Hardware hunting

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Hardware hunting

Chris McGee
Hi guys-

  I am hunting for a low-power firewall for my home network. For at least
10 years, whenever my firewall hardware has started to die, I've grabbed a
decommissioned game PC, added a few NIC's, and put OpenBSD on it.  The
firewall's current incarnation pulls about 160 watts 24/7; I'd like to
lower that by a lot.

  Requirements are:
   1) Low power (<50w; I want it to pay for itself before the hardware dies)
   2) 4 network interfaces (3 gigabit, one gigabit or 100mbps)
   3) Cheaper is better (e.g., a $200 4-port PCIE NIC on a $75 motherboard
is suboptimal)
   4) Works with OpenBSD 5.2
   5) Won't cause a hardware bottleneck when pushing 200mbps of
multidirectional traffic through a moderately complex pf ruleset (this
doesn't take a lot of CPU; a 1 GHz Athlon runs at about 2% under load, and
most of that is from hardware interrupts).

  It looks like a lot of people use the Alix 2D13 for this, but I rejected
it for poor throughput (it would be great for the internet connection, but
it sounds like it might be a serious bottleneck between the internal
networks).

  Jetway makes a number of promising-looking Atom boards, including the
4-interface NF38, but the NF38 and many other JetWays use the Realtek
RTL8111EVL, which doesn't appear to be OpenBSD-friendly. You can add
interfaces to Jetway boards via their daughterboards, but those are either
Realtek RTL8111F or Intel 82574L; same problem.  (Google turns up one
report of the RTL8111 series sorta working with -current, but if you read
the guy's dmesg, it doesn't look like he HAS an RTL8111 in the first place.)


  ...anyway, if you have a low-power OpenBSD network appliance with 3-4
interfaces that you're happy with, please give me a yell. I've been through
a lot of boards without finding a winner so far!

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Justin Mayes
Check out http://soekris.com/. I have a low end one and it works great.
Little costly though.

Justin Mayes 


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Chris McGee
Sent: Thursday, November 15, 2012 3:48 PM
To: [hidden email]
Subject: Hardware hunting

Hi guys-

  I am hunting for a low-power firewall for my home network. For at least
10 years, whenever my firewall hardware has started to die, I've grabbed a
decommissioned game PC, added a few NIC's, and put OpenBSD on it.  The
firewall's current incarnation pulls about 160 watts 24/7; I'd like to lower
that by a lot.

  Requirements are:
   1) Low power (<50w; I want it to pay for itself before the hardware dies)
   2) 4 network interfaces (3 gigabit, one gigabit or 100mbps)
   3) Cheaper is better (e.g., a $200 4-port PCIE NIC on a $75 motherboard
is suboptimal)
   4) Works with OpenBSD 5.2
   5) Won't cause a hardware bottleneck when pushing 200mbps of
multidirectional traffic through a moderately complex pf ruleset (this
doesn't take a lot of CPU; a 1 GHz Athlon runs at about 2% under load, and
most of that is from hardware interrupts).

  It looks like a lot of people use the Alix 2D13 for this, but I rejected
it for poor throughput (it would be great for the internet connection, but
it sounds like it might be a serious bottleneck between the internal
networks).

  Jetway makes a number of promising-looking Atom boards, including the
4-interface NF38, but the NF38 and many other JetWays use the Realtek
RTL8111EVL, which doesn't appear to be OpenBSD-friendly. You can add
interfaces to Jetway boards via their daughterboards, but those are either
Realtek RTL8111F or Intel 82574L; same problem.  (Google turns up one report
of the RTL8111 series sorta working with -current, but if you read the guy's
dmesg, it doesn't look like he HAS an RTL8111 in the first place.)


  ...anyway, if you have a low-power OpenBSD network appliance with 3-4
interfaces that you're happy with, please give me a yell. I've been through
a lot of boards without finding a winner so far!

[demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Joel Wirāmu Pauling
Have Soekris put out a Gbit NIC platform yet? I stopped using them because
of this reason.

-Joel


On 16 November 2012 11:02, Justin Mayes <[hidden email]> wrote:

> Check out http://soekris.com/. I have a low end one and it works great.
> Little costly though.
>
> Justin Mayes
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of
> Chris McGee
> Sent: Thursday, November 15, 2012 3:48 PM
> To: [hidden email]
> Subject: Hardware hunting
>
> Hi guys-
>
>   I am hunting for a low-power firewall for my home network. For at least
> 10 years, whenever my firewall hardware has started to die, I've grabbed a
> decommissioned game PC, added a few NIC's, and put OpenBSD on it.  The
> firewall's current incarnation pulls about 160 watts 24/7; I'd like to
> lower
> that by a lot.
>
>   Requirements are:
>    1) Low power (<50w; I want it to pay for itself before the hardware
> dies)
>    2) 4 network interfaces (3 gigabit, one gigabit or 100mbps)
>    3) Cheaper is better (e.g., a $200 4-port PCIE NIC on a $75 motherboard
> is suboptimal)
>    4) Works with OpenBSD 5.2
>    5) Won't cause a hardware bottleneck when pushing 200mbps of
> multidirectional traffic through a moderately complex pf ruleset (this
> doesn't take a lot of CPU; a 1 GHz Athlon runs at about 2% under load, and
> most of that is from hardware interrupts).
>
>   It looks like a lot of people use the Alix 2D13 for this, but I rejected
> it for poor throughput (it would be great for the internet connection, but
> it sounds like it might be a serious bottleneck between the internal
> networks).
>
>   Jetway makes a number of promising-looking Atom boards, including the
> 4-interface NF38, but the NF38 and many other JetWays use the Realtek
> RTL8111EVL, which doesn't appear to be OpenBSD-friendly. You can add
> interfaces to Jetway boards via their daughterboards, but those are either
> Realtek RTL8111F or Intel 82574L; same problem.  (Google turns up one
> report
> of the RTL8111 series sorta working with -current, but if you read the
> guy's
> dmesg, it doesn't look like he HAS an RTL8111 in the first place.)
>
>
>   ...anyway, if you have a low-power OpenBSD network appliance with 3-4
> interfaces that you're happy with, please give me a yell. I've been through
> a lot of boards without finding a winner so far!
>
> [demime 1.01d removed an attachment of type application/pkcs7-signature
> which had a name of smime.p7s]

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Michel Blais-2
In reply to this post by Chris McGee
I have one Jetway board in production with 5.0 with intel daughterboard
work fine but it's only 3 intel NIC so would have to use one realtek. I
didn't try realtek NIC with lot of traffic.

I now use Lanner FW-7535 instead. Cost a little more but like them
better and Lanner service is great. Atom board with case + 6 Intel NIC.
I think those are also 82574L so not the fastest intel NIC but for low
budget firewall, those are fine. Also, the Atom is a desktop version so
take more power than those in jetway I have use.

Michel

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Martin Schröder
In reply to this post by Joel Wirāmu Pauling
2012/11/15 Joel Wirāmu Pauling <[hidden email]>:
> Have Soekris put out a Gbit NIC platform yet? I stopped using them because
> of this reason.

http://soekris.com/products/net6501.html

You could have found that yourself.
But since you can not even quote...

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

James Shupe-4
In reply to this post by Joel Wirāmu Pauling
On 11/15/12 4:06 PM, Joel Wirāmu Pauling wrote:
> Have Soekris put out a Gbit NIC platform yet? I stopped using them because
> of this reason.
>
> -Joel
>

Yeah, the 6501 series is awesome. A bit pricy, but definitely something
I recommend.

On another note, I use some old Wyse WT941GL machines I bought of Ebay
for my test lab. They're VIA 1Ghz/ 256MB RAM machines that I shoved some
cheap HP dual (you could probably find quad) port NICs (also from Ebay)
into. I think I have about $100 into each one of them, and they would be
great for a non-mission critical environment where you don't mind
throwing some used hardware into.


--
James Shupe

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Daniel Melameth
In reply to this post by Chris McGee
On Thu, Nov 15, 2012 at 2:47 PM, Chris McGee <[hidden email]> wrote:

>   I am hunting for a low-power firewall for my home network. For at least
> 10 years, whenever my firewall hardware has started to die, I've grabbed a
> decommissioned game PC, added a few NIC's, and put OpenBSD on it.  The
> firewall's current incarnation pulls about 160 watts 24/7; I'd like to
> lower that by a lot.
>
>   Requirements are:
>    1) Low power (<50w; I want it to pay for itself before the hardware dies)
>    2) 4 network interfaces (3 gigabit, one gigabit or 100mbps)
>    3) Cheaper is better (e.g., a $200 4-port PCIE NIC on a $75 motherboard
> is suboptimal)
>    4) Works with OpenBSD 5.2
>    5) Won't cause a hardware bottleneck when pushing 200mbps of
> multidirectional traffic through a moderately complex pf ruleset (this
> doesn't take a lot of CPU; a 1 GHz Athlon runs at about 2% under load, and
> most of that is from hardware interrupts).
>
>   It looks like a lot of people use the Alix 2D13 for this, but I rejected
> it for poor throughput (it would be great for the internet connection, but
> it sounds like it might be a serious bottleneck between the internal
> networks).

Are you open to purchasing a VLAN-capable switch for home use?  While
this might be considered overkill for home use, if you like data
networks, VLANs tend to be invaluable.  I did this years ago and I'm
quite pleased with the flexibility of my home network as a
result--that and my OpenBSD firewall at home is a used low-power
legacy notebook with a single GigE em NIC that I picked up for 75USD.

Cheers.

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Chris McGee
In reply to this post by Chris McGee
Thanks for all the feedback!

I really like the look of the Soekris boards.

The Soekris website isn't that helpful, but I jotted down all my research
in case someone else wanted to look at it:

https://docs.google.com/spreadsheet/ccc?key=0AqjAAj_-IRQkdEs3TWNkZnZrUGs0S0FjYnRYQjFJZlE
(That's not meant to be comprehensive; I stopped researching a model when
it failed one of my requirements.)

The text-only version (for those reading this in elm or pine :P)  is:

The Soekris Net6x series is an Intel Atom E6 with an EG20T, and 4 82574L
10/100/1000 chips, which are supported by the em driver.  $299 - $456 for
the board.
The Soekris Net5x series is an AMD Geode LX with a CS5536, and 4 VT6105m
10/100 chips, which are supported by the vr driver.  $254 - $222 for the
board.
The Soekris Net4x series uses an anonymous ethernet chip that you can't
quite read in the photos and it's not listed in the spec sheet.  I am
pretty sure the Net4501-30 has a "VM552RR" chip, but I don't know who makes
that. It does have a logo that looks a bit like an old Via logo.   $135 -
$178 for the board, but my current guess is that that mystery ethernet chip
is not gonna have a driver.

I think I will probably spring for the 6501-50 with their custom enclosure
and external power. That lists at $380, plus $50 for a cheapo SSD, and I
should be running at less than 30 watts for $480- which is a savings of
1,227 KWh per year (or about $283 at my local power rates), so it'll pay
for itself in around 19 months. (Since I want to go to bed, I'm not going
to attempt to figure in the change in heat loading's effect on heating and
AC bills... they'll balance each other out, dammit. ;)   )

Thanks again!


On Thu, Nov 15, 2012 at 4:47 PM, Chris McGee <[hidden email]> wrote:

> Hi guys-
>
>   I am hunting for a low-power firewall for my home network. For at least
> 10 years, whenever my firewall hardware has started to die, I've grabbed a
> decommissioned game PC, added a few NIC's, and put OpenBSD on it.  The
> firewall's current incarnation pulls about 160 watts 24/7; I'd like to
> lower that by a lot.
>
>   Requirements are:
>    1) Low power (<50w; I want it to pay for itself before the hardware
> dies)
>    2) 4 network interfaces (3 gigabit, one gigabit or 100mbps)
>    3) Cheaper is better (e.g., a $200 4-port PCIE NIC on a $75 motherboard
> is suboptimal)
>    4) Works with OpenBSD 5.2
>    5) Won't cause a hardware bottleneck when pushing 200mbps of
> multidirectional traffic through a moderately complex pf ruleset (this
> doesn't take a lot of CPU; a 1 GHz Athlon runs at about 2% under load, and
> most of that is from hardware interrupts).
>
>   It looks like a lot of people use the Alix 2D13 for this, but I rejected
> it for poor throughput (it would be great for the internet connection, but
> it sounds like it might be a serious bottleneck between the internal
> networks).
>
>   Jetway makes a number of promising-looking Atom boards, including the
> 4-interface NF38, but the NF38 and many other JetWays use the Realtek
> RTL8111EVL, which doesn't appear to be OpenBSD-friendly. You can add
> interfaces to Jetway boards via their daughterboards, but those are either
> Realtek RTL8111F or Intel 82574L; same problem.  (Google turns up one
> report of the RTL8111 series sorta working with -current, but if you read
> the guy's dmesg, it doesn't look like he HAS an RTL8111 in the first place.)
>
>
>   ...anyway, if you have a low-power OpenBSD network appliance with 3-4
> interfaces that you're happy with, please give me a yell. I've been through
> a lot of boards without finding a winner so far!

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Axton Grams
In reply to this post by Chris McGee
On Thu, Nov 15, 2012 at 3:47 PM, Chris McGee <[hidden email]> wrote:

> Hi guys-
>
>   I am hunting for a low-power firewall for my home network. For at least
> 10 years, whenever my firewall hardware has started to die, I've grabbed a
> decommissioned game PC, added a few NIC's, and put OpenBSD on it.  The
> firewall's current incarnation pulls about 160 watts 24/7; I'd like to
> lower that by a lot.
>
>   Requirements are:
>    1) Low power (<50w; I want it to pay for itself before the hardware
> dies)
>    2) 4 network interfaces (3 gigabit, one gigabit or 100mbps)
>    3) Cheaper is better (e.g., a $200 4-port PCIE NIC on a $75 motherboard
> is suboptimal)
>    4) Works with OpenBSD 5.2
>    5) Won't cause a hardware bottleneck when pushing 200mbps of
> multidirectional traffic through a moderately complex pf ruleset (this
> doesn't take a lot of CPU; a 1 GHz Athlon runs at about 2% under load, and
> most of that is from hardware interrupts).
>
>   It looks like a lot of people use the Alix 2D13 for this, but I rejected
> it for poor throughput (it would be great for the internet connection, but
> it sounds like it might be a serious bottleneck between the internal
> networks).
>
>   Jetway makes a number of promising-looking Atom boards, including the
> 4-interface NF38, but the NF38 and many other JetWays use the Realtek
> RTL8111EVL, which doesn't appear to be OpenBSD-friendly. You can add
> interfaces to Jetway boards via their daughterboards, but those are either
> Realtek RTL8111F or Intel 82574L; same problem.  (Google turns up one
> report of the RTL8111 series sorta working with -current, but if you read
> the guy's dmesg, it doesn't look like he HAS an RTL8111 in the first
> place.)
>
>
>   ...anyway, if you have a low-power OpenBSD network appliance with 3-4
> interfaces that you're happy with, please give me a yell. I've been through
> a lot of boards without finding a winner so far!
>
> The supermicro Atom based machines are nice.  I am a fan of the remote
management interface, which allows power cycle, KVM over IP, virtual media,
etc.  It comes with 2 network interfaces, but has a PCI-E x4 that you could
use for additional network ports.  As another user posted, if you can
spring for a layer 2 managed switch, you could get by with just 1 NIC.

http://www.supermicro.com/products/system/1U/5015/SYS-5015A-EHF-D525.cfm

Here is a dmesg if you are interested in the chipsets (note this is an
older model with a D510 CPU):

OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011
    [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.67
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT

                         ,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE
real mem  = 3220283392 (3071MB)
avail mem = 3157540864 (3011MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/26/10, BIOS32 rev. 0 @ 0xf0010,
SMBIOS rev. 2.6 @ 0x9ac00 (19 entries)
bios0: vendor American Megatrends Inc. version "1.0c" date 05/26/2010
bios0: Supermicro X7SPA-HF
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET
acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4)
USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) P0P4(

         S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBE_(S4) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.67
GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT

                         ,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE
ioapic0 at mainbus0: apid 3 pa 0xfec00000, version 20, 24 pins
ioapic0: misconfigured as apic 1, remapped to apid 3
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P0P1)
acpiprt2 at acpi0: bus 1 (P0P4)
acpiprt3 at acpi0: bus -1 (P0P5)
acpiprt4 at acpi0: bus -1 (P0P6)
acpiprt5 at acpi0: bus -1 (P0P7)
acpiprt6 at acpi0: bus 2 (P0P8)
acpiprt7 at acpi0: bus 3 (P0P9)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
bios0: ROM list: 0xc0000/0x8000
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02
uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 3 int 21
uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 3 int 19
ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 3 int 18
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 3 int 17
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 3 int 17
pci2 at ppb1 bus 2
em0 at pci2 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: msi,
address 00:25:90:09:9b:80
ppb2 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: apic 3 int 16
pci3 at ppb2 bus 3
em1 at pci3 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: msi,
address 00:25:90:09:9b:81
uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 23
uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 3 int 19
uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 3 int 18
ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x02: apic 3 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92
pci4 at ppb3 bus 4
vga1 at pci4 dev 4 function 0 "Matrox MGA G200eW" rev 0x0a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801IR LPC" rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA,
channel 0 configured to native-PCI, channel 1 configured to native

                 -PCI
pciide0: using apic 3 int 19 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: <Hitachi HDS721010CLA332>
wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 3 int
18
iic0 at ichiic0
lm1 at iic0 addr 0x2d: W83627DHG
spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM
spdmem1 at iic0 addr 0x51: 2GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
wbsio0 at isa0 port 0x2e/2: W83627DHG rev 0x25
lm2 at wbsio0 port 0xca0/8: W83627DHG
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
lm1: disabling sensors
uhidev0 at uhub4 port 2 configuration 1 interface 0 "Winbond Electronics
Corp Hermon USB hidmouse Device" rev 1.10/0.01 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
uhidev1 at uhub4 port 2 configuration 1 interface 1 "Winbond Electronics
Corp Hermon USB hidmouse Device" rev 1.10/0.01 addr 2
uhidev1: iclass 3/1
ukbd0 at uhidev1: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (4dcb2d0a1b8a2fe9.a) swap on wd0b dump on wd0b

Axton Grams

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Pierre-Emmanuel André
In reply to this post by Chris McGee
On Thu, Nov 15, 2012 at 04:47:53PM -0500, Chris McGee wrote:

> Hi guys-
>
>   I am hunting for a low-power firewall for my home network. For at least
> 10 years, whenever my firewall hardware has started to die, I've grabbed a
> decommissioned game PC, added a few NIC's, and put OpenBSD on it.  The
> firewall's current incarnation pulls about 160 watts 24/7; I'd like to
> lower that by a lot.
>
>   Requirements are:
>    1) Low power (<50w; I want it to pay for itself before the hardware dies)
>    2) 4 network interfaces (3 gigabit, one gigabit or 100mbps)
>    3) Cheaper is better (e.g., a $200 4-port PCIE NIC on a $75 motherboard
> is suboptimal)
>    4) Works with OpenBSD 5.2
>    5) Won't cause a hardware bottleneck when pushing 200mbps of
> multidirectional traffic through a moderately complex pf ruleset (this
> doesn't take a lot of CPU; a 1 GHz Athlon runs at about 2% under load, and
> most of that is from hardware interrupts).
>
>   It looks like a lot of people use the Alix 2D13 for this, but I rejected
> it for poor throughput (it would be great for the internet connection, but
> it sounds like it might be a serious bottleneck between the internal
> networks).
>
>   Jetway makes a number of promising-looking Atom boards, including the
> 4-interface NF38, but the NF38 and many other JetWays use the Realtek
> RTL8111EVL, which doesn't appear to be OpenBSD-friendly. You can add
> interfaces to Jetway boards via their daughterboards, but those are either
> Realtek RTL8111F or Intel 82574L; same problem.  (Google turns up one
> report of the RTL8111 series sorta working with -current, but if you read
> the guy's dmesg, it doesn't look like he HAS an RTL8111 in the first place.)
>
>
>   ...anyway, if you have a low-power OpenBSD network appliance with 3-4
> interfaces that you're happy with, please give me a yell. I've been through
> a lot of boards without finding a winner so far!
>


Hi,

At work, i'm using a bytemine appliance:
http://blog.bytemine.net/2012/08/15/bytemine-appliance-6a16e/
https://shop.bytemine.net/startseitenprodukte/bytemine-appliance-6a16e.html

Works very fine.

--
Pierre-Emmanuel André <pea at raveland.org>
GPG key: 0x7AE329DC

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Martin Schröder
2012/11/16 Pierre-Emmanuel André <[hidden email]>:
> At work, i'm using a bytemine appliance:
> http://blog.bytemine.net/2012/08/15/bytemine-appliance-6a16e/
> https://shop.bytemine.net/startseitenprodukte/bytemine-appliance-6a16e.html

Very nice. What do you use for mass storage?
The industrial compact flash options by bytemine are quite expensive... :-(

Best
   Martin

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Jiri B-2
In reply to this post by Axton Grams
On Thu, Nov 15, 2012 at 10:30:26PM -0600, Axton wrote:
> > The supermicro Atom based machines are nice.  I am a fan of the remote
> management interface, which allows power cycle, KVM over IP, virtual media,
> etc.

Really? KVM over IP on Supermicro doesn't work from OpenBSD. Serial console
redirection to real serial port looks quite shitty. Or what do you have in BIOS
for serial console redirection?

jirib

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Christian Weisgerber
In reply to this post by Chris McGee
Chris McGee <[hidden email]> wrote:

> The Soekris Net4x series uses an anonymous ethernet chip that you can't
> quite read in the photos and it's not listed in the spec sheet.  I am
> pretty sure the Net4501-30 has a "VM552RR" chip, but I don't know who makes

That's just the transformer.  The net45xx and net48xx series use
the National Semiconductor DP83816, supported by the sis(4) driver.

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Pierre-Emmanuel André
In reply to this post by Martin Schröder
On Fri, Nov 16, 2012 at 12:06:54PM +0100, Martin Schröder wrote:
> 2012/11/16 Pierre-Emmanuel André <[hidden email]>:
> > At work, i'm using a bytemine appliance:
> > http://blog.bytemine.net/2012/08/15/bytemine-appliance-6a16e/
> > https://shop.bytemine.net/startseitenprodukte/bytemine-appliance-6a16e.html
>
> Very nice. What do you use for mass storage?
> The industrial compact flash options by bytemine are quite expensive... :-(
>

We use a ssd drive
wd0: 16-sector PIO, LBA48, 61057MB, 125045424 sectors


--
Pierre-Emmanuel André <pea at raveland.org>
GPG key: 0x7AE329DC

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Forman, Jeffrey-2
In reply to this post by Michel Blais-2
On Thu, Nov 15, 2012 at 5:06 PM, Michel Blais <[hidden email]>wrote:

>
> I now use Lanner FW-7535 instead. Cost a little more but like them better
> and Lanner service is great. Atom board with case + 6 Intel NIC. I think
> those are also 82574L so not the fastest intel NIC but for low budget
> firewall, those are fine. Also, the Atom is a desktop version so take more
> power than those in jetway I have use.
>
> Michel
>
>
Like Michel, I went with a Lanner box as well, but I went with the FW-7565
[1]. I have upgraded from 4.9 on through 5.2 on this box, and have had nary
a problem, nor do I hear this machine either. It runs pf, openvpn, bind,
dhcpd, and other small daemons.

I mainly bought the machine because I liked being able to throw a cheap
huge PATA hard drive in there, and not be concerned with flash's supposed
write-limit, or mucking about with read-only filesystem, among other things.

Obligatory dmesg:
OpenBSD 5.2 (GENERIC.MP) #368: Wed Aug  1 10:04:49 MDT 2012
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2136604672 (2037MB)
avail mem = 2057416704 (1962MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfc120 (24 entries)
bios0: vendor American Megatrends Inc. version "080015" date 11/23/2010
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI
acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4)
USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4)
HDAC(S4) USB4(S4) USB5(S4) USBE(S4) GBEC(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz, 1666.89 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF
cpu0: 512KB 64b/line 8-way L2 cache
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz, 1666.67 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF
cpu1: 512KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Atom(TM) CPU D510 @ 1.66GHz, 1666.67 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF
cpu2: 512KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Atom(TM) CPU D510 @ 1.66GHz, 1666.67 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF
cpu3: 512KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 20, 24 pins
ioapic0: misconfigured as apic 1, remapped to apid 4
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 7 (P0P1)
acpiprt2 at acpi0: bus 1 (P0P4)
acpiprt3 at acpi0: bus 2 (P0P5)
acpiprt4 at acpi0: bus 3 (P0P6)
acpiprt5 at acpi0: bus 4 (P0P7)
acpiprt6 at acpi0: bus 5 (P0P8)
acpiprt7 at acpi0: bus 6 (P0P9)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpicpu2 at acpi0
acpicpu3 at acpi0
acpibtn0 at acpi0: PWRB
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel Pineview Video" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
inteldrm0 at vga1: apic 4 int 16
drm0 at inteldrm0
"Intel Pineview Video" rev 0x02 at pci0 dev 2 function 1 not configured
ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x03: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: msi,
address 00:90:0b:1f:95:ba
ppb1 at pci0 dev 28 function 1 "Intel 82801H PCIE" rev 0x03: msi
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 "Intel PRO/1000 (82583V)" rev 0x00: msi,
address 00:90:0b:1f:95:bb
ppb2 at pci0 dev 28 function 2 "Intel 82801H PCIE" rev 0x03: msi
pci3 at ppb2 bus 3
em2 at pci3 dev 0 function 0 "Intel PRO/1000 (82583V)" rev 0x00: msi,
address 00:90:0b:1f:95:bc
ppb3 at pci0 dev 28 function 3 "Intel 82801H PCIE" rev 0x03: msi
pci4 at ppb3 bus 4
em3 at pci4 dev 0 function 0 "Intel PRO/1000 (82583V)" rev 0x00: msi,
address 00:90:0b:1f:95:bd
ppb4 at pci0 dev 28 function 4 "Intel 82801H PCIE" rev 0x03: msi
pci5 at ppb4 bus 5
em4 at pci5 dev 0 function 0 "Intel PRO/1000 (82583V)" rev 0x00: msi,
address 00:90:0b:1f:95:be
ppb5 at pci0 dev 28 function 5 "Intel 82801H PCIE" rev 0x03: msi
pci6 at ppb5 bus 6
em5 at pci6 dev 0 function 0 "Intel PRO/1000 (82583V)" rev 0x00: msi,
address 00:90:0b:1f:95:bf
uhci0 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x03: apic 4 int 23
ehci0 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x03: apic 4 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb6 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xf3
pci7 at ppb6 bus 7
pcib0 at pci0 dev 31 function 0 "Intel 82801HBM LPC" rev 0x03
pciide0 at pci0 dev 31 function 1 "Intel 82801HBM IDE" rev 0x03: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 "Intel 82801HBM SATA" rev 0x03: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 4 int 18 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: <WDC WD3200BPVT-00HXZT1>
wd0: 16-sector PIO, LBA48, 305245MB, 625142448 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
ichiic0 at pci0 dev 31 function 3 "Intel 82801H SMBus" rev 0x03: apic 4 int
17
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
wbsio0 at isa0 port 0x2e/2: W83627THF rev 0x85
lm1 at wbsio0 port 0xa00/8: W83627THF
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (d7277df4e1179bf5.a) swap on wd0b dump on wd0b

-Jeff


1:
http://us.lannerinc.com/x86_Network_Appliances/x86_Rackmount_Appliances/FW-7565

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Christian Weisgerber
Forman, Jeffrey <[hidden email]> wrote:

> I mainly bought the machine because I liked being able to throw a cheap
> huge PATA hard drive in there, and not be concerned with flash's supposed
> write-limit, or mucking about with read-only filesystem, among other things.

Funny.  I'd rather throw in a flash than a fragile hard drive.

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Russell Garrison
I can also vouch for the Lanner, but make sure you get the fanless
model. I bought the ones with fans to go into a noisy server room, but
they spent a week or two in testing on my desk. People walking by kept
thinking that a faucet was running full blast in my cubicle, so you
probably don't want that in a home-based scenario.

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Peter J. Philipp-3
Am 16.11.2012 um 20:11 schrieb Russell Garrison <[hidden email]>:

> I can also vouch for the Lanner, but make sure you get the fanless
> model. I bought the ones with fans to go into a noisy server room, but
> they spent a week or two in testing on my desk. People walking by kept
> thinking that a faucet was running full blast in my cubicle, so you
> probably don't want that in a home-based scenario.

I got my Lanner from bytemine.  Here is some photos:

http://emea.centroid.eu/blog/index.php?article=1294095600

That's the previous model, they are offering the 'e' model now I think.
Anyhow I got the Intel SSD separately for it.  Yesterday I upgraded it
to OpenBSD 5.2, it's been really stable since I bought it.  One thing
that is weird that I found out was that no matter what load is on the CPU
I registered 20 Watts on my electricity meter.  I still use apmd -C on it
so that it conserves on heat, not that it gets hot, but it gets warm.  You
can put your hand on the top and it would be about 40 degrees, so
bareable.

Regards,
-peter

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Stuart Henderson
In reply to this post by Forman, Jeffrey-2
On 2012-11-16, Forman, Jeffrey <[hidden email]> wrote:
> I mainly bought the machine because I liked being able to throw a cheap
> huge PATA hard drive in there, and not be concerned with flash's supposed
> write-limit, or mucking about with read-only filesystem, among other things.

I've used flash quite a lot in the last 10 years (CF, disk-on-module, and more
recently SSD), they do fail sometimes of course, but the majority of failures
I had were in the first month or two of use and not anything I can attribute
to wear.

Only time I mess around with read-only FS etc is for things where I want to
avoid automatic fsck failing if the power gets pulled etc.

Sometimes I do use syslog memory buffers for things (e.g. debug logging)
which don't need to go to permanent storage, but mainly that's just because
it can be a bit slow on some of these devices..

Reply | Threaded
Open this post in threaded view
|

Re: Hardware hunting

Maurice Janssen-2
In reply to this post by Pierre-Emmanuel André
On Fri, Nov 16, 2012 at 11:33:28AM +0100, Pierre-Emmanuel Andr? wrote:
>At work, i'm using a bytemine appliance:
>http://blog.bytemine.net/2012/08/15/bytemine-appliance-6a16e/
>https://shop.bytemine.net/startseitenprodukte/bytemine-appliance-6a16e.html
>
>Works very fine.

Does anyone know the dimensions of it?  Can't find them on the website
of Bytemine and I was wondering if it would fit in 1U when placed on a
rack shelf.

Thanks,
Maurice

12