Thanks, interesting review! Might be (partially) my ignorance of the design process, but wouldn't it be better from a thermal perspective to use the case, especially the top part of the housing directly as heat sink? The current setup transfers the heat to the inside space of the unit and then relies on passive con vection or radiation to dispose of the heat. Not surprised that it gets really toasty in there.
From a thermal standpoint yes - if everything is assembled perfectly. With that design though, you'd need to screw attach the heat sink to the CPU via screws from below, and remove/reattach it from the CPU every time you open the case up. This setup allows the heatsink to be semi-permanently attached to the CPU like in a conventional install.
You're also mistaken about it relying on passive heat transfer, the top of the case has some large thermal pads that will make contact with the tops of the heat sinks. (They're the white stuff on the inside of the lid in the first gallery photo; made slightly confusing by the lid being rotated 180 from the mobo.) Because of the larger contact area and lower peak heat concentration levels thermal pads are much less finicy about being pulled apart and slapped together than the TIM between a chip and the heatsink base.
Lower power designs do that quite often. The MoBo is flipped so it faces down, the CPU is on the back side of the MoBo (top side of the system) covered by a thick, finned panel to serve as passive radiator. They probably wanted to save on designing a MoBo with the CPU on the other side.
Appreciate the comment on the rotated case; those thermal pads looked oddly out of place. But, as Lindegren's comment pointed out, having the CPU on the opposite site of this, after all, custom MB, one could have the main heat source (SoC/CPU) facing "up", and all others facing "down". For maybe irrational reasons, I just don't like VRMs, SSDs and similar getting so toasty in an always-on piece of networking equipment.
I think you got tricked by the use of a shot of the motherboard with a standard server heatsink. Look at the teardown shots; this version of the motherboard is paired with a passive heat transfer block with heat pipes which connects directly to the top chassis. No convection involved inside of the chassis. Should be reasonably efficient, though of course the top of the chassis doesn't have that many or that large fins. A layer of heat pipes running across it on the inside would probably have helped.
Neat review! I was hoping you could offer an opinion on why they elected to not include a SKU without quickassist? So many great router scenarios with some juicy 10G ports, but bottlenecks if you’re trafficing in resource intensive IPSec connections, no? Thanks!
It's also the only one with just four cores. Thanks to this it's the only one that hits a 60W TDP. Bear in mind internals are already pushing 90C, in what is presumably a reasonably cool location.
The closest (at 235% the cost) is the 8-core D-2145NT (65W, 1.9Ghz base, 2.5Ghz all-core turbo). Sure, it *could* do more processing, but for most use-cases it won't be better and may be worse. To be sure it wasn't slower, you'd want to step up to D-2146NT; but now it's 80W (and 301% the cost). And the memory is *still* slower in that case (2133 vs 2400). Basically you're looking at rack-mount, or at the very least some kind of active cooling solution - or something that's not running on Intel.
Power is a big deal here. I use a quad-core D-1521 as a CPU for a relatively large DB-driven site, and it hits ~40W of its 45W TDP. For that you get 2.7Ghz all-core, although it's theoretically 2.4-2.7Ghz. The D-1541 with twice the cores only gets ~60% of the performance, because it's _actually_ limited by power. So I don't doubt TDP scaling indicates a real difference in usage.
A lower CPU price also gives SuperMicro significant latitude for profit - or for a big bulk discount.
The D-1541 only gets ~160% of the performance, that is - under ideal conditions. In practice we tend to average one to two core usage; and scaling for DB operations falls off after four, so the D-1521 may have been the faster CPU for us. (It also meant it was cheaper, yet came with NVMe SSD.)
I'd love one of these under my desk to go with my HP MicroServer Gen8. Can't justify it, of course, but maybe in a few years they'll end up available at clearance prices or on the second-hand market.
Great review but I need some context with your testing methodology. How do the 8C, 12C, and 16C variants perform? If I want a 10G router for everything except IPsec, what do I need today in terms of hardware today for pfsense? Some say pf has its own limitations such that throwing hardware at it is not successful. It would be good if your team could help us better understand using the above methodology.
I wasn't terribly impressed with PFsense. It was blocking my own website (hosted on godaddy at the time and running WordPress) and was blocking it without any explanation or reasonable way to stop blocking it. I dropped by the forums and tried to get some help and instead got 3 pages of tinfoil hat paranoia about how I was probably a russian hacker trying to take over their machines through the forum. This is the offical pfsense forum btw... one guy finally decided I wasn't smart enough to be a russian hacker and then more or less threw his hands up saying sometimes it doesnt like certain types of traffic/websites/etc but hopefully it will get fixed in the future.
Can someone explain me, why to paid $1500 for overprice network switch with just 2 x 10 Gb/s ports? What is wrong with classic networking hardware - standalone boxes?
There's flexibility to do more with this system than merely act as a network switch since its running general purpose hardware. Is that worth $1500 if all you need is a switch? Of course not - go buy a switch and save some money.
Since I use both pfSense as a firewall and a D-1541 Xeon machine (but not for the firewall) and I share the dream of systems that are practically silent, I feel compelled to add some thoughts:
I started using pfSense on a passive J1900 Atom board which had dual Gbit on-board and cost less than €100. That worked pretty well until my broadband exceeded 200Mbit/s, mostly because it wasn’t just a firewall, but also added Suricata traffic inspection (tried Snort, too, very similar results).
And that’s what’s wrong with this article: 10Gbit Xeon-Ds are great when all you do is push packet, but don’t look at them. They are even greater when you terminate SSL connections on them with the QuickAssist variants. They are great when they work together with their bigger CPU brothers, who will then crunch on the logic of the data.
In the home-appliance context that you allude to, you won’t have ten types of machines to optimally distribute that work. QuickAssist won’t deliver benefits while the CPU will run out of steam far before even a Gbit connection is saturated when you use it just for the front end of the DMZ (firewall/SSL termination/VPN/deep inspection/load-balancing-failover).
Put proxies, caches or even application servers on them as well, even a single 10Gbit interface may be a total waste.
I had to resort to an i7-7700T which seems a bit quicker than the D-2123IT at only 35Watts TDP (and much cheaper) to sustain 500Mbit/s download bandwidth with the best gratis Suricata rule set. Judging by CPU load observations it will just about manage the Gbit loads its ports can handle, pretty sure that 2.5/5/10 Gbit will just throttle on inspection load, like the J1900 did at 200Mbit/s.
I use a D-1541 as an additional compute node in an oVirt 3 node HCI gluster with 3x 2.5Gbit J5005 storage nodes. I can probably go to 6x 2.5Gbit before its 10Gbit NIC becomes a bottleneck.
The D-1541’s benefit there is lots of RAM and cores, while it’s practically silent with 45 Watts TDP and none of the applications on it require vast amounts of CPU power.
I am waiting for an 8-core AMD 4000 Pro 35 Watt TDP APU to come as Mini-ITX capable of handling 64 or 128GB of ECC-RAM to replace the Xeon D-1541 and bring the price for such a mini server below that of a laptop with the same ingredients.
With an HBA (were it possible, hence my question), the 10Gbps serves a possible use (storage). Pushing and inspection exceeds x86 limits now. See TNSR for real x86 limits (wighout inspection).
That would seem apply to the chassis, not to the mainboard or SoC. There is nothing to prevent it from working per se.
I am pretty sure you can add a 16-port SAS HBA or even NVMeOF card and plenty of external storage, if thermals and power fit. A Mellanox 100Gbit card should be fine electrically, logically etc, even if there is nothing behind to sustain that throughput.
I've had an Nvidia GTX1070 GPU in the SuperMicro Mini-ITX D-1541 for a while, no problem at all, functionally, even if games still seem to prefer Hertz over cores. Actually GPU accellerated machine learning inference was the original use case of that box.
As pointed out, the D2123IT has no QAT, so a QAT accelerator would take up an available PCIe slot. It could push 10G packets then, but not save them or think (AI) on them.
I can't currently understand why there is any interest in anything other than AMD. Might be some niche SMP 4-8P needs, but the pure core and IO of AMD puts Intel to rest. With Intel unable to get to 7nm, I hope AMD gets a fare share.
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
34 Comments
Back to Article
eastcoast_pete - Tuesday, July 28, 2020 - link
Thanks, interesting review! Might be (partially) my ignorance of the design process, but wouldn't it be better from a thermal perspective to use the case, especially the top part of the housing directly as heat sink? The current setup transfers the heat to the inside space of the unit and then relies on passive convection or radiation to dispose of the heat. Not surprised that it gets really toasty in there.
DanNeely - Tuesday, July 28, 2020 - link
From a thermal standpoint yes - if everything is assembled perfectly. With that design though, you'd need to screw attach the heat sink to the CPU via screws from below, and remove/reattach it from the CPU every time you open the case up. This setup allows the heatsink to be semi-permanently attached to the CPU like in a conventional install.You're also mistaken about it relying on passive heat transfer, the top of the case has some large thermal pads that will make contact with the tops of the heat sinks. (They're the white stuff on the inside of the lid in the first gallery photo; made slightly confusing by the lid being rotated 180 from the mobo.) Because of the larger contact area and lower peak heat concentration levels thermal pads are much less finicy about being pulled apart and slapped together than the TIM between a chip and the heatsink base.
Lindegren - Tuesday, July 28, 2020 - link
Could be Solved by having the CPU on the opposite side og the boardclose - Wednesday, July 29, 2020 - link
Lower power designs do that quite often. The MoBo is flipped so it faces down, the CPU is on the back side of the MoBo (top side of the system) covered by a thick, finned panel to serve as passive radiator. They probably wanted to save on designing a MoBo with the CPU on the other side.eastcoast_pete - Tuesday, July 28, 2020 - link
Appreciate the comment on the rotated case; those thermal pads looked oddly out of place. But, as Lindegren's comment pointed out, having the CPU on the opposite site of this, after all, custom MB, one could have the main heat source (SoC/CPU) facing "up", and all others facing "down".For maybe irrational reasons, I just don't like VRMs, SSDs and similar getting so toasty in an always-on piece of networking equipment.
YB1064 - Wednesday, July 29, 2020 - link
Crazy expensive price!Valantar - Wednesday, July 29, 2020 - link
I think you got tricked by the use of a shot of the motherboard with a standard server heatsink. Look at the teardown shots; this version of the motherboard is paired with a passive heat transfer block with heat pipes which connects directly to the top chassis. No convection involved inside of the chassis. Should be reasonably efficient, though of course the top of the chassis doesn't have that many or that large fins. A layer of heat pipes running across it on the inside would probably have helped.herozeros - Tuesday, July 28, 2020 - link
Neat review! I was hoping you could offer an opinion on why they elected to not include a SKU without quickassist? So many great router scenarios with some juicy 10G ports, but bottlenecks if you’re trafficing in resource intensive IPSec connections, no? Thanks!herozeros - Tuesday, July 28, 2020 - link
Me English are bad, should read “a SKU without Quickassist”GreenReaper - Tuesday, July 28, 2020 - link
The MSRP of the D-2123IT is $213. All D-2100 CPUs with QAT are >$500:https://www.servethehome.com/intel-xeon-d-2100-ser...
https://ark.intel.com/content/www/us/en/ark/produc...
And the cheapest of those has a lower all-core turbo, which might bite for consistency.
It's also the only one with just four cores. Thanks to this it's the only one that hits a 60W TDP.
Bear in mind internals are already pushing 90C, in what is presumably a reasonably cool location.
The closest (at 235% the cost) is the 8-core D-2145NT (65W, 1.9Ghz base, 2.5Ghz all-core turbo).
Sure, it *could* do more processing, but for most use-cases it won't be better and may be worse. To be sure it wasn't slower, you'd want to step up to D-2146NT; but now it's 80W (and 301% the cost). And the memory is *still* slower in that case (2133 vs 2400). Basically you're looking at rack-mount, or at the very least some kind of active cooling solution - or something that's not running on Intel.
Power is a big deal here. I use a quad-core D-1521 as a CPU for a relatively large DB-driven site, and it hits ~40W of its 45W TDP. For that you get 2.7Ghz all-core, although it's theoretically 2.4-2.7Ghz. The D-1541 with twice the cores only gets ~60% of the performance, because it's _actually_ limited by power. So I don't doubt TDP scaling indicates a real difference in usage.
A lower CPU price also gives SuperMicro significant latitude for profit - or for a big bulk discount.
GreenReaper - Tuesday, July 28, 2020 - link
The D-1541 only gets ~160% of the performance, that is - under ideal conditions. In practice we tend to average one to two core usage; and scaling for DB operations falls off after four, so the D-1521 may have been the faster CPU for us. (It also meant it was cheaper, yet came with NVMe SSD.)herozeros - Saturday, August 1, 2020 - link
Had no idea on the price jump on SoC with quickassist, question answered thoroughly, cheers!TrevorH - Tuesday, July 28, 2020 - link
I notice that it does have an HTML5 remote console so it's not locked to java for that.GreenReaper - Tuesday, July 28, 2020 - link
I'd love one of these under my desk to go with my HP MicroServer Gen8. Can't justify it, of course, but maybe in a few years they'll end up available at clearance prices or on the second-hand market.Foeketijn - Wednesday, July 29, 2020 - link
I am hoping for a ryzen gen 11. So far I've skipped the gen 10.Microserver without IPMI/iLo. Thats just silly.
Spunjji - Wednesday, July 29, 2020 - link
+1 on that. Don't even care if it's Zen 1 or Zen+ for cost reasons - seems like the perfect fit.Raven Ridge would also be a solid option.
hrana - Tuesday, July 28, 2020 - link
Great review but I need some context with your testing methodology. How do the 8C, 12C, and 16C variants perform? If I want a 10G router for everything except IPsec, what do I need today in terms of hardware today for pfsense? Some say pf has its own limitations such that throwing hardware at it is not successful. It would be good if your team could help us better understand using the above methodology.Bp_968 - Tuesday, July 28, 2020 - link
I wasn't terribly impressed with PFsense. It was blocking my own website (hosted on godaddy at the time and running WordPress) and was blocking it without any explanation or reasonable way to stop blocking it. I dropped by the forums and tried to get some help and instead got 3 pages of tinfoil hat paranoia about how I was probably a russian hacker trying to take over their machines through the forum. This is the offical pfsense forum btw... one guy finally decided I wasn't smart enough to be a russian hacker and then more or less threw his hands up saying sometimes it doesnt like certain types of traffic/websites/etc but hopefully it will get fixed in the future.It finally was fixed, by a Ubiquiti edgerouter.
ruthan - Wednesday, July 29, 2020 - link
Can someone explain me, why to paid $1500 for overprice network switch with just 2 x 10 Gb/s ports? What is wrong with classic networking hardware - standalone boxes?PeachNCream - Wednesday, July 29, 2020 - link
There's flexibility to do more with this system than merely act as a network switch since its running general purpose hardware. Is that worth $1500 if all you need is a switch? Of course not - go buy a switch and save some money.Jorgp2 - Thursday, July 30, 2020 - link
Maybe you should learn the difference between a switch and a router first.newyork10023 - Thursday, July 30, 2020 - link
Why do you people have to troll everywhere you go?Gonemad - Wednesday, July 29, 2020 - link
Oh boy. I once got Wi-Fi "AC" 5GHz, 5Gbps, and 5G mobile networks mixed once by my mother. It took a while to explain those to her.Don't use 10G to mean 10 Gbps, please! HAHAHA.
timecop1818 - Wednesday, July 29, 2020 - link
Fortunately, when Ethernet says 10Gbps, that's what it means.imaheadcase - Wednesday, July 29, 2020 - link
Put the name Supermicro on it and you know its not for consumers.newyork10023 - Wednesday, July 29, 2020 - link
The Supermicro manual states that a PCIe card installed is limited to networking (and will require a fan installed). An HBA card can't be installed?abufrejoval - Wednesday, July 29, 2020 - link
Since I use both pfSense as a firewall and a D-1541 Xeon machine (but not for the firewall) and I share the dream of systems that are practically silent, I feel compelled to add some thoughts:I started using pfSense on a passive J1900 Atom board which had dual Gbit on-board and cost less than €100. That worked pretty well until my broadband exceeded 200Mbit/s, mostly because it wasn’t just a firewall, but also added Suricata traffic inspection (tried Snort, too, very similar results).
And that’s what’s wrong with this article: 10Gbit Xeon-Ds are great when all you do is push packet, but don’t look at them. They are even greater when you terminate SSL connections on them with the QuickAssist variants. They are great when they work together with their bigger CPU brothers, who will then crunch on the logic of the data.
In the home-appliance context that you allude to, you won’t have ten types of machines to optimally distribute that work. QuickAssist won’t deliver benefits while the CPU will run out of steam far before even a Gbit connection is saturated when you use it just for the front end of the DMZ (firewall/SSL termination/VPN/deep inspection/load-balancing-failover).
Put proxies, caches or even application servers on them as well, even a single 10Gbit interface may be a total waste.
I had to resort to an i7-7700T which seems a bit quicker than the D-2123IT at only 35Watts TDP (and much cheaper) to sustain 500Mbit/s download bandwidth with the best gratis Suricata rule set. Judging by CPU load observations it will just about manage the Gbit loads its ports can handle, pretty sure that 2.5/5/10 Gbit will just throttle on inspection load, like the J1900 did at 200Mbit/s.
I use a D-1541 as an additional compute node in an oVirt 3 node HCI gluster with 3x 2.5Gbit J5005 storage nodes. I can probably go to 6x 2.5Gbit before its 10Gbit NIC becomes a bottleneck.
The D-1541’s benefit there is lots of RAM and cores, while it’s practically silent with 45 Watts TDP and none of the applications on it require vast amounts of CPU power.
I am waiting for an 8-core AMD 4000 Pro 35 Watt TDP APU to come as Mini-ITX capable of handling 64 or 128GB of ECC-RAM to replace the Xeon D-1541 and bring the price for such a mini server below that of a laptop with the same ingredients.
newyork10023 - Wednesday, July 29, 2020 - link
With an HBA (were it possible, hence my question), the 10Gbps serves a possible use (storage). Pushing and inspection exceeds x86 limits now. See TNSR for real x86 limits (wighout inspection).abufrejoval - Wednesday, July 29, 2020 - link
That would seem apply to the chassis, not to the mainboard or SoC.There is nothing to prevent it from working per se.
I am pretty sure you can add a 16-port SAS HBA or even NVMeOF card and plenty of external storage, if thermals and power fit. A Mellanox 100Gbit card should be fine electrically, logically etc, even if there is nothing behind to sustain that throughput.
I've had an Nvidia GTX1070 GPU in the SuperMicro Mini-ITX D-1541 for a while, no problem at all, functionally, even if games still seem to prefer Hertz over cores. Actually GPU accellerated machine learning inference was the original use case of that box.
newyork10023 - Wednesday, July 29, 2020 - link
As pointed out, the D2123IT has no QAT, so a QAT accelerator would take up an available PCIe slot. It could push 10G packets then, but not save them or think (AI) on them.newyork10023 - Wednesday, July 29, 2020 - link
I can't currently understand why there is any interest in anything other than AMD. Might be some niche SMP 4-8P needs, but the pure core and IO of AMD puts Intel to rest. With Intel unable to get to 7nm, I hope AMD gets a fare share.Jorgp2 - Thursday, July 30, 2020 - link
Why do you people have to shill everywhere you go?newyork10023 - Thursday, July 30, 2020 - link
Because we have no vested interest (in Intel) and talk honestly and openly?Jorgp2 - Thursday, July 30, 2020 - link
Sure it's because you don't know what you're going on about, and are just repeating the circlejerk?