Lanner NCA-1515A Internal Hardware Overview
We have the Lanner NCA-1515A, which has the Intel Atom C3758. The NCA-1515B is the quad-core (C3558) version. We purchased this system as a new sealed unit on the secondary market that was pre-configured and had many features.
First, let us quickly point out that this is not a fanless unit. There is a single Sunon fan, although there are spots for two.
One bummer for many of our readers is that it uses a 5-pin connector, although it is a 4-pin fan so it is not as easy to swap.
Let us move to the CPU and memory. The Intel Atom C3758 we have seen for years. It is really a chip designed for 10GbE firewalls and appliances, so in a 1GbE appliance, it is quite a lot. Perhaps the coolest bit is the memory our systems came configured with. These are two 8GB DDR4-3200 ECC SODIMMs. While the CPU will not run memory that fast, these days, DDR4-3200 is easier to get. The bigger story is that we have ECC support in this little box.
Something else that is just above the Atom C3758 and the two SODIMM slots is a Kingston chip. This is an 8GB eMMC device. Not all OSes like to be installed on eMMC, and one has to consider wear. On the other hand, if you have a simple firewall image and you plan to log elsewhere, then this is plenty.
Below the memory we have a SATA port and a mPCIe slot that is unused here. There is an option that we do not have to add a 2.5″ internal drive bay.
That mPCIe slot is just part of the expansion story. There is another mPCIe slot and two M.2 slots onboard.
Here, we can see the 64GB M.2 SSD, 802.11ac WiFi WLE600VX, and Sierra Wireless AirPrime EM7455 that our system came configured with.
Between the SoC and the rear network ports is the Intel i350 NIC with a little heatsink.
At the top corner of the system, we have a riser card with an ASPEED AST2400 BMC. Some firewall and router appliances will not want to use the BMC because it adds another security surface. If that is your application, then you are stuck with serial console access. Others will want the BMC. We will show that in the management section but it includes features like a HTML5 iKVM and remote management.
Since we have the unit configured, here is a shot of the NCB-1515 motherboard from the manual.
Next, let us get to the block diagram before getting to the management.
It’s a neat board, but the C3758 is just SOOOO slow. Not really sure what I would use this for being that slow.
An N100, despite only being 4 cores, can beat a C3758 in basically every benchmark. For single threaded loads an N100 is like 2.5x faster…
@Jason – You do not need a screaming fast CPU to run a firewall unless you are applying very complicated rule sets and packet transforms.
My own home firewall is based on an Intel N3710 SoC @1.6GHz with only 4 cores and driving 4 GigE ports (3 ports via PCIe switch). So that N3710 SoC would be slower than the C3758 … but charting CPU performance over an extended 1 year period of time reveals that my CPU load is negligible (consistently under 1%) for the amount of firewall rule filtering that I do. Even when the Internet interface is jamming packets as fast (300 Mbps and increasing every year) as it can that little SoC just keeps plugging right along “holding the load” without a complaint.
But then there is always the YMMV disclaimer to consider.
Fair point. a firewall, router, or other network focused device would make sense.
I don’t understand why people think the N100 is better for a router? The C3000 series was made for 10G firewalls and VPN boxes. Even if you’re virtualizing at 1G speeds, it’s more than enough and you can use more physical cores for vCPUs.
Price, availability, idle power usage, peak power usage, availability with 2.5G ethernet… Take your pick?
That Qotom has 2 NVMe, 6 SATA, 5 2.5G, and 4 10G. 64 GB ECC. You can’t do that on N100. C3758-R is NAS and firewall combined.
I’m still unsure what this box is and what’s it for!
@AldiK, I do like the C3000 series (got one SM board), and they are plenty fast for a firewall. But the N100 will beat a C3000 cpu in performance/watt which is why it could have been interesting to see this appliance with an N100/305 CPU.
I guess my point is that I don’t see how this is the “Home Lab Deal of the Year” when it is a device that can really only be used for a firewall (or MAYBE a small router).
For pretty much every other use there are many other devices are a better fit, better performant, and often better price/value.
And maybe a NAS I guess, although I think there are much better fits for that use, too.
@casper but it ONLY wins when you’re talking CPU-only, and not about vCPUs in that. These do virtualization too.
@Jason I’ve got a few of those Qotom’s. You can easily virtualize on them and they’re making great lab systems. This is plenty to make a firewall, vpn endpoint, router, backup wwan appliance, and still have a few other VMs or containers on.
The only thing that bothers me with things like this is what if you use it for real work and start to rely on it? Like I have a remote site I need LTE for, so what if I got this and set it up out there, and then a year later it breaks? It probably won’t be available for sale in a year’s time, so I won’t be able to buy another one and swap it over and keep going. I’ll have to find a different product, reconfigure everything (e.g. udev rules for the different LTE device in the new product) and basically set it up from scratch again, do all the testing to make sure everything works, etc.
It’s for this reason I’ve ended up going with Raspberry Pis and USB LTE adapters, because although they are slower and don’t have as much crammed into the same space, replacing any failed devices is much easier over the long term.
Does anyone know if the Sierra Wireless AirPrime EM7455 in this unit will work with pfSense or OPENSENSE?
I picked up a few of these for testing in my datacenter for a remote access appliance and so far the IPMI experience is pretty bad. You cannot log into the web UI with Firefox at all. Google Chrome works, but the KVM does not work. There is nothing on Lanner’s site for the NCA-1515A in terms of BMC firmware updates and Lanner’s support has been silent on any of my help requests.
The price is right on these for sure but I think you get what you pay for. Not having a working IPMI is kind of a show stopper for my usecase.
A quick follow up. I created a new IPMI admin user and all of my issues with IPMI went away. It is still a pretty buggy BMC firmware but at least I can use the HTML KVM.