AMD Ryzen 4x 2.5GbE Firewall Router for pfSense OPNsense Proxmox and Windows

10

AMD Ryzen 4x 2.5GbE Performance

Instead of going through the entire Linux-Bench test suite, we are going to show a few performance and power numbers here to give a general sense of performance. This also gives us the opportunity to test with Linux/ Ubuntu instead of just Windows.

Python Linux 4.4.2 Kernel Compile Benchmark

This is one of the most requested benchmarks for STH over the past few years. The task was simple, we have a standard configuration file, the Linux 4.4.2 kernel from kernel.org, and make the standard auto-generated configuration utilizing every thread in the system. We are expressing results in terms of compiles per hour to make the results easier to read:

AMD Ryzen 7 5825U Linux Kernel Compile Benchmark
AMD Ryzen 7 5825U Linux Kernel Compile Benchmark

There are a few key takeaways that we will address in each benchmark chart. First, the AMD Ryzen 7 5825U is very close to the AMD Ryzen 7 5800U that we tested in the ASRock 4×4 BOX-5800U Review A Tiny AMD Ryzen 7 5800U Mini PC. It is only a $17 upgrade, but it is one we probably would skip just given the performance delta we saw as well as other performance data online.

7-zip Compression Performance

7-zip is a widely used compression/ decompression program that works cross-platform. We started using the program during our early days with Windows testing. It is now part of Linux-Bench.

AMD Ryzen 7 5825U 7zip Compression Benchmark
AMD Ryzen 7 5825U 7zip Compression Benchmark

The next observation is that there is an immense performance increase over the Intel Core i7-1165G7 fanless units we reviewed previously. This is where the performance of the AMD 8-core solution, along with the fact that we have an actively cooled system, really shows.

OpenSSL Performance

OpenSSL is widely used to secure communications between servers. This is an important protocol in many server stacks. We first look at our sign tests:

AMD Ryzen 7 5825U OpenSSL Sign Benchmark
AMD Ryzen 7 5825U OpenSSL Sign Benchmark

Here are the verify results:

AMD Ryzen 7 5825U OpenSSL Verify Benchmark
AMD Ryzen 7 5825U OpenSSL Verify Benchmark

The third observation in the performance of this system is that it is very competitive with processors like the Core i7-10700T, which make for solid desktop experiences. While we clearly have too much CPU performance for just a simple NAT device running iperf3 traffic across pairs of 2.5GbE interfaces, the other side of this unit is that we also have three display outputs. This system is capable of actually being a desktop and doing a decent job in that role.

GeekBench 5 Single v. Dual Channel RAM v. 25W POR

One other quick test we wanted to see was the performance of the GeekBench 5 when we added 64GB of memory to this system. Here is the single DDR4-3200 YueTiger 16GB result first:

AMD Ryzen 7 5825U 4x I226 1 Ch DDR4 3200
AMD Ryzen 7 5825U 4x I226 1 Ch DDR4 3200

Here is what happened when we switched to the two G.Skill SODIMMs in dual-channel configuration. The performance jump was massive.

AMD Ryzen 7 5825U 4x I226 2 Ch DDR4 3200
AMD Ryzen 7 5825U 4x I226 2 Ch DDR4 3200

We also tried manually setting the POR to 25W to see if that would have a further impact. It did, albeit a relatively muted one.

AMD Ryzen 7 5825U 4x I226 2 Ch DDR4 3200 25W POR
AMD Ryzen 7 5825U 4x I226 2 Ch DDR4 3200 25W POR

Our best guidance here is that going from single to dual channel is worth it, and recommended. Increasing the power band was likely not worth it, given the performance we saw.

CrystalDiskMark

We ran our CrystalDiskMark 1GB and 8GB tests on the Ranxiana 512GB NVMe SSD performance was muted:

AMD Ryzen 7 5825U 4x I226 512GB NVMe SSD CrystalDiskMark
AMD Ryzen 7 5825U 4x I226 512GB NVMe SSD CrystalDiskMark

Storage in these CW motherboard-based systems is generally not the fastest. Couple that with the unknown quantity SSD from the AliExpress bundle, and those looking for maximum performance will likely be disappointed.

CoreTemp and CPU-Z

Since we were able to get Windows 11 Pro running on this system without issue, we have a quick look at the CoreTemp and CPU-Z:

AMD Ryzen 7 5825U 4x I226 CPU Z Core Temp
AMD Ryzen 7 5825U 4x I226 CPU Z Core Temp

Boosts like the above to over 4.1GHz were rare, but the cooling generally kept our CPU in the 69-71C range with some outliers. The above screenshot was taken during one of the GeekBench 5 runs above in the multi-core performance section.

Next, let us get to the power consumption and our final words.

10 COMMENTS

  1. This one looks like a bit of a missed opportunity. I assume that someone thought that preserving external similarity to the atom-based router boxes was important; but it’s not desperately obvious what the actual benefit is, while the drawbacks in terms of thermals, fans, deeply weird m.2 layout, etc. are all pretty blatant.

    Especially with either an intake or an exhaust on nearly every side this thing already requires more room than its size suggests, in the sense that if you tried to pack them side-by-side or stack them they’d likely complain; so a slightly larger enclosure would be no real sacrifice and allow a much nicer layout, ideally consolidation to a single larger fan, etc.

  2. I would guess the side facing port is for an eGPU adapter. Why bring a router and PC to the LAN party when you can do it all with one?

  3. What I miss from all of these mini-pc firewalls is a kvm option either serial like with the APU boards, or AMT iKVM which can be locked to a specific port (users less power than an full blown IPMI port) as I would not want it to be on the WAN port.

    Having 3 display options is not intersting for a firewall.

    Yes I know about the RPi KVM options but that is an additional 100-200€ on the price.

  4. @fuzzyfuzzyfungus: The difference between the 10 Watt TDP of an Atom and the 15 Watt TDP on a Tiger Lake or Ryzen 3 SoC doesn’t seem like much on paper. So like you I’ve felt let down, when truly passive variants failed to appear.

    But when you dig a little deeper and look at what companies like Akasa have to do to create a truly passive chassis for those chips, it becomes much more obvious that active cooling is a lot cheaper.

    These “15 Watt” parts not only support a 28Watt setting but will actually turbo to 50 Watts (Ryzen) or 64 Watts (Tiger Lake) with both presets. They can be told not to, but then you simply get the near Atom performance, not your money’s worth.

    I quite like the fans. Big slow moving fans are great to cover TDPs in this range without being noticeable: that’s typically passive enough for me. Yes, there is dust buildup over the years, but even I give my truly passive Atoms a spring cleaning.

    @Patrick: Geekbench runs every one of its sub-benchmarks only for a couple of seconds, so you’ll get max turbo clocks on pretty much all of them. At that point, there is no real difference for the 5800U between the 15 and 28Watt settings, because Geekbench just runs on pure turbo.

    RAM speed is even more essential for the iGPU, so using anything less than DDR4-3200 dual channel on these SoCs is crippling performance–unless it’s bored anyway.

    Chances are that as a mere firewall it is going to be that quite often, unless your Suricata ruleset is extensive and the users in your small office, appartment block or Internet café are near saturating those 2.5Gbit links.

    To me most of these small boxes are naturally micro-servers and that means running the firewall as a VM side-by-side with a few others for NextCloud, Plex, or some smart-home stuff. And there the ability to run a true DMZ on two ports (Internet + LAN switch), apps and storage on the two others has a box like this seem very attractive.

    There is a lot of connectivity to be had these days with adapters that have an M.2 cable on one end. E.g. I use it to connect a 10Gbit Aquantia NIC on a box that doesn’t have a proper PCIe x4 slot left over, but the eGPU sounds like another interesting option.

    Honestly, I’d be rather grateful for them to provide the option to utilize all the SoC’s built-in PCIe lanes instead of letting them go waste, simply because they don’t fit the design or have mainstream appeal.

    @Eric Olson: ECC support for the Barcelo 5825U is a *great* find, thank you! I got a 5825U based notebook for one of my sons, that obviously doesn’t have ECC LPDDR4 RAM soldered on: so far I had only seen 100MHz higher clock… Official support for 64GB RAM seems a paper-only change, but who knows… interestingly there are also 4 additional PCIe lanes on the Barcelo…

    All that has this little box appear in very different light and I can see myself itching to get my hands on one.

    But even more I’d probably like a mini-ITX variant of the board with the same SoC soldered on, some SATA ports for a set of HDDs and the ability to add a 10GBit NIC one way or another. That could replace a Xeon-D 1581 that’s starting to feel a little sluggish…

  5. Patric, mentioned in the video companion for this article that “TF” is often used to label “MicroSD” slots in China. I wager more is play than simpler licensing.

    While the difference between “MicroSD” and “TF” is minimal to me I wager it is a lot larger for people in the chinese market. Many of which I assume would only see these characters as symbols.

    “In this case, the TF slot is a MicroSD card slot without the vendor paying for licensing the MicroSD name.”

  6. Timing was lucky. I took delivery of one on the same day of this review. I went for the 5600U option. I’ve installed proxmox on an SSD 2.5 drive. My unit didn’t come with the second fan which is optional I believe. I’ve also put a small 256GB nvme drive. Just for testing I’ve inserted a microSD card and it shows fine in the OS with a lsblk.
    I’m installing opnsense on it as VM. Right now I need to see how to give the config file from the baremetal one to the VM.

  7. Hi,

    I purchased one of these because I previously bought one with a N5105 and it was overheating and my OPNSense PVE VM would lock up. It’s working well for me with Crucial RAM and Samsung SSD. I won’t mess with off brand memory/storage.

    Let me know if anyone knows how to update the BIOS. I hypothesis that the vendor ships a development BIOS. I’d prefer to run something that’s less complex.

    Good (bare bones w/ 5825U): https://www.aliexpress.com/item/3256804600750691.html

    Overheats (bare bones w/ N5105): https://www.aliexpress.com/item/3256804173757529.html

    Best,

    Joe

  8. @Eric Olson: according to Aliexpress product pages the platform doesn’t support ECC memory. Unfortunately. I would be happy to see it here too…

  9. I have a small fanless PC to run pfSense on. It doesn’t have as powerful a CPU as the ones that STH has been testing recently, but I decided to put a fan on it and see what happened.

    It’s one of those add-on cooling fans that’s USB-powered. It came with a small wall wart that I plugged in so that I’m not powering it off the power supply of the mini PC. I laid it on top of the mini PC. It has rubber bumpers so it won’t mar anything or move around due to vibration.

    I tried it with airflow blowing onto the top heatsink of the mini PC and also the opposite direction so that the fan is pulling up through the heatsink.

    Blowing down onto the heatsink worked much better in my case. The fan has reduced the reported temps by about 15 °C. It doesn’t run that hot without the fan, but I feel that the reduced operating temperature could be beneficial in terms of reliability and longevity over the long term. The question then is whether it’s cost-effective? The fan was about US$10. It came with a speed control and I have that turned almost all the way down. It’s been silent. (The fan claims to have dual ball-bearings, and I’ll see how well it holds up in use.) I haven’t measured the power draw of the fan yet, but from what I’ve read I’m thinking a Watt or two?

    Will the added cost of the fan and the power to run it pay for itself in added longevity for the device? I’m not sure. It provides a reassuring feeling to me though, and perhaps that’s worth the added cost. 🙂

    Everyone has to make the same decisions and calculations for themselves, especially when they have mini PCs with more powerful CPUs than mine (which is a J3170). The mini PC tested in this article obviously makes that decision for you by including a cooling fan.

    I assume that some or all of the CPUs used in these mini PCs will thermal-throttle, or at least not boost as much if they’re running hot? I wonder if that is an issue for most people?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.