laBoratory - The home network laboratory

Photo by Cullan Smith / Unsplash

Running pfsense on HP T730 thin client

Thin Client May 5, 2020

It has arrived! The HP T730 (not so) thin client:

Unpacked HP T730 thin client

Specs of the HP T730 thin client computer

Memory: 8 GB DDR3L-1600 SDRAM (2 x 4 GB)
Internal Storage: 32 GB MLC flash memory
Processor: AMD RX-427BB APU with Radeon™ HD 9000 Graphics (2.7 GHz base frequency, up to 3.6 GHz burst frequency, 4 MB cache, 4 cores)

Inside of HP T730 thin client

Preparing for the firewall duties involved adding a NIC, the weapon of choice was in this case a dual Gigabit port with Intel I82575. The network card supports the following functions:
IPMI pass-through via SMBus or NC-SI
iSCSI boot, WoL, PXE remote boot (diskless boot)
Energy Efficient Ethernet, VLAN filtering
VMDQ Enhances Virtualized Traffic Management
Intel® I/O Acceleration Technology (I/OAT)

Intel I82575 network card

I insisted on the NIC, because it's an important piece of the puzzle. Don't minimize it's importance since all your network traffic will go through it! Before the Intel I82575 card, I had another one based on Intel PRO/1000 PT that died after 24h of use. Read the story here.

Network card installed, hardware setup complete

Working on the HP T730 thin client is a pleasure, since you don't need any tools for the job. It's amazing to see this kind of design in a thin client.

I had previously saved the configuration from pfsense, so I just had to install the new pfsense version then restore all the settings and assign the NICs. A few minutes later the firewall was up and doing it's job perfectly.

Getting close to wire speed!

When I was using the Fujitsu Futro S900 thin client as the pfsense firewall machine, my broadband internet speed was capped at 250 Mbps upload and 280 Mbps on download. The CPU was mounting to 70% usage just when doing the speed tests. I uninstalled all the packages, reinstalled pfsense, got rid of all the firewall rules but could not make it use all of the provided 1Gbit download with 500 Mbps uplink. Still to this day, I have no idea what caused the bottleneck, but I have my reasons to think that the CPU was the culprit. Nevermind now, since the "new" HP T730 was like a race car waiting to be launched from the pole position.

ISP is R=D by SFR

About the result... take it with a grain of salt, since in the COVID period with everybody working from home, the ISPs are throttling the available bandwidth.

Anyway, it doesn't matter how you look at it, it's at least three times better now. And I got QoS queues, some fancy firewalling rules and Suricata on top. Still I can't make it blink in terms of CPU usage. I see now why people are running pfsense from a VM on these machines. For now I'll live it like this, one day maybe, who knows, I will have the time to play with Proxmox or another supervisor.

What I didn't measure for the time being is the power consumption. Since the Futro S900 was consuming 14W of electricity, and the HP T730 comes with a power brick rated at 85W, I'm a little concerned.

One guy found that it idled around 15.8W so it is not as low as a T620 plus, but is still in the acceptable range for the computing power that it offers. And the T620 plus are so hard to find these days...

The funny thing is that I found it listed at $861 on the US HP store :)

If you are interested in buying a similar one, search on eBay

Until next time, take care and be careful about your Internet connexion!

Tags

Radu

Since there's no place like 127.0.0.1, I try my best to keep it up to date and add network services using various (mostly old and cheap) network devices.

Recommended for you