Date: Tue, 17 Jun 2014 16:00:48 +0200 From: Andreas Nilsson <andrnils@gmail.com> To: FreeBSD stable <freebsd-stable@freebsd.org> Subject: Re: Suggestions for low-power gigE firewall? Message-ID: <CAPS9%2BSu6R=yQ1Xd47UO5hLs2G9fGAeb9nA=1m03-_YC%2Bn5pA=Q@mail.gmail.com> In-Reply-To: <20140617134320.GE61092@behemoth> References: <20140613121732.GA61092@behemoth> <20140615090845.GB42502@server.rulingia.com> <D149DFB3-973C-40D8-815F-375A0012AE78@jnielsen.net> <20140617134320.GE61092@behemoth>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 17, 2014 at 3:43 PM, Chris Nehren < cnehren+freebsd-stable@pobox.com> wrote: > On Mon, Jun 16, 2014 at 13:51:45 -0600, John Nielsen wrote: > > On Jun 15, 2014, at 3:08 AM, Peter Jeremy <peter@rulingia.com> wrote: > > > > > On 2014-Jun-13 08:17:33 -0400, Chris Nehren < > cnehren+freebsd-stable@pobox.com> wrote: > > >> Speaking of Soekris elsethread, I'm presently interested in > > >> picking up a small device to use as a router + firewall for my > > >> home network. > > > > > > One thing to keep in mind is that 'gigE firewall' is fairly > meaningless by > > > itself. Most of the load is per-packet and GigE could be anywhere > between > > > (roughly) 80kpps and 1.5mpps. > > > > > > That said, since you mention 'home network', I presume you don't need > complex > > > packet manipulation at wire-speed. Note that whilst the re(4) driver > doesn't > > > have the same comments as the rl(4) driver, you will still need > significantly > > > more CPU power to get the same thruput from a RTL8111 as (eg) an em. > > > > I recently built a low-power FreeBSD box with this board: > > > http://www.ecs.com.tw/ECSWebSite/Product/Product_Detail.aspx?DetailID=1499 > > > > The onboard re(4) NIC needs a patch[1] (present in 10-STABLE but > > not 10.0-RELEASE) to function properly. Otherwise it's been a smooth > > ride. > > > > It only has one onboard NIC but expansion options include PCI-e > > (mini and full) and USB 3.0. > > > > I have enjoyed using pcengines' Alix boards in the past, but wanted > > more memory for this application than the new APU boards support. > > I'm trying to avoid having to construct a system from parts. > This board definitely has more potential than anything I've seen > so far in this research, but at the same time I'd have to play > parts matching and I'd prefer to stick with Intel if possible. > > I'll keep it in mind if I have any future projects, though. > Thank you! > > -- > Chris Nehren > As others noted, gigE is rather unspecified. If you want something like server grade a few of the machines listed at http://www.supermicro.nl/products/nfo/atom.cfm would be good, and reasonably low powered. But perhaps more than 400USD, and/or a bit on the loud side for a home application. They do have an IPMI-port though, which can come in handy. As a data point: at work we recently tested forwarding performance of a HP g7 (with quad core xeon cpu) and intel 10GE card, and maxed out at 650kpps, which for small packet size is no-where near the wire speed on 1gigE. Just by loading ipfw module performance dropped noticeably. Best regards Andreas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPS9%2BSu6R=yQ1Xd47UO5hLs2G9fGAeb9nA=1m03-_YC%2Bn5pA=Q>