From owner-freebsd-stable@FreeBSD.ORG Tue Jun 17 13:43:33 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 71B07677 for ; Tue, 17 Jun 2014 13:43:33 +0000 (UTC) Received: from smtp.pobox.com (smtp.pobox.com [208.72.237.35]) by mx1.freebsd.org (Postfix) with ESMTP id 2D57C2121 for ; Tue, 17 Jun 2014 13:43:32 +0000 (UTC) Received: from smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp0.pobox.com (Postfix) with ESMTP id DA5671BB63 for ; Tue, 17 Jun 2014 09:43:23 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=IJBHavvmwWBiv6PNlfaFA5ekEJg=; b=QLaET8m Gp5HWgvQZ/pjQDdVtf53wuPS/URiUTXiasNXSzpwh9R3aJ7+wB064/JYPzIg7lj7 9lc8HhUmG9UODfUEFjpDejY4nS++ElmW1uTE6ykT2aRxwV04emjZdhcsHlHV/ucx ufSh/NgSbnWjpIz0DGLh4/cid9QRQ7UbdKEg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=ZghPIWNYJwkL7/H7S0I27HuT9MA4qGhNb CdzbESMfVVFLrAB/ss+wmg3A/J1nuBM7x5sT9MUtseyGDP/soBFtJlH80VW5I3XD Ox7ufjIoJ/QRY/nzbVkzp0dm8ESvapWvM6Xi1As9OEBAe9GzvuTXkOY0W72inH0p meHER+l35Q= Received: from pb-smtp0.int.icgroup.com (unknown [127.0.0.1]) by pb-smtp0.pobox.com (Postfix) with ESMTP id CED2F1BB62 for ; Tue, 17 Jun 2014 09:43:23 -0400 (EDT) Received: from localhost (unknown [50.90.2.70]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pb-smtp0.pobox.com (Postfix) with ESMTPSA id B47CD1BB54 for ; Tue, 17 Jun 2014 09:43:19 -0400 (EDT) Date: Tue, 17 Jun 2014 09:43:20 -0400 From: Chris Nehren To: FreeBSD stable Subject: Re: Suggestions for low-power gigE firewall? Message-ID: <20140617134320.GE61092@behemoth> Mail-Followup-To: FreeBSD stable References: <20140613121732.GA61092@behemoth> <20140615090845.GB42502@server.rulingia.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k3qmt+ucFURmlhDS" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Pobox-Relay-ID: 57BCEA8C-F625-11E3-B89A-9903E9FBB39C-49531120!pb-smtp0.pobox.com X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jun 2014 13:43:33 -0000 --k3qmt+ucFURmlhDS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 16, 2014 at 13:51:45 -0600, John Nielsen wrote: > On Jun 15, 2014, at 3:08 AM, Peter Jeremy wrote: >=20 > > On 2014-Jun-13 08:17:33 -0400, Chris Nehren wrote: > >> Speaking of Soekris elsethread, I'm presently interested in > >> picking up a small device to use as a router + firewall for my > >> home network. > >=20 > > One thing to keep in mind is that 'gigE firewall' is fairly meaningless= by > > itself. Most of the load is per-packet and GigE could be anywhere betw= een > > (roughly) 80kpps and 1.5mpps. > >=20 > > That said, since you mention 'home network', I presume you don't need c= omplex > > packet manipulation at wire-speed. Note that whilst the re(4) driver d= oesn't > > have the same comments as the rl(4) driver, you will still need signifi= cantly > > more CPU power to get the same thruput from a RTL8111 as (eg) an em. >=20 > I recently built a low-power FreeBSD box with this board: > http://www.ecs.com.tw/ECSWebSite/Product/Product_Detail.aspx?DetailID=3D1= 499 >=20 > The onboard re(4) NIC needs a patch[1] (present in 10-STABLE but > not 10.0-RELEASE) to function properly. Otherwise it's been a smooth > ride. >=20 > It only has one onboard NIC but expansion options include PCI-e > (mini and full) and USB 3.0. >=20 > I have enjoyed using pcengines' Alix boards in the past, but wanted > more memory for this application than the new APU boards support. I'm trying to avoid having to construct a system from parts. This board definitely has more potential than anything I've seen so far in this research, but at the same time I'd have to play parts matching and I'd prefer to stick with Intel if possible. I'll keep it in mind if I have any future projects, though. Thank you! --=20 Chris Nehren --k3qmt+ucFURmlhDS Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJbBAABAgBFBQJToEX4PhSAAAAAABUAIHBrYS1hZGRyZXNzQGdudXBnLm9yZ2Nu ZWhyZW4rZnJlZWJzZC1zdGFibGVAcG9ib3guY29tAAoJEBHA+GJAM0vP7XgQAIrF I3r+ukHRtkJsufHkN5ePOb6ewZLAye69YB3X21PXf8U+bRFWCeHzKwETT4+leTLL tMFUL9LOs3R0rBZQcuNKjyMKCwhZsOQY8feALKrhg4UwLJH7r0Nx0fQsj6IWfWQB M8xQIF9+69wPCZVzsyDD2/k5w8oFrm4Pb5Jdb1Jk20Ymu7Tzew5TMhSh62DQOO+o ICGmUQIqX5HExIA1ARR1sB+BAi1nKgI5pQPoqi1/7lnJuc6rxFrKe7d6CBPaE5Ex Xs7sDPq2xL7KAPsj4LZZMcWaiEm1d76HgnO60z+FCSG2T2h5uLqaw9UGZ0e9PuvR cA3VlSokQpg+gJ3HGyZIIE5dwL0ELD78SFmhtzPMcSFpic3lceMn1qghHiN3tCzC X4xPUCQ8rlNo3fXJ/f1YhM3Tye12QReXH6i0A+oXmsPgmhV58kjVUGBBInEwA4M7 LrSWUXQmn5LPt9XIiKwzv5Q4MCxEnkZgLyWayZfkM6LOshuRa60r7jJmCbrQzUTL mAMtkg6lsy4p1Xhr6vT9GiTdN5PcTdpS57LpoTUN0uPIPUxJVFQpOM9I7bBcq7h6 cPjMWpXia/+4FPxE1MK22WnUgchon/yrgVIl9hZwbzWXvB5rtEqbukk2llAquCsA qPOT73SwMoHRFpnvcjhlwJlLa7BnjUYItQzkwbmv =R1XW -----END PGP SIGNATURE----- --k3qmt+ucFURmlhDS--