From owner-freebsd-stable@FreeBSD.ORG  Tue Jun 17 14:00:49 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3BA1F3D2
 for <freebsd-stable@freebsd.org>; Tue, 17 Jun 2014 14:00:49 +0000 (UTC)
Received: from mail-oa0-x232.google.com (mail-oa0-x232.google.com
 [IPv6:2607:f8b0:4003:c02::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 03D4522F0
 for <freebsd-stable@freebsd.org>; Tue, 17 Jun 2014 14:00:48 +0000 (UTC)
Received: by mail-oa0-f50.google.com with SMTP id n16so8574718oag.37
 for <freebsd-stable@freebsd.org>; Tue, 17 Jun 2014 07:00:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=9MzG3oJMp65OL2v+DOStKBo4FqaEdPDb+AtA3lUnQoU=;
 b=uxl5aPut4PwxSjcdX7w51+NqzcSdJjoe216yCNakMZ4j52rb6a0i0Rbs1sP2DuPyW4
 LAYxejecPENWPsZUdvY6DET1CqXnWGcltx60vvgnzl9XgZl3WSrxa2SDC3W3evH/E/Xf
 KmIE6LZfSX9GhO19Fih0OAAhZp6Lv0qYgvx3X9REGqmf6ZS8RvICVFxpKlbFFZsYBn//
 dGVEzT7mk0M3TOWj/SvV4wA7JOEhbVS+SULjYAWGJdBJoCrSi6iKTUI3IOA9HTp2jFnW
 E93UB9R0Lcb5pVGLC1o83dZPIOVIZDhwObLMM9ZOU5oUC23EIQkCmQ99tAiI+16OBW3z
 QgXw==
MIME-Version: 1.0
X-Received: by 10.182.47.196 with SMTP id f4mr26714556obn.50.1403013648278;
 Tue, 17 Jun 2014 07:00:48 -0700 (PDT)
Received: by 10.76.170.39 with HTTP; Tue, 17 Jun 2014 07:00:48 -0700 (PDT)
In-Reply-To: <20140617134320.GE61092@behemoth>
References: <20140613121732.GA61092@behemoth>
 <20140615090845.GB42502@server.rulingia.com>
 <D149DFB3-973C-40D8-815F-375A0012AE78@jnielsen.net>
 <20140617134320.GE61092@behemoth>
Date: Tue, 17 Jun 2014 16:00:48 +0200
Message-ID: <CAPS9+Su6R=yQ1Xd47UO5hLs2G9fGAeb9nA=1m03-_YC+n5pA=Q@mail.gmail.com>
Subject: Re: Suggestions for low-power gigE firewall?
From: Andreas Nilsson <andrnils@gmail.com>
To: FreeBSD stable <freebsd-stable@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 14:00:49 -0000

On Tue, Jun 17, 2014 at 3:43 PM, Chris Nehren <
cnehren+freebsd-stable@pobox.com> wrote:

> On Mon, Jun 16, 2014 at 13:51:45 -0600, John Nielsen wrote:
> > On Jun 15, 2014, at 3:08 AM, Peter Jeremy <peter@rulingia.com> wrote:
> >
> > > On 2014-Jun-13 08:17:33 -0400, Chris Nehren <
> cnehren+freebsd-stable@pobox.com> wrote:
> > >> Speaking of Soekris elsethread, I'm presently interested in
> > >> picking up a small device to use as a router + firewall for my
> > >> home network.
> > >
> > > One thing to keep in mind is that 'gigE firewall' is fairly
> meaningless by
> > > itself.  Most of the load is per-packet and GigE could be anywhere
> between
> > > (roughly) 80kpps and 1.5mpps.
> > >
> > > That said, since you mention 'home network', I presume you don't need
> complex
> > > packet manipulation at wire-speed.  Note that whilst the re(4) driver
> doesn't
> > > have the same comments as the rl(4) driver, you will still need
> significantly
> > > more CPU power to get the same thruput from a RTL8111 as (eg) an em.
> >
> > I recently built a low-power FreeBSD box with this board:
> >
> http://www.ecs.com.tw/ECSWebSite/Product/Product_Detail.aspx?DetailID=1499
> >
> > The onboard re(4) NIC needs a patch[1] (present in 10-STABLE but
> > not 10.0-RELEASE) to function properly. Otherwise it's been a smooth
> > ride.
> >
> > It only has one onboard NIC but expansion options include PCI-e
> > (mini and full) and USB 3.0.
> >
> > I have enjoyed using pcengines' Alix boards in the past, but wanted
> > more memory for this application than the new APU boards support.
>
> I'm trying to avoid having to construct a system from parts.
> This board definitely has more potential than anything I've seen
> so far in this research, but at the same time I'd have to play
> parts matching and I'd prefer to stick with Intel if possible.
>
> I'll keep it in mind if I have any future projects, though.
> Thank you!
>
> --
> Chris Nehren
>

As others noted, gigE is rather unspecified. If you want something like
server grade a few of the machines listed at
http://www.supermicro.nl/products/nfo/atom.cfm would be good, and
reasonably low powered. But perhaps more than 400USD, and/or a bit on the
loud side for a home application. They do have an IPMI-port though, which
can come in handy.


As a data point: at work we recently tested forwarding performance of a HP
g7 (with quad core xeon cpu) and intel 10GE card, and maxed out at 650kpps,
which for small packet size is no-where near the wire speed on 1gigE. Just
by loading ipfw module performance dropped noticeably.

Best regards
Andreas