Supermicro SuperServer E302-9D Review: A Fanless 10G pfSense Powerhouse
by Ganesh T S on July 28, 2020 3:00 PM EST- Posted in
- Networking
- Intel
- Supermicro
- 10GBase-T
- Xeon-D
- SFP+
- 10GbE
- ASpeed
- Skylake-D
Packet Processing Benchmarks with pkt-gen
The pkt-gen benchmarks were processed using the Conductor python package infrastructure in a similar manner to the iPerf3 benchmarks presented in the previous section. Commands are executed on the source, sink, and DUT using the Conductor python package described in the testing methodology section. The setup steps on the DUT for each mode were described in a previous section. Only the source and sink [Run] phases are described here.
On the sink side, receivers are spawned for the two interfaces serially first. Simultaneous execution is then performed after the required wait time in order to monitor both interfaces. The spawn and timeout refer to keywords specified by the Conductor package.
spawn0:sh pkt.gen.recv.sh 1 ix0 [tested-mode]-pg-rx-1c.0.txt
timeout200:sleep 185
step1:killall pkt-gen
spawn1:sh pkt.gen.recv.sh 3 ix2 [tested-mode]-pg-rx-1c.1.txt
timeout201:sleep 185
step2:killall pkt-gen
timeout30:sleep 30
spawn2:sh pkt.gen.recv.sh 1 ix0 [tested-mode]-pg-rx-2c.0.txt
spawn3:sh pkt.gen.recv.sh 3 ix2 [tested-mode]-pg-rx-2c.1.txt
timeout202:sleep 185
step3:killall pkt-gen
The pkt.gen.recv.sh script handles the reception of the packets sent via the firewall on the appropriate interface and dumps out the statistics to the specified file.
On the source side, the first link is evaluated for 30s with each packet size, followed by the second link. In the third iteration, the tests are spawned off for both links simultaneously.
spawn0:sh pkt.gen.sweep.sh ixl2 172.16.0.2:53 172.16.10.2:53 [ixl2 mac] 1 [tested-mode]-pg-tx-1c.0.txt
timeout200:sleep 185
step1:killall pkt-gen
spawn1:sh pkt.gen.sweep.sh ixl3 172.16.1.2:53 172.16.11.2:53 [ixl3 mac] 3 [tested-mode]-pg-tx-1c.1.txt
timeout201:sleep 185
step2:killall pkt-gen
timeout30:sleep 30
spawn2:sh pkt.gen.sweep.sh ixl2 172.16.0.2:53 172.16.10.2:53 [ixl2 mac] 1 [tested-mode]-pg-tx-2c.0.txt
spawn3:sh pkt.gen.sweep.sh ixl3 172.16.1.2:53 172.16.11.2:53 [ixl3 mac] 3 [tested-mode]-pg-tx-2c.1.txt
timeout202:sleep 185
step3:killall pkt-gen
Here, the pkt.gen.sweep.sh script resident in the source's file system is a wrapper for calling pkt-gen multiple times with varying packet sizes in series. The appropriate CPU core allocation and output file specifications are also passed on to this shell script.
Two sets of metrics - the packet rate and the bandwidth - are gleaned from the log files and graphed below. Note that the bandwidth numbers reported by pkt-gen sometimes exceeds the line-rate - particularly when it misses a couple of samples in the previous timestamps. Despite that obvious discrepancy, we get an idea of the average bandwidth and packet rates for each packet size, as the source tries to saturate the links.
| pkt-gen Benchmark (Packet Rates in Kpps) | |||
The pfSense installation running on the E302-9D seems to have a best-case packt forwarding rate of 0.6 Mpps per interface, and this goes down to around 0.35 Mpps in the worst case with a large number of rules and NAT being enabled.
| pkt-gen Benchmark (Bandwidth in Mbps) | |||
On the bandwidth front, we see a best-case throughput of around 6.5 Gbps. This goes down as packet processing steps start getting enabled, as shown in the above graphs.
Facebook
Twitter
RSS
34 Comments
View All Comments
GreenReaper - Tuesday, July 28, 2020 - link
The D-1541 only gets ~160% of the performance, that is - under ideal conditions. In practice we tend to average one to two core usage; and scaling for DB operations falls off after four, so the D-1521 may have been the faster CPU for us. (It also meant it was cheaper, yet came with NVMe SSD.)herozeros - Saturday, August 1, 2020 - link
Had no idea on the price jump on SoC with quickassist, question answered thoroughly, cheers!TrevorH - Tuesday, July 28, 2020 - link
I notice that it does have an HTML5 remote console so it's not locked to java for that.GreenReaper - Tuesday, July 28, 2020 - link
I'd love one of these under my desk to go with my HP MicroServer Gen8. Can't justify it, of course, but maybe in a few years they'll end up available at clearance prices or on the second-hand market.Foeketijn - Wednesday, July 29, 2020 - link
I am hoping for a ryzen gen 11. So far I've skipped the gen 10.Microserver without IPMI/iLo. Thats just silly.
Spunjji - Wednesday, July 29, 2020 - link
+1 on that. Don't even care if it's Zen 1 or Zen+ for cost reasons - seems like the perfect fit.Raven Ridge would also be a solid option.
hrana - Tuesday, July 28, 2020 - link
Great review but I need some context with your testing methodology. How do the 8C, 12C, and 16C variants perform? If I want a 10G router for everything except IPsec, what do I need today in terms of hardware today for pfsense? Some say pf has its own limitations such that throwing hardware at it is not successful. It would be good if your team could help us better understand using the above methodology.Bp_968 - Tuesday, July 28, 2020 - link
I wasn't terribly impressed with PFsense. It was blocking my own website (hosted on godaddy at the time and running WordPress) and was blocking it without any explanation or reasonable way to stop blocking it. I dropped by the forums and tried to get some help and instead got 3 pages of tinfoil hat paranoia about how I was probably a russian hacker trying to take over their machines through the forum. This is the offical pfsense forum btw... one guy finally decided I wasn't smart enough to be a russian hacker and then more or less threw his hands up saying sometimes it doesnt like certain types of traffic/websites/etc but hopefully it will get fixed in the future.It finally was fixed, by a Ubiquiti edgerouter.
ruthan - Wednesday, July 29, 2020 - link
Can someone explain me, why to paid $1500 for overprice network switch with just 2 x 10 Gb/s ports? What is wrong with classic networking hardware - standalone boxes?PeachNCream - Wednesday, July 29, 2020 - link
There's flexibility to do more with this system than merely act as a network switch since its running general purpose hardware. Is that worth $1500 if all you need is a switch? Of course not - go buy a switch and save some money.