intel i226-V 2.5GbE NICs. Generally, compatibility is good but if you want to use the current pfSense 2.6 that will be a challenge. pfSense 2.7-development is a development branch, but it includes support. Our Windows 11 installation required drivers to be added post-installation. Overall though, OSes like Proxmox VE, OPNsense, and Ubuntu worked well with the NICs.
This unit may confuse some as it has a metal case with ribbing, but do not be confused: it is not fanless. The top of the chassis has a cutout for the CPU fan.
The sides would look solid if we had a black background.
But in reality, both sides have venting. One is a system vent, while the other is for the CPU heatsink/ fan exhaust.
The bottom has rubber feet and mounting points for a 2.5″ drive. We would suggest not using the 2.5″ driven mounting since that would block airflow to the memory and storage. Instead, our unit comes with a fan. We would suggest this is a useful feature that helps keep SSD and memory cool.
Next, let us get inside the chassis.
This one looks like a bit of a missed opportunity. I assume that someone thought that preserving external similarity to the atom-based router boxes was important; but it’s not desperately obvious what the actual benefit is, while the drawbacks in terms of thermals, fans, deeply weird m.2 layout, etc. are all pretty blatant.
Especially with either an intake or an exhaust on nearly every side this thing already requires more room than its size suggests, in the sense that if you tried to pack them side-by-side or stack them they’d likely complain; so a slightly larger enclosure would be no real sacrifice and allow a much nicer layout, ideally consolidation to a single larger fan, etc.
According to AMD
https://www.amd.com/en/product/11601
the Ryzen 7 5825U processor has ECC memory support.
Does this particular platform support ECC memory?
I would guess the side facing port is for an eGPU adapter. Why bring a router and PC to the LAN party when you can do it all with one?
What I miss from all of these mini-pc firewalls is a kvm option either serial like with the APU boards, or AMT iKVM which can be locked to a specific port (users less power than an full blown IPMI port) as I would not want it to be on the WAN port.
Having 3 display options is not intersting for a firewall.
Yes I know about the RPi KVM options but that is an additional 100-200€ on the price.
@fuzzyfuzzyfungus: The difference between the 10 Watt TDP of an Atom and the 15 Watt TDP on a Tiger Lake or Ryzen 3 SoC doesn’t seem like much on paper. So like you I’ve felt let down, when truly passive variants failed to appear.
But when you dig a little deeper and look at what companies like Akasa have to do to create a truly passive chassis for those chips, it becomes much more obvious that active cooling is a lot cheaper.
These “15 Watt” parts not only support a 28Watt setting but will actually turbo to 50 Watts (Ryzen) or 64 Watts (Tiger Lake) with both presets. They can be told not to, but then you simply get the near Atom performance, not your money’s worth.
I quite like the fans. Big slow moving fans are great to cover TDPs in this range without being noticeable: that’s typically passive enough for me. Yes, there is dust buildup over the years, but even I give my truly passive Atoms a spring cleaning.
@Patrick: Geekbench runs every one of its sub-benchmarks only for a couple of seconds, so you’ll get max turbo clocks on pretty much all of them. At that point, there is no real difference for the 5800U between the 15 and 28Watt settings, because Geekbench just runs on pure turbo.
RAM speed is even more essential for the iGPU, so using anything less than DDR4-3200 dual channel on these SoCs is crippling performance–unless it’s bored anyway.
Chances are that as a mere firewall it is going to be that quite often, unless your Suricata ruleset is extensive and the users in your small office, appartment block or Internet café are near saturating those 2.5Gbit links.
To me most of these small boxes are naturally micro-servers and that means running the firewall as a VM side-by-side with a few others for NextCloud, Plex, or some smart-home stuff. And there the ability to run a true DMZ on two ports (Internet + LAN switch), apps and storage on the two others has a box like this seem very attractive.
There is a lot of connectivity to be had these days with adapters that have an M.2 cable on one end. E.g. I use it to connect a 10Gbit Aquantia NIC on a box that doesn’t have a proper PCIe x4 slot left over, but the eGPU sounds like another interesting option.
Honestly, I’d be rather grateful for them to provide the option to utilize all the SoC’s built-in PCIe lanes instead of letting them go waste, simply because they don’t fit the design or have mainstream appeal.
@Eric Olson: ECC support for the Barcelo 5825U is a *great* find, thank you! I got a 5825U based notebook for one of my sons, that obviously doesn’t have ECC LPDDR4 RAM soldered on: so far I had only seen 100MHz higher clock… Official support for 64GB RAM seems a paper-only change, but who knows… interestingly there are also 4 additional PCIe lanes on the Barcelo…
All that has this little box appear in very different light and I can see myself itching to get my hands on one.
But even more I’d probably like a mini-ITX variant of the board with the same SoC soldered on, some SATA ports for a set of HDDs and the ability to add a 10GBit NIC one way or another. That could replace a Xeon-D 1581 that’s starting to feel a little sluggish…
Patric, mentioned in the video companion for this article that “TF” is often used to label “MicroSD” slots in China. I wager more is play than simpler licensing.
While the difference between “MicroSD” and “TF” is minimal to me I wager it is a lot larger for people in the chinese market. Many of which I assume would only see these characters as symbols.
“In this case, the TF slot is a MicroSD card slot without the vendor paying for licensing the MicroSD name.”
Timing was lucky. I took delivery of one on the same day of this review. I went for the 5600U option. I’ve installed proxmox on an SSD 2.5 drive. My unit didn’t come with the second fan which is optional I believe. I’ve also put a small 256GB nvme drive. Just for testing I’ve inserted a microSD card and it shows fine in the OS with a lsblk.
I’m installing opnsense on it as VM. Right now I need to see how to give the config file from the baremetal one to the VM.
Hi,
I purchased one of these because I previously bought one with a N5105 and it was overheating and my OPNSense PVE VM would lock up. It’s working well for me with Crucial RAM and Samsung SSD. I won’t mess with off brand memory/storage.
Let me know if anyone knows how to update the BIOS. I hypothesis that the vendor ships a development BIOS. I’d prefer to run something that’s less complex.
Good (bare bones w/ 5825U): https://www.aliexpress.com/item/3256804600750691.html
Overheats (bare bones w/ N5105): https://www.aliexpress.com/item/3256804173757529.html
Best,
Joe
@Eric Olson: according to Aliexpress product pages the platform doesn’t support ECC memory. Unfortunately. I would be happy to see it here too…
I have a small fanless PC to run pfSense on. It doesn’t have as powerful a CPU as the ones that STH has been testing recently, but I decided to put a fan on it and see what happened.
It’s one of those add-on cooling fans that’s USB-powered. It came with a small wall wart that I plugged in so that I’m not powering it off the power supply of the mini PC. I laid it on top of the mini PC. It has rubber bumpers so it won’t mar anything or move around due to vibration.
I tried it with airflow blowing onto the top heatsink of the mini PC and also the opposite direction so that the fan is pulling up through the heatsink.
Blowing down onto the heatsink worked much better in my case. The fan has reduced the reported temps by about 15 °C. It doesn’t run that hot without the fan, but I feel that the reduced operating temperature could be beneficial in terms of reliability and longevity over the long term. The question then is whether it’s cost-effective? The fan was about US$10. It came with a speed control and I have that turned almost all the way down. It’s been silent. (The fan claims to have dual ball-bearings, and I’ll see how well it holds up in use.) I haven’t measured the power draw of the fan yet, but from what I’ve read I’m thinking a Watt or two?
Will the added cost of the fan and the power to run it pay for itself in added longevity for the device? I’m not sure. It provides a reassuring feeling to me though, and perhaps that’s worth the added cost. 🙂
Everyone has to make the same decisions and calculations for themselves, especially when they have mini PCs with more powerful CPUs than mine (which is a J3170). The mini PC tested in this article obviously makes that decision for you by including a cooling fan.
I assume that some or all of the CPUs used in these mini PCs will thermal-throttle, or at least not boost as much if they’re running hot? I wonder if that is an issue for most people?
Whats the point of 2.5gbit? When are these things gonna get 10gbit?
I was able to have the second fan and also a SSD working. In fact I just pulled out the board inside a 2.5 SSD (in many smaller models there is only a small board in it) and got this board securely set on the side.
I’m running Proxmox 7.3 but I am currently struggling to get GPU passthrough to a Windows 11 VM. Do you have any clue on the config to use?
Do these boards have a (software) Raid 1 for the 2 M2 SSDs? (something like Intel Rapid Storage raids)
I’m using this box with Proxmox and it is getting very hot. Seems like the PWM function is not working. At reboot or in the bios the fans are at full speed, but once in Proxmox they remain off.
I tried to adjust in the bios the temps for the fan but it makes no difference.
Any idea how to fix this?
FYI,
I ran a Geekbench on this box with a Ryzen 7 5800U.
Here are the results: https://browser.geekbench.com/v5/cpu/19660849
Yann which bios version do you have?
I managed to find the BIOS files for this (via changwang.com).. https://www.changwang.com/down/76.html has the updated 10/2022 version and a link to the original version. FYI the bios link was found via williamlam’s page on using ESXI on this device.
There’s also a link to a proper datasheet for the motherboard, but it’s full of Chinese characters in the link so copying it html encoded the link, but here it is. I tested and it loaded ok for me (I had to navigate through their odd site to find it): https://changwang.oss-cn-hangzhou.aliyuncs.com/%E4%BA%A7%E5%93%81%E8%A7%84%E6%A0%BC%E4%B9%A6/%E8%BF%B7%E4%BD%A0%E4%B8%BB%E6%9C%BA%E7%B3%BB%E5%88%97/AMD-R5-5600U,R7-5800U,R7-5825U%E4%BA%A7%E5%93%81%E8%A7%84%E6%A0%BC%E4%B9%A6/%E7%95%85%E7%BD%91AMD-R5-5600U,R7-5800U,R7-5825U%E4%BA%A7%E5%93%81%E8%A7%84%E6%A0%BC%E4%B9%A6.pdf
I put some faster DDR4 16-20-20-40 1.35V RAM in it but could not find a way to increase the RAM Voltage. I emailed CWWK and got this back:
“Hello, because our motherboard is of the notebook type, this feature is not open”
Its to bad. I currently using it as a remote box unless I need more power then I have my main system on a smart switch and fire that up to log into.
This summer this is going firewall with full snort paid rule base AND added wifi AX210. It will become one node of the network and current Asus router will be downgrade to AP.
Hi everybody and many thanks to the STH team.
I have setup ProxMox 7.3-1 with Linux kernel 6.2.6 on one of these AMD Mini PCs with a Rizen 7 5825U, 32 GB of RAM and a 1TB Samsung 980 nvme. Up until now everything seems to work like a charm, the two fans do sound like they spin up when the CPU load increases, the four 2.5GB Ethernet interfaces work fine too and I didn’t experience any reboots or kernel panics.
one owner of 5800u running unraid host + k8s VM + gpu passtrough.
Highly recommend to replace thermal paste for quality one, 20-30ºC drop easily.
For those who wants to passtrough to VM the amd gpu you need the vbios, the vbios can be extracted from changwang Bios and using VBiosFinder to extract it, I can use it to transcode it within the VM but I got black screen.
Probably this dmesg error could be related
[ 3.851669] [drm] Unsupported Connector type:21!
If someone was able to passtrough entirely VM would be nice to share how 🙂
This review and comments maybe are the only source of info for this box.
Can anyone confirm the lanes for the nvme? especially the third funky one.
The datasheet Daniel posted earlier says: “Onboard 2 M.2 sockets + 1 M.2 WIFI socket, PCIE3.0 signal X4 channel” So I assume the m.2 that got splitted is pcie3 x4 and gets divided into x2 each. I assume this is correct based on the read/write speeds of the ssds on each nvme slot.
This disqualifies both from being used for eGPU since you will be losing a lot of performance.
Any idea how many lanes are there for the 3rd m.2 connector?
Is there a part number on the CPU fan? I’d like to know if it’s a standard part which could be ordered in the event of a failure.
I have the same problem as Yan describes ,
The fain spinning up in the bios, but when Proxmox 8.0.2 is loaded the fan in not spinning up and the cpu/case is getting hot.
With windows 11 the problem does not occur
Bios version is 0.22 x64 12/12/2022