Netgate SG-5100 Performance
Normally at STH we have used straight iperf3 which gives a good idea in terms of a maximum throughput in a simple use case. Instead of using the simpler iperf3 traffic pattern, we have been testing the Netgate SG-5100 with an IMIX set comprised of the following:
- Packet size: 60, pps: 28
- Packet size: 590, pps 16
- Packet size: 1514, pps: 4
Here we are using the IMIX above to push 1GbE line rate from the test system through the two Netgate SG-5100 systems. The net result is that we are pushing well over 300K packets per second along with the 1Gbps of bandwidth.
That seemed interesting, but we wanted to get more expansive. Note here that we are using DPDK on CentOS 8 on the test systems and pfSense for the SG-5100’s network OS. We are also using IX0, IX1, IX2, and IX3 as those correspond to the 1GbE ports from the Atom C3558 SoC. We are using these ports for traffic and assuming the other two Intel i210 NIC ports are being used for management.
As you can see, pushing traffic through all four ports at 100mbps gave us 400Mbps and over 130K packets per second. We also did not see any packets being dropped on that run so we doubled the speed to 200Mbps per port.
You can see here that the L1 traffic is a bit higher due to overheads showing over 840Mbps. Still, we are not getting dropped packets so we are moving up another 100Mbps to 300Mbps here:
Here we hit 1.2Gbps combined with around 400K packets per second using our IMIX. Again we pushed, this time to 350Mbps per port.
Here we hit 1.4Gbps passing through both firewalls and over 460K packets per second. When we pushed to 4x 400Mbps streams, we started to see dropped packets:
Each of the two Netgate SG-5100s has four ports (2 LAN and 2 WAN) that are routing traffic across. This is likely more than a typical setup would see in terms of sustained usage. We dialed back and found that 4x 360Mbps was not dropping packets at around 475K packets per second and 1.43Gbps.
Since we assume that not everyone will have four ports going, we instead are pushing packets through two ports through the solution. Here we tried two 650Mbps links and saw the setup working without issue:
When we pushed to around the same as we saw on four ports with 700Mbps on two ports, we started to see packet loss again.
If you have a single Gigabit WAN connection, it is likely that this setup is fine. If you need to run multiple WAN connections, this solution seems to be able to hit over 1.3-1.43Gbps without issue.
This is all great. However, remember that pfSense is considered the lower-performing but easier to use network solution. In our next piece, we are going to show TNSR numbers, as well as showing IPsec VPN performance across the two nodes and two network operating systems in this quad-port configuration.
Netgate SG-5100 Power Consumption and Noise
We used our pair of Extech TrueRMS Power Analyzer 380803 units to take measurements at different points of the Netgate SG-5100 usage. Embedded platforms tend to spend more time at the edge in offices rather than in higher power data centers, hence why we do our testing at a lower 120V voltage. Here are the figures:
- Lowest idle: 12.1W
- Normal idle: 13.8W
- Maximum observed: 19.2W
Overall, these are great numbers. One benefit to not including a traditional ASPEED BMC is that power consumption is 4-5W lower than BMC enabled platforms.
Now for the easy one, noise. There is none. This is a completely passive device which means no fans and no noise.
These units are priced at $699 + $19.99 for an optional wall mount kit and community support. There is a $70 off holiday special. If we are being transparent, one can build a Supermicro Atom C3000 based solution for $400-500. The Supermicro solution will have a BMC but will use more power.
There are some that will see a $150-250 premium as completely excessive. Those people are firmly in the build-your-own or get some inexpensive network appliance with a less than a well-known supply chain. That is fine too, this product is not for that segment.
Netgate also offers optional support packages with the Netgate SG-5100 which are must-haves for certain business purchases. The company also maintains security patches and updates to pfSense and TNSR for its products which may not happen on other platforms. There are others that simply like the idea of supported open-source software but who simply want to have a box delivered rather than piecing together a system. For all of these markets, the SG-5100 is ideal.
Next up for the SG-5100 pair is an investigation into TNSR versus pfSense with a specific look at IPsec performance. Many have noticed that IPsec VPN experiences with pfSense is good, but it is not the fastest. TNSR aims to fix that and the SG-5100 is perhaps the starting point for those that want to deploy that software. Stay tuned for more on STH.