New Fanless 4x 2.5GbE Intel N5105 i226-V Hardware Overview
Starting with the front of the unit, we see something that is quite different from older generations. We still have a similar power button, a clear CMOS button, and two USB 3 Type-A ports. Next, we get a Type-C port and a TF slot so if you have a microSD card, you can mount it there.
On the rear of the unit, we also see upgrades. Here we get two USB 2.0 ports. A quick note is that if you use iKVM devices like TinyPilots shown in the accompanying video, you want to use the USB 3 ports, not these USB 2.0 ports. There are now two display outputs with a HDMI port and DisplayPort. Next, we have the four RJ45 ports and a DC 12V input.
The unit has the newer style of perforations for an optional 40mm fan (shown in the video.) Inside though, we get a slightly different layout.
At the top, we have the M.2 2280 slot, but below it, we have a new WiFi slot. This used to be mPCIe on older units. The placement just below the M.2 is not one we love since M.2 drives tend to be heat sources in passively cooled chassis.
The SATA data and power connectors connect via a cable to a drive.
The motherboard on this one is the CW-N5105-4L V4. Notably, our i225 version of this with the V4 style motherboard did not have a sticker here, but appears to be the same unit with different NICs.
There are two SODIMM slots. A quick tip on these is that if you purchase pre-configured units, they tend to come with a single SODIMM to lower power and heat generation. Sometimes, these units also have memory speeds on the DIMMs of DDR4-2666, but the actual running speed is much lower. This unit had 2666MT/s speeds as it was supposed to.
One major change for V4 was the NICs. The NICs in this system are Intel i226-V NICs. The previous generations were Intel i225, although in the video, we have the V4 motherboard with i225 NICs as well. One of the big changes with V4 is moving the NICs to the other side of the motherboard. In previous generations, the four NICs would be next to the RJ45 ports on the same side as the SSD and memory.
Now, they have moved to the back side of the motherboard.
This allows for an interface to be established between the NICs on the motherboard and the chassis. It seems like a better design than having the 1.3W TDP (x4 = ~5W) of heat generation dissipating in the chassis next to the hot air chamber with the SSD and SODIMM.
On the CPU side, the Intel Celeron N5105 has a small copper block and at least had thermal paste connecting the CPU and block. We have had some readers report getting units without paste or air gaps here.
This was not the case with ours, but it is something to check if you see high CPU temps.
Quality on these is getting better, it seems, but it is also a bit of a leap of faith that you are going to get a new unit since returning one is going to be more painful than an average Costco or Amazon purchase.
Next, let us get to the performance.
Intel Celeron N5105 Performance
We have now reviewed several of these Intel Celeron N5105 units. This unit was in-line with others we have tested, and within a 1% test variation from the i225 V4 version, we tested with the same CPU.
Python Linux 4.4.2 Kernel Compile Benchmark
This is one of the most requested benchmarks for STH over the past few years. The task was simple, we have a standard configuration file, the Linux 4.4.2 kernel from kernel.org, and make the standard auto-generated configuration utilizing every thread in the system. We are expressing results in terms of compiles per hour to make the results easier to read:
Here we can see that on a percentage basis, we have a large jump from the J4125 units we first reviewed.
7-zip Compression Performance
7-zip is a widely used compression/ decompression program that works cross-platform. We started using the program during our early days with Windows testing. It is now part of Linux-Bench.
At the same time, the performance between the Celeron N5095, N5105, and N6005 are very close. Having four cores and the same architecture really means there is only so much differentiation.
OpenSSL Performance
OpenSSL is widely used to secure communications between servers. This is an important protocol in many server stacks. We first look at our sign tests:
Here are the verify results:
Our general guidance at this point is to get the N5105 over the N5095 and N6005. If you want more performance, then the real upgrade is moving to something like the Core i5/ Core i7 units that will use more power but offer more performance.
Next, let us get to power consumption, key lessons learned, and final words.
On one hand these devices appear designed to serve as firewalls. On the other hand security and buying unbranded stuff on AliExpress may not go well together. Is there any way to audit the firmware (and hardware) on these devices?
@Eric Olson: It would probably be both challenging and expensive to fully quiet one’s doubts(especially given that some sort of malice could be sprinkled randomly across a mostly legitimate run of products, or reserved for customers of interest, so you couldn’t rely on test samples to be 100% representative); but there are definitely some options that are a lot better than nothing:
Vendor page says that the system uses an AMI UEFI build; and while there is a a certain amount of platform-specific mystery to UEFI builds(there is ‘tianocore’, which is Intel’s open source UEFI implementation; but that mostly covers higher level stuff and sometimes gets partially incorporated into the firmware that actually ships; it doesn’t actually boot anything on its own); but there are also a bunch of utilities aimed at examining, dumping, and modifying well-known BIOS and UEFI vendor firmwares that have been put together over time. UEFI firmware also tends to be stored on a relatively obvious i2c or SPI flash chip that, if all else fails, can simply be desoldered and read out externally.
It’s deeply nontrivial to prove what a binary blob is up to; but if you are more or less narrowly focused on hunting for anomalies it probably helps that you can reasonably assume that the vendor was looking to bring up a Jasper Lake platform at relatively low cost and minimum fuss(rather than trying to implement a bunch of firmware-based ‘value add’/product differentiation), so odds are good, though not perfect, that the firmware pretty closely resembles that of other low cost/ODM Jasper Lake boards; allowing you to focus your examination on anything that stands out: any curious UEFI programs, runtime services, etc.
Skilled work, and not necessarily cheap, but not a matter of fundamentally unknowable mystery.
As for hardware, similar question of how much you want to spend and what sort of sampling process you want to use: it will be relatively hard for anything to hide from a full destructive analysis(desolder everything, x-ray the board and the chips, decap any chips that remain mysterious); but that’s reasonably expensive and skilled work; and since it’s destructive you can’t do it to the units you actually want to use; just a number of test samples dictated by your tolerance for the risk that the units you end up using end up differing from the units you test.
Realistically, if you are firewalling something where it matters that much you are probably better off just spending more and starting with gear whose provenance is more to your liking: it’ll end up being cheaper than trying to take gear you strongly distrust and prove its honesty.
If you want to indulge some lighter-weight paranoia firmware dumping is relatively accessible and nondestructive; and (both because of the proliferation of dev tools resulting from every x86 board needing it, and from OS and bootloader devs trying to understand and cope with really eccentric firmware) tools and expertise for at least some level of firmware poking are comparatively widely available; so you could certainly do some of that if you wanted.
Hardware level validation, beyond the basic inspection for really odd looking rework, is probably impractical(viable; but destructive and far more expensive than the system is worth).
Is the Type-C port USB 3 capable, or just USB 2.0?
Thanks for the great review and writeup!
@darkfiber in Aliexpress’s vendo page says that USB-C is capable of display so I think is USB 3.2, maybe STH can update with this test
Which processor is more energy efficient at low load? n5105 or pentium 7505? Does anyone have information?
The store on Ali has options with pentium, which supports up to 64GB of memory and has slightly better performance. But I can’t find information of power consumption. And I can’t make the final choice.
Link to the unit
For evaluating security, simplest thing is to put the unit on an isolated subnet, and look for any spurious traffic. An adversary needs a means to get control, and extract data. This means the network.
If the BIOS (without software loaded) generates network traffic, that would need a look.
While we can imagine more elaborate scenarios (Bruce Schneier would call them “Movie Plot Threats”), the most likely is a simple call-home, which could then be used for more elaborate payloads.
Hi hoping someone here can help. I have this exact unit, but I can’t get it to power on.
I bought it without RAM, and bought separetely (new) – from Samsung M471A2K43DB1-CTD.
I.e. 2666Mhz, DDR4, SODIMM, non-ECC (as recommended on the page).
Now, when I power on, after a few seconds I get a single beep, then it power cycles, and repeats. Same beep every time I manually turn it off and on. Sometimes when I leave it on it won’t continue beeping (power LED on), but it’s not appearing on the monitor.
I couldn’t find any information at all on the motherboard to tell what the beep means. I would like to think it isn’t the memory – bought two sticks and tried both separately and together, in all slot configurations.
The reviews on these units are interesting but I feel like they lack a very relevant part in the benchmark section: the network performance analysis.
Are they capable of delivering the 2.5Gbps performance? On all ports? Simultaneously? What is the CPU usage and energy consumption in those cases? How much the performance will drop with some firewall rules, or using openvswitch?
For me, it is much more useful to know these things, as I would use the device as a switch in a home network, than knowing how fast it can compile Python.
I hope you consider including this analysis in the future reviews. Thanks!
not Ranxiana SSD, it’s FanXiang SSD 🙂
Agreed with gmj. Networking performance is hard to judge from Linux kernel compile time benchmarks.
Would you run pfsense/opensense baremetal on these or even with proxmox? Or will that be too tough on the N5105?
Hey,
On the view it says that the system will support 32gb, but on Intel’s page it is said that this processor will only support 16gb.
Have you guys tried it with 32gb?
Best,
Francis
I just picked up one of those guys (although mines the n6005 model). This thing is a beast! Handles everything no problem in Proxmox and also it looks like I got an updated backplate as mine seems to allow for a 80mm fan on the back. Picture below
https://imgur.com/a/a7vtaVh
It looks like is using a non-standard fan header. Has anyone tried attaching a fan to it?
Stupid question…If you do opt to mount a 40mm fan on these things, do you mount it as an intake or exhaust fan?
@Josh T, I ordered a Topton Model-A N5105 and paid extra for the 40mm fan. They installed it as exhaust.
@Trevin Corkery, I bought the unit with fan installed, it has a short adapter cable.
@Francis Augusto I used Crucial CT2K16G4SFRA32A which is 2x 16GB 3200. System came up with 32GB RAM at 2933. I haven’t tried pushing it to 3200 yet.
Hi! Great video! Got a few questions as I’m new to these appliances and want to run OPNSense at home:
1- Can I use only one ram sodimm Vs 2, I have a spare 16gb-3200 gathering dust
2- Where can I find the manual? I tried (I really did) to get my hands on it and can’t find it
@JPH you can run one SODIMM. It wouldn’t hurt to try the one you’ve got.
Sorry, I haven’t looked too hard, but I’ve not seen any links to manuals for this system.
A couple of learnings as a noob to pfSense that might help others getting started.
– This particular system, with Intel i226-V NICs (ID 0x125C) should be supported by pfSense 2.6.0 according to the list. I didn’t try it, I went straight to 2.7.0 development snap shot. It worked.
– If you intend to use pfSense Plus, its complicated. I could not find a way to do it without virtualization, other possibly using a USB NIC. The problem is, you must install pfSense 2.6.0, then install your key, select the Upgrade branch, and it will want to install 22.01 which has no support for i226 NICs. You might be able to use a USB NIC to get from 22.01 to 22.05, but it complicates things so I wiped the drive and installed Proxmox.
– In Proxmox, when setting up the VM for pfSense, I followed some instructions that said to use the e1000 virtual NICs. When I used those, I would get huge CPU spikes with network traffic. Using the VirtIO NICs fixed it. I also used Spice for the display (as recommended by pfSense instructions), and “HOST” for processor, also recommended in pfSense instructions.
– Idle CPU utilization is around 1%-2%. That’s with about 40 things attached to the network and streaming YouTube. It spikes to up to 25% running Internet Speedtest on my 1Gbps fiber Internet. I gave the VM 4GB RAM and 3 cores. Its currently using 13% of the RAM.
So my conclusion is, this makes a fine system for a home network router. The N5105 has enough power for my basic needs. We’ll see how it goes when I start adding plug-ins and more VMs.
@Darryl,
Do you have a picture of the shoft fan adapter or the pinout please?
Thanks
I bought one of these based on the STH review, but I bought the bare bones unit. I see that it actually arrived with a riser/expander that offsets the M.2 WiFi slot over to a full M.2 2280 slot that sits between the top M.2 2280 slot and the RAM slots. It appears that I could install my NVME drive in in either location (physically). Do you know if there’s any difference in PCIe lanes available to each slot? Do they both connect directly to the CPU?
Is it intentional that STH often does not prominently link to the actual AliExpress item being reviewed?
The cynic in me wonders if this is done to boost “engagement”:
I have read this article 3x and watched the video twice. I even clicked the hyperlink on the AliExpress screenshot, which cutely brings up a larger version (I’d hoped it linked to the item on AliExpress).
Scooter it is, but perhaps for a different reason, and one that we are changing. I was getting sick of how many folks on the web and YT were plugging VERY bad products (like things that do not work at all) and using affiliate links. Also, many of the folks reviewing mini PCs are getting paid and not disclosing it. We get offers all the time, and the companies mention the folks they are paying, which is how I know this is happening.
My thought was, we are just going to avoid that by not linking. As you rightly noticed, the downside is that then we do not link to the products we review, hence why we are changing that. The 2.5GbE switch review buyer’s guide was the first in that series.
These units are gettignpopbut anyone is having the connection dripping issue the i225 and i226 is having on desktop motherboard or is this fix in these firewall appliances?