The title pretty much sums it up. I just wanted to let whoever needs to know about what I am experiencing & I think this is the correct forum for that.
A little background:
I have had my APU2 for quite some time (2016 I think?), but I never updated the fw/boot loader because I only did superficial checks on the pc engines website & the latest one listed on the APU2 page is a legacy release from 2017 which isnít event on the github page anymore (and I never did that one since I believe the updates were PXE which wasnít of much use to me at the time).
Iíve been doing quite a bit of re-tooling with my home lab/network & will finally be pulling the plug on pfsense. While creating the requirements/architectural outline of what the new network would look like I figured I would dive deeper & see what I could squeeze out of the APU2 & was happy to see that the Speed Boost & ECC matters had been resolved (having never done too much research on the former I figured all 1.4ghz was being used & it was just a typo, but I must have missed where AMD said that 1.4ghz was attained via speed boost). Since my plan includes hardware IDS, network IDS (including both the regular Suricata/snort variety as well as a Bro/Zeek one via TAP) w/ an ELK stack I have been playing a little game of Ďwhat goes whereí based on hardware requirements and software compatibility (eg depending on how the wazuh agent works on opnSense/if it can send down the log data/it can be done manually; then thatís one less portion of a NIDS node that needs to be setup. After that how much headroom is left on the APU2 & where the DNS sinkhole is run would determine what else can be done on the machine & what would be the best method of doing so). Apologies for the tangent, so many things to plan for now, sometimes I just say them to keep them straight in my mind 😥. If I need the tianocore payload Iím really hoping I can find someone who has built it & uploaded the fw since I donít want to spend time with Docker right now...
I put together a bootable usb with tinycore & the v220.127.116.11 Mainline rom. The upgrade seemed to go well & I ended up using the legacy Debian script to have the hardware perform a cold reset (I tried the Linux script on the page as tinycore was booted, but it didnít work... not sure if thatís b/c the latest bios had just been written?). Regardless, the system powered off fully for a few seconds then booted up.
I made the necessary change to the pfsense conf to allow for multiple queues on the NICs (donít have gigabit WAN/performance has never been an issue even via VPN, but figured I would do it while I was mucking about) & added the necessary bits for the OS to properly show the new CPU clock speeds.
After the reboot every time I run the command it shows the CPU set to 1400MHz (even when utilization is just a few percent) and the % split between the C states/clock speeds is 100% for 1400/C1 & 0% for everything else. Unfortunately I never ran the command before doing the bios update so Iím not sure if that was an issue before hand.
I even tried turning off the packages that use the most resources (snort, pfblockerng, ntop, but kept haproxy on as all the backends were off & activity logs showed that unbound was using way more resources than haproxy), but got the same results.
At the moment itís not a big deal, temps are fine & I wonít complain too much about the minor extra power draw if it means the cpu responds to load spikes more quickly (which it seems to be doing) + Iím sure the extra power draw is minimal. ESP since temps are about the same.
Btw - I saw people talking about features for the next board revision (APU5 or 6 or whatever you want to call it). I love that ECC is now enabled, but wish there was more ram to use it with. Use-case would be running ESXi with VMs that donít constantly need a lot of CPU cycles, so you can run them concurrently on a lower end chip, but you do need the ram for it. Iíd like to run a router VM (eg OPNSense) and maybe a NAC or NIDS node at the same time.
The option of an SFP+ port and/or PoE would be awesome.
I got a used Supermicro A1SRI-2758f envisioning it as a beefier/more capable APU2. ~$225 for the board & ~$120 for 32GB ECC ram (all on eBay) & I get 8 cores @2.4GHz, hot o 64 GB of ram, Intel i354/4x i350 NICs (option for 2.5G NICs too I believe). Lots of SATA ports & a full size PCIe 2 slot, but unfortunately only 1.
If I remember correctly I paid about $200 all in for the APU2 w/ a 32GB mSATA drive. This board is coming in at $150 on top of that (& used, but it came out a number of years ago so even new itís only a bit more) & I still need a case, PS & drive if I donít want to go PXE. Itís a good amount more, but Iíd happily pay the extra hundred or 2 for the breathing room it offers as it can do more than 2 APUXs from my POV.
But if I could get some/most(/all?!) of that extra functionality, minus say the IPMI & SATA 2.0 ports?, for an extra $100 +/-X? I would definitely be interested.
Apologies @nrg-systems - for some reason I didn't get an email when you replied.
> I have never had PowerD enabled since the device was plugged in, but I just tried enabling it (put it on High Adaptive for now). Saved the settings and went back in to the shell. Device was still reporting all cycles at C1/1400mhz. I have a few things I need to finish up before I can kill the router, but I will try rebooting the device. And if that doesn't do anything I will try setting it to Minimum, followed by rebooting as well. If none of those options do anything I'll just turn PowerD back up.
Also, I'm not sure if you meant for me to turn PowerD on or off. If you thought I had it on, then no - it has been off (and thus that isn't the issue). If it is the other way around I'll let you know more once I finish the above process, but so far no dice.
@VAMike - I had read a little bit about that and was apprehensive at first, but the device I have either was already RMA'ed and came back or was manufacturered in April 2018 (that's what the sticker on it says). According to Intel the bug can be fixed by the manufacturer via a physical hardware change & via Supermicro stating that all boards sold post mid-ish 2017 already have the fix done to them. So as far as I can tell that shouldn't be an issue? If something does happen I believe there are still a couple years left on the warranty so worst comes to worst I just have to RMA it (and I have a backup router or 2 I can use in a pinch).
I will say the following though - the A1SRI has been the strangest motherboard I've used from Supermicro... It has been the most pedantic in regard to RAM population (not just that only ECC can be used, but the fact that you can encounter a number of different POST code errors on boot if something is up with the RAM config) & there have been a few other things that have resulted in some weird POST code stalls (I think one of them was PXE related as I had the NIC connected directly to an ESXi host as a 'SAN' and one of them may have been setup to boot via PXE. Don't remember the specifics, but I haven't experiecned it since. It was F2 which is a weird one). The issues were primarily before I had a chance to update the BIOS/RedFish, though.
Anyway, even if the hardware fix isn't fully effective and I only get to use the board for a few years (plus whatever life I get out of it after the warranty is over) I still think it was a pretty good deal. Would have gotten me down the road long enough until some newer hardware comes down in price. ITX 1U cases are annoyingly exepensive for the most part, but I was lucky enough to get one for ~$40. And I went with a regular PS that was at least bronze 80 rated (don't remember the rating, either way another $60 spent) which I ended up not even needing. Once I thought about it there is a Molex power out on the board & you can get 12V DC PS that have a periferal power out of their own & that would be enough for the 2 drives the case I have can fit... Could have spent the extra $40-50 saved on a 12V UPS so that it has it's own backup & I get the option to be able to place the machine elsewhere if I want.
Anyway, thanks for the help so far guys! I'll post back soon with the results of the PowerD changes (unless, as I mentioned, the suggestions was to turn PowerD off entirely in which case you guys already know the answer). I'm making the switch to OPNsense most likely - already have it setup on as a VM on the A1SRI board so that I can config everything before hand, save that backup, then install OPNsense on the APU & update from the backup file to minimize downtime. So who knows, maybe the update to OPNsense will handle the issue (something about my pfsense install is wonky. maybe all the years of setup changes finally catching up...)
Also just got 2 Intel X540-T2 cards in the mail (bought them from some guy in Maryland for $47/each! He has 6 & I snagged the last 2) so I'll be spending some time adding those to A1SRI plus one of my other servers. This is relevant since it is going to result in me really needing to get a proper 10G switch AND making more interested in any future APU products to have 10G functionality (or maybe what the new kids are calling Nbase-T Ethernet or a proper PCIe jack as an alternative). I know my internet won't be fast enough for anything over a gigabit, but depending on how I finish setting up my network if I want to be able to pass data across VLANs I believe communicating with the Router will be necessary (I have UniFi switches & APs which I believe don't have the ability to actually route VLANs, so it would be up to the rules in the router to handle this. Not sure if any VLAN tag routing info is saved on the switches themselves, like how they save MAC addresses & can do regular switching w/out the router, but assuming they don't & I have a >1G client on a non-SAN VLAN that is authorized to make requests from the SAN VLAN that also has either 10G or Nbase-T-Ethernet then the router would probably become the bottleneck).