Hardware recommendations for compact 1U firewall

classic Classic list List threaded Threaded
32 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Darren Tucker
On Sat, Dec 17, 2016 at 1:08 PM, Damian McGuckin <[hidden email]> wrote:
[...]
> What is the max throughput people have seen on these?
> Assuming traffic going between say 'vr0' and 'vr1', will it a Net5501
> board sustain 100Mbps?

I doubt it.

I did some work[1] on the vr driver on a pcengines ALIX, which has
very similar hardware (500MHz Geode CPUs and VT6105M ethernet chips).
The most I got though it for a TCP stream was 85MBit/s routing only.
It had CPU to spare, so I suspect the limitation was either the chip
or the driver.

The VT6105M doesn't have any receive-side interrupt mitigation (and
OpenBSD doesn't have a polling mode) so I suspect it'd be easy to DoS
it with tiny packets.  As long as that's not happening, there's
probably enough CPU to run PF.

Depending on your use case and environment this may or may not be good
enough.   If you do try it I'd be interested in hearing the result.

[1] http://undeadly.org/cgi?action=article&sid=20130201054156

--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Aaron Mason
In reply to this post by Nick Holland
Thanks for some additional fleabay search terms :)

On Sat, Dec 17, 2016 at 2:59 PM, Nick Holland
<[hidden email]> wrote:

> On 12/14/16 20:39, Aaron Mason wrote:
>> All
>>
>> I'm looking for a 1U appliance that I can re-purpose into a firewall
>> using OpenBSD.  I've tried the near-free method by using an old Lacie
>> Ethernet Disk appliance I had lying around, but it turns out the
>> onboard SATA chipset is toast on this particular unit (it freezes at
>> CDBOOT when it detects hard drives and the BIOS freezes when I set it
>> to IDE mode with drives attached, plus it only has one onboard NIC and
>> one PCI slot, so I can't install another SATA card without removing
>> the other NIC I installed), so I'm looking for other options that fit
>> a limited budget.
>
> heh.  Little secret: if you look in many data centers, you will find
> lots of 1U boxes with various titles -- security appliances, load
> balancing devices, etc.  A lot of them, under the covers, are just PCs.
> And a lot of data centers have 'em rotting on the racks after they have
> been turned off and replaced, but no motivation to remove them.
>
> Just cleaned out some stuff from one of our data centers -- we had a
> three authentication devices and a couple "security appliances" that all
> turned out to have the same SuperMicro board on them...some with Pentium
> D, others with P4s...but both could pump a lot of packets through
> gigabit NICs (two on board).  The security appliances were kinda cool in
> that they have a LCD screen that looks like it could be accessed through
> a USB serial port (better yet, when you powered up the box, the LCD
> panel put up an advertisement, not for the security appliance maker, but
> for the LCD panel...including a website.  Bet there are docs there! :)
> (I once programmed the LCD panel of a Novell server to say, "WINDOWS
> SUCKS".  Wasn't noticed for years, but when it was, my name was quickly
> assumed as being responsible)
>
> We also had a couple odd little "load balancers" -- five NIC ports.  My
> coworkers were skeptical about it being a standard PC under the cover.
> Haven't tried to boot OpenBSD on them yet, but turns out the thing has a
> 128M SATA DiskOnModule (flash memory on a SATA board), a 1G CF card, and
> a SATA hard disk in the box.  Again, all in one U.
>
> And I'll admit there's a certain fun in bringing up another OS on
> something like that.  And I HAVE to at least try to bring up OpenBSD on
> them...so I can wipe the media before the hw is disposed of.  (Company
> policy says "overwrite entire disk with random data", who's got the
> fastest random number generator in town?  OpenBSD, of course!)
>
> Nick.
>



--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Joel Wirāmu Pauling
If someone hasn't already mentioned it : Lanner http://www.lannerinc.com/

On 19 December 2016 at 18:08, Aaron Mason <[hidden email]> wrote:

> Thanks for some additional fleabay search terms :)
>
> On Sat, Dec 17, 2016 at 2:59 PM, Nick Holland
> <[hidden email]> wrote:
> > On 12/14/16 20:39, Aaron Mason wrote:
> >> All
> >>
> >> I'm looking for a 1U appliance that I can re-purpose into a firewall
> >> using OpenBSD.  I've tried the near-free method by using an old Lacie
> >> Ethernet Disk appliance I had lying around, but it turns out the
> >> onboard SATA chipset is toast on this particular unit (it freezes at
> >> CDBOOT when it detects hard drives and the BIOS freezes when I set it
> >> to IDE mode with drives attached, plus it only has one onboard NIC and
> >> one PCI slot, so I can't install another SATA card without removing
> >> the other NIC I installed), so I'm looking for other options that fit
> >> a limited budget.
> >
> > heh.  Little secret: if you look in many data centers, you will find
> > lots of 1U boxes with various titles -- security appliances, load
> > balancing devices, etc.  A lot of them, under the covers, are just PCs.
> > And a lot of data centers have 'em rotting on the racks after they have
> > been turned off and replaced, but no motivation to remove them.
> >
> > Just cleaned out some stuff from one of our data centers -- we had a
> > three authentication devices and a couple "security appliances" that all
> > turned out to have the same SuperMicro board on them...some with Pentium
> > D, others with P4s...but both could pump a lot of packets through
> > gigabit NICs (two on board).  The security appliances were kinda cool in
> > that they have a LCD screen that looks like it could be accessed through
> > a USB serial port (better yet, when you powered up the box, the LCD
> > panel put up an advertisement, not for the security appliance maker, but
> > for the LCD panel...including a website.  Bet there are docs there! :)
> > (I once programmed the LCD panel of a Novell server to say, "WINDOWS
> > SUCKS".  Wasn't noticed for years, but when it was, my name was quickly
> > assumed as being responsible)
> >
> > We also had a couple odd little "load balancers" -- five NIC ports.  My
> > coworkers were skeptical about it being a standard PC under the cover.
> > Haven't tried to boot OpenBSD on them yet, but turns out the thing has a
> > 128M SATA DiskOnModule (flash memory on a SATA board), a 1G CF card, and
> > a SATA hard disk in the box.  Again, all in one U.
> >
> > And I'll admit there's a certain fun in bringing up another OS on
> > something like that.  And I HAVE to at least try to bring up OpenBSD on
> > them...so I can wipe the media before the hw is disposed of.  (Company
> > policy says "overwrite entire disk with random data", who's got the
> > fastest random number generator in town?  OpenBSD, of course!)
> >
> > Nick.
> >
>
>
>
> --
> Aaron Mason - Programmer, open source addict
> I've taken my software vows - for beta or for worse

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Predrag Punosevac-2
In reply to this post by Aaron Mason
Hrvoje Popovski wrote:
>
> On 15.12.2016. 12:30, Stuart Henderson wrote:
> > If you want to cut down on weight+noise at the expense of more cost
> > and a less powerful cpu, maybe APU2 in a 1U case or something like
> > supermicro SYS-5018A-FTN4.
>
> has anyone dmesg from SYS-5018A-FTN4 box? i'm interesting in intel qat
>
> thank you ...

As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for
SYS-5018A-FTN4


OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016
    [hidden email]:/binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34314604544 (32724MB)
avail mem = 33270165504 (31728MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7f4d8000 (53 entries)
bios0: vendor American Megatrends Inc. version "1.1a" date 08/27/2015
bios0: Silicon Mechanics CSTM: CMU - 1U Atom Server
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP FPDT FIDT SPMI MCFG WDAT UEFI APIC BDAT HPET SSDT HEST BERT ERST EINJ
acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) PEX4(S0) EHC1(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.46 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu4: 1MB 64b/line 16-way L2 cache
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: apid 10 (application processor)
cpu5: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu5: 1MB 64b/line 16-way L2 cache
cpu5: smt 0, core 5, package 0
cpu6 at mainbus0: apid 12 (application processor)
cpu6: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu6: 1MB 64b/line 16-way L2 cache
cpu6: smt 0, core 6, package 0
cpu7 at mainbus0: apid 14 (application processor)
cpu7: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu7: 1MB 64b/line 16-way L2 cache
cpu7: smt 0, core 7, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEX1)
acpiprt2 at acpi0: bus 2 (BR04)
acpiprt3 at acpi0: bus 3 (PEX2)
acpiprt4 at acpi0: bus 4 (PEX3)
acpiprt5 at acpi0: bus -1 (PEX4)
acpicpu0 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu4 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu5 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu6 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu7 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
"PNP0003" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0501" at acpi0 not configured
"IPI0001" at acpi0 not configured
"PNP0C33" at acpi0 not configured
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2400 MHz: speeds: 2400, 2300, 2200, 2100, 2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Atom C2000 Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "ASPEED Technology AST1150 PCI" rev 0x03
pci2 at ppb1 bus 2
vga1 at pci2 dev 0 function 0 "ASPEED Technology AST2000" rev 0x30
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb2 at pci0 dev 2 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci3 at ppb2 bus 3
xhci0 at pci3 dev 0 function 0 "Renesas uPD720201 xHCI" rev 0x03: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Renesas xHCI root hub" rev 3.00/1.00 addr 1
ppb3 at pci0 dev 3 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci4 at ppb3 bus 4
vendor "Intel", unknown product 0x1f18 (class processor subclass Co-processor, rev 0x02) at pci0 dev 11 function 0 not configured
pchb1 at pci0 dev 14 function 0 "Intel Atom C2000 RAS" rev 0x02
"Intel Atom C2000 RCEC" rev 0x02 at pci0 dev 15 function 0 not configured
"Intel Atom C2000 SMBus" rev 0x02 at pci0 dev 19 function 0 not configured
em0 at pci0 dev 20 function 0 "Intel I354 SGMII" rev 0x03: msi, address 0c:c4:7a:ac:5c:96
em1 at pci0 dev 20 function 1 "Intel I354 SGMII" rev 0x03: msi, address 0c:c4:7a:ac:5c:97
em2 at pci0 dev 20 function 2 "Intel I354 SGMII" rev 0x03: msi, address 0c:c4:7a:ac:5c:98
em3 at pci0 dev 20 function 3 "Intel I354 SGMII" rev 0x03: msi, address 0c:c4:7a:ac:5c:99
ehci0 at pci0 dev 22 function 0 "Intel Atom C2000 USB" rev 0x02: apic 2 int 23
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ahci0 at pci0 dev 23 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI 1.3
scsibus1 at ahci0: 32 targets
ahci1 at pci0 dev 24 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI 1.3
ahci1: port 0: 6.0Gb/s
scsibus2 at ahci1: 32 targets
sd0 at scsibus2 targ 0 lun 0: <ATA, SAMSUNG SSD SM84, DXM0> SCSI3 0/direct fixed naa.5002538500000000
sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin
pcib0 at pci0 dev 31 function 0 "Intel Atom C2000 PCU" rev 0x02
ichiic0 at pci0 dev 31 function 3 "Intel Atom C2000 PCU SMBus" rev 0x02: apic 2 int 18
iic0 at ichiic0
sdtemp0 at iic0 addr 0x18: stts2002
sdtemp1 at iic0 addr 0x19: stts2002
sdtemp2 at iic0 addr 0x1a: stts2002
sdtemp3 at iic0 addr 0x1b: stts2002
iic0: addr 0x2e 00=3d words 00=3d3d 01=0000 02=0000 03=0000 04=0000 05=0000 06=0000 07=0000
spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
spdmem1 at iic0 addr 0x51: 8GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
spdmem2 at iic0 addr 0x52: 8GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
spdmem3 at iic0 addr 0x53: 8GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
uhub2 at uhub1 port 1 "Intel product 0x07db" rev 2.00/0.02 addr 2
uhub3 at uhub2 port 3 "ATEN International product 0x7000" rev 2.00/0.00 addr 3
uhidev0 at uhub3 port 1 configuration 1 interface 0 "ATEN International product 0x2419" rev 1.10/1.00 addr 4
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub3 port 1 configuration 1 interface 1 "ATEN International product 0x2419" rev 1.10/1.00 addr 4
uhidev1: iclass 3/1
ums0 at uhidev1: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (5275a7b2a0b9439e.a) swap on sd0b dump on sd0b

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Lyndon Nerenberg (VE6BBM/VE7TFX)
> As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for
> SYS-5018A-FTN4

FWIW, we have six of these doing firewall duty (currently running 5.9) and
they perform flawlessly. We run them in CARPed pairs, and LACP across
redundant switches.

--lyndon

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Aaron Mason
In reply to this post by Predrag Punosevac-2
Thanks for all of your suggestions, though some may have missed the
bit where I said "on a limited budget" :)

Torn between a Barracuda web filter or a Portwell CAR 3000. The latter
is more expensive but supports 10Gbit, whereas the Barracuda may only
have 10/100.  Both Core2Duo based, could probably upgrade to a
Core2Quad or a Xeon with a 771->775 adapter.

On Thu, Dec 22, 2016 at 12:17 PM, Predrag Punosevac
<[hidden email]> wrote:

> Hrvoje Popovski wrote:
>>
>> On 15.12.2016. 12:30, Stuart Henderson wrote:
>> > If you want to cut down on weight+noise at the expense of more cost
>> > and a less powerful cpu, maybe APU2 in a 1U case or something like
>> > supermicro SYS-5018A-FTN4.
>>
>> has anyone dmesg from SYS-5018A-FTN4 box? i'm interesting in intel qat
>>
>> thank you ...
>
> As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for
> SYS-5018A-FTN4
>
>
> OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016
>
[hidden email]:/binpatchng/work-binpatch60-amd64/src/sys/arch
/amd64/compile/GENERIC.MP

> real mem = 34314604544 (32724MB)
> avail mem = 33270165504 (31728MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7f4d8000 (53 entries)
> bios0: vendor American Megatrends Inc. version "1.1a" date 08/27/2015
> bios0: Silicon Mechanics CSTM: CMU - 1U Atom Server
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S5
> acpi0: tables DSDT FACP FPDT FIDT SPMI MCFG WDAT UEFI APIC BDAT HPET SSDT
HEST BERT ERST EINJ
> acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) PEX4(S0) EHC1(S0)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.46 MHz
> cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 100MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu2: 1MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu3: 1MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> cpu4 at mainbus0: apid 8 (application processor)
> cpu4: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu4: 1MB 64b/line 16-way L2 cache
> cpu4: smt 0, core 4, package 0
> cpu5 at mainbus0: apid 10 (application processor)
> cpu5: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu5: 1MB 64b/line 16-way L2 cache
> cpu5: smt 0, core 5, package 0
> cpu6 at mainbus0: apid 12 (application processor)
> cpu6: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu6:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu6: 1MB 64b/line 16-way L2 cache
> cpu6: smt 0, core 6, package 0
> cpu7 at mainbus0: apid 14 (application processor)
> cpu7: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu7:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT

> cpu7: 1MB 64b/line 16-way L2 cache
> cpu7: smt 0, core 7, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (PEX1)
> acpiprt2 at acpi0: bus 2 (BR04)
> acpiprt3 at acpi0: bus 3 (PEX2)
> acpiprt4 at acpi0: bus 4 (PEX3)
> acpiprt5 at acpi0: bus -1 (PEX4)
> acpicpu0 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
> acpicpu2 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
> acpicpu3 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
> acpicpu4 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
> acpicpu5 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
> acpicpu6 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
> acpicpu7 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
> "PNP0003" at acpi0 not configured
> "PNP0501" at acpi0 not configured
> "PNP0501" at acpi0 not configured
> "IPI0001" at acpi0 not configured
> "PNP0C33" at acpi0 not configured
> ipmi at mainbus0 not configured
> cpu0: Enhanced SpeedStep 2400 MHz: speeds: 2400, 2300, 2200, 2100, 2000,
1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200 MHz

> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Atom C2000 Host" rev 0x02
> ppb0 at pci0 dev 1 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
> pci1 at ppb0 bus 1
> ppb1 at pci1 dev 0 function 0 "ASPEED Technology AST1150 PCI" rev 0x03
> pci2 at ppb1 bus 2
> vga1 at pci2 dev 0 function 0 "ASPEED Technology AST2000" rev 0x30
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> ppb2 at pci0 dev 2 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
> pci3 at ppb2 bus 3
> xhci0 at pci3 dev 0 function 0 "Renesas uPD720201 xHCI" rev 0x03: msi
> usb0 at xhci0: USB revision 3.0
> uhub0 at usb0 "Renesas xHCI root hub" rev 3.00/1.00 addr 1
> ppb3 at pci0 dev 3 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
> pci4 at ppb3 bus 4
> vendor "Intel", unknown product 0x1f18 (class processor subclass
Co-processor, rev 0x02) at pci0 dev 11 function 0 not configured
> pchb1 at pci0 dev 14 function 0 "Intel Atom C2000 RAS" rev 0x02
> "Intel Atom C2000 RCEC" rev 0x02 at pci0 dev 15 function 0 not configured
> "Intel Atom C2000 SMBus" rev 0x02 at pci0 dev 19 function 0 not configured
> em0 at pci0 dev 20 function 0 "Intel I354 SGMII" rev 0x03: msi, address
0c:c4:7a:ac:5c:96
> em1 at pci0 dev 20 function 1 "Intel I354 SGMII" rev 0x03: msi, address
0c:c4:7a:ac:5c:97
> em2 at pci0 dev 20 function 2 "Intel I354 SGMII" rev 0x03: msi, address
0c:c4:7a:ac:5c:98
> em3 at pci0 dev 20 function 3 "Intel I354 SGMII" rev 0x03: msi, address
0c:c4:7a:ac:5c:99
> ehci0 at pci0 dev 22 function 0 "Intel Atom C2000 USB" rev 0x02: apic 2 int
23
> usb1 at ehci0: USB revision 2.0
> uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ahci0 at pci0 dev 23 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI
1.3
> scsibus1 at ahci0: 32 targets
> ahci1 at pci0 dev 24 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI
1.3
> ahci1: port 0: 6.0Gb/s
> scsibus2 at ahci1: 32 targets
> sd0 at scsibus2 targ 0 lun 0: <ATA, SAMSUNG SSD SM84, DXM0> SCSI3 0/direct
fixed naa.5002538500000000
> sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin
> pcib0 at pci0 dev 31 function 0 "Intel Atom C2000 PCU" rev 0x02
> ichiic0 at pci0 dev 31 function 3 "Intel Atom C2000 PCU SMBus" rev 0x02:
apic 2 int 18
> iic0 at ichiic0
> sdtemp0 at iic0 addr 0x18: stts2002
> sdtemp1 at iic0 addr 0x19: stts2002
> sdtemp2 at iic0 addr 0x1a: stts2002
> sdtemp3 at iic0 addr 0x1b: stts2002
> iic0: addr 0x2e 00=3d words 00=3d3d 01=0000 02=0000 03=0000 04=0000 05=0000
06=0000 07=0000

> spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
> spdmem1 at iic0 addr 0x51: 8GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
> spdmem2 at iic0 addr 0x52: 8GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
> spdmem3 at iic0 addr 0x53: 8GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
> isa0 at pcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pms0 at pckbc0 (aux slot)
> wsmouse0 at pms0 mux 0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> uhub2 at uhub1 port 1 "Intel product 0x07db" rev 2.00/0.02 addr 2
> uhub3 at uhub2 port 3 "ATEN International product 0x7000" rev 2.00/0.00 addr
3
> uhidev0 at uhub3 port 1 configuration 1 interface 0 "ATEN International
product 0x2419" rev 1.10/1.00 addr 4
> uhidev0: iclass 3/1
> ukbd0 at uhidev0: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> wskbd1: connecting to wsdisplay0
> uhidev1 at uhub3 port 1 configuration 1 interface 1 "ATEN International
product 0x2419" rev 1.10/1.00 addr 4
> uhidev1: iclass 3/1
> ums0 at uhidev1: 3 buttons, Z dir
> wsmouse1 at ums0 mux 0
> vscsi0 at root
> scsibus3 at vscsi0: 256 targets
> softraid0 at root
> scsibus4 at softraid0: 256 targets
> root on sd0a (5275a7b2a0b9439e.a) swap on sd0b dump on sd0b
>



--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Hrvoje Popovski
In reply to this post by Predrag Punosevac-2
On 22.12.2016. 2:17, Predrag Punosevac wrote:
> As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for
> SYS-5018A-FTN4


thank you ...

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Stuart Henderson
In reply to this post by Aaron Mason
Aaron Mason wrote:
> >> Torn between a Barracuda web filter or a Portwell CAR 3000. The latter
> >> is more expensive but supports 10Gbit, whereas the Barracuda may only
> >> have 10/100.  Both Core2Duo based, could probably upgrade to a
> >> Core2Quad or a Xeon with a 771->775 adapter.

btw, I found some cheap CAR 3000 (this one says "caswell" rather than
portwell and is an oem firewall box), so here's a dmesg in case it's of
interest. sysctl hw follows below.

Handy to have so many ports for £25, but 4x 1u fans (including the one in
the PSU) make it rather noisy.

OpenBSD 6.0-current (GENERIC.MP) #122: Sun Jan  8 14:53:10 MST 2017
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4242145280 (4045MB)
avail mem = 4108922880 (3918MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xfbcb0 (45 entries)
bios0: vendor American Megatrends Inc. version "080015" date 12/22/2010
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB SSDT
acpi0: wakeup devices P0P2(S4) P0P3(S4) P0P1(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) MC97(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz, 2793.39 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,LONG,LAHF,PERF,SENSOR
cpu0: 3MB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 265MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz, 2793.00 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,LONG,LAHF,PERF,SENSOR
cpu1: 3MB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 7 (P0P1)
acpiprt2 at acpi0: bus 1 (P0P4)
acpiprt3 at acpi0: bus 2 (P0P5)
acpiprt4 at acpi0: bus 3 (P0P6)
acpiprt5 at acpi0: bus 4 (P0P7)
acpiprt6 at acpi0: bus 5 (P0P8)
acpiprt7 at acpi0: bus 6 (P0P9)
acpicpu0 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10), C1(1000@1 mwait.1), PSS
"AWY0001" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0501" at acpi0 not configured
acpibtn0 at acpi0: PWRB
cpu0: Enhanced SpeedStep 2793 MHz: speeds: 2800, 2403, 2136, 1870, 1603 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel G41 Host" rev 0x03
inteldrm0 at pci0 dev 2 function 0 "Intel G41 Video" rev 0x03
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
inteldrm0: msi
inteldrm0: 1024x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address 00:90:fb:39:8c:c4
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x01: msi
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address 00:90:fb:39:8c:c5
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x01: msi
pci3 at ppb2 bus 3
em2 at pci3 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address 00:90:fb:39:8c:c6
ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x01: msi
pci4 at ppb3 bus 4
em3 at pci4 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address 00:90:fb:39:8c:c7
ppb4 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: msi
pci5 at ppb4 bus 5
em4 at pci5 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address 00:90:fb:39:8c:c8
ppb5 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: msi
pci6 at ppb5 bus 6
em5 at pci6 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address 00:90:fb:39:8c:c9
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 2 int 23
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 2 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb6 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci7 at ppb6 bus 7
pcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 2 int 19 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: <INTEL SSDSC2BB080G4>
wd0: 1-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: apic 2 int 19
iic0 at ichiic0
iic0: addr 0x22 01=bf 04=00 05=00 07=c0 words 00=ffbf 01=bfff 02=ffff 03=ffff 04=0000 05=0000 06=ffc0 07=c0ff
iic0: addr 0x26 01=bf 04=00 05=00 07=c0 words 00=ffbf 01=bfff 02=ffff 03=ffff 04=0000 05=0000 06=ffc0 07=c0ff
spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-8500
spdmem1 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-8500
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
wbsio0 at isa0 port 0x2e/2: W83627DHG rev 0x23
lm1 at wbsio0 port 0xa00/8: W83627DHG
vmm0 at mainbus0: VMX
uhidev0 at uhub1 port 1 configuration 1 interface 0 "SIGMACHIP USB Keyboard" rev 1.10/1.10 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub1 port 1 configuration 1 interface 1 "SIGMACHIP USB Keyboard" rev 1.10/1.10 addr 2
uhidev1: iclass 3/0, 2 report ids
uhid0 at uhidev1 reportid 1: input=2, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (c39a3eaa2bb5100d.a) swap on wd0b dump on wd0b

$ sysctl hw
hw.machine=amd64
hw.model=Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
hw.ncpu=2
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=wd0:c39a3eaa2bb5100d
hw.diskcount=1
hw.sensors.cpu0.temp0=27.00 degC
hw.sensors.lm1.temp0=31.00 degC
hw.sensors.lm1.temp1=34.50 degC
hw.sensors.lm1.fan0=5818 RPM
hw.sensors.lm1.fan1=21093 RPM
hw.sensors.lm1.volt0=1.08 VDC (VCore)
hw.sensors.lm1.volt1=12.25 VDC (+12V)
hw.sensors.lm1.volt2=3.25 VDC (+3.3V)
hw.sensors.lm1.volt3=3.25 VDC (+3.3V)
hw.sensors.lm1.volt4=-11.50 VDC (-12V)
hw.sensors.lm1.volt5=1.58 VDC
hw.sensors.lm1.volt6=1.48 VDC
hw.sensors.lm1.volt7=3.25 VDC (3.3VSB)
hw.sensors.lm1.volt8=1.60 VDC (VBAT)
hw.cpuspeed=2793
hw.setperf=99
hw.serialno=1122C00444
hw.uuid=00020003-0004-0005-0006-000700080009
hw.physmem=4242145280
hw.usermem=4238712832
hw.ncpufound=2
hw.allowpowerdown=1
hw.perfpolicy=manual

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Aaron Mason
On Tue, Jan 10, 2017 at 1:32 AM, Stuart Henderson <[hidden email]>
wrote:

> Aaron Mason wrote:
>> >> Torn between a Barracuda web filter or a Portwell CAR 3000. The latter
>> >> is more expensive but supports 10Gbit, whereas the Barracuda may only
>> >> have 10/100.  Both Core2Duo based, could probably upgrade to a
>> >> Core2Quad or a Xeon with a 771->775 adapter.
>
> btw, I found some cheap CAR 3000 (this one says "caswell" rather than
> portwell and is an oem firewall box), so here's a dmesg in case it's of
> interest. sysctl hw follows below.
>
> Handy to have so many ports for Ł25, but 4x 1u fans (including the one in
> the PSU) make it rather noisy.
>
> OpenBSD 6.0-current (GENERIC.MP) #122: Sun Jan  8 14:53:10 MST 2017
>     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 4242145280 (4045MB)
> avail mem = 4108922880 (3918MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xfbcb0 (45 entries)
> bios0: vendor American Megatrends Inc. version "080015" date 12/22/2010
> acpi0 at bios0: rev 0
> acpi0: sleep states S0 S1 S3 S4 S5
> acpi0: tables DSDT FACP APIC MCFG OEMB SSDT
> acpi0: wakeup devices P0P2(S4) P0P3(S4) P0P1(S4) USB0(S4) USB1(S4) USB2(S4)
USB3(S4) EUSB(S4) MC97(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4)
P0P9(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz, 2793.39 MHz
> cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM
2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,LONG,LAHF,PERF,SENSOR
> cpu0: 3MB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 265MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz, 2793.00 MHz
> cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM
2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,LONG,LAHF,PERF,SENSOR

> cpu1: 3MB 64b/line 8-way L2 cache
> cpu1: smt 0, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 7 (P0P1)
> acpiprt2 at acpi0: bus 1 (P0P4)
> acpiprt3 at acpi0: bus 2 (P0P5)
> acpiprt4 at acpi0: bus 3 (P0P6)
> acpiprt5 at acpi0: bus 4 (P0P7)
> acpiprt6 at acpi0: bus 5 (P0P8)
> acpiprt7 at acpi0: bus 6 (P0P9)
> acpicpu0 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10),
C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10),
C1(1000@1 mwait.1), PSS

> "AWY0001" at acpi0 not configured
> "PNP0501" at acpi0 not configured
> "PNP0501" at acpi0 not configured
> acpibtn0 at acpi0: PWRB
> cpu0: Enhanced SpeedStep 2793 MHz: speeds: 2800, 2403, 2136, 1870, 1603 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel G41 Host" rev 0x03
> inteldrm0 at pci0 dev 2 function 0 "Intel G41 Video" rev 0x03
> drm0 at inteldrm0
> intagp0 at inteldrm0
> agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
> inteldrm0: msi
> inteldrm0: 1024x768, 32bpp
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: msi
> pci1 at ppb0 bus 1
> em0 at pci1 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address
00:90:fb:39:8c:c4
> ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x01: msi
> pci2 at ppb1 bus 2
> em1 at pci2 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address
00:90:fb:39:8c:c5
> ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x01: msi
> pci3 at ppb2 bus 3
> em2 at pci3 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address
00:90:fb:39:8c:c6
> ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x01: msi
> pci4 at ppb3 bus 4
> em3 at pci4 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address
00:90:fb:39:8c:c7
> ppb4 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: msi
> pci5 at ppb4 bus 5
> em4 at pci5 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address
00:90:fb:39:8c:c8
> ppb5 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: msi
> pci6 at ppb5 bus 6
> em5 at pci6 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address
00:90:fb:39:8c:c9
> uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 2 int 23
> ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 2 int 23
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
> ppb6 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
> pci7 at ppb6 bus 7
> pcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01
> pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, channel
0 configured to compatibility, channel 1 configured to compatibility
> pciide0: channel 0 disabled (no drives)
> pciide0: channel 1 disabled (no drives)
> pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
> pciide1: using apic 2 int 19 for native-PCI interrupt
> wd0 at pciide1 channel 0 drive 0: <INTEL SSDSC2BB080G4>
> wd0: 1-sector PIO, LBA48, 76319MB, 156301488 sectors
> wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
> ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: apic 2 int
19
> iic0 at ichiic0
> iic0: addr 0x22 01=bf 04=00 05=00 07=c0 words 00=ffbf 01=bfff 02=ffff
03=ffff 04=0000 05=0000 06=ffc0 07=c0ff
> iic0: addr 0x26 01=bf 04=00 05=00 07=c0 words 00=ffbf 01=bfff 02=ffff
03=ffff 04=0000 05=0000 06=ffc0 07=c0ff
> spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-8500
> spdmem1 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-8500
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1

> isa0 at pcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com0: console
> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> wbsio0 at isa0 port 0x2e/2: W83627DHG rev 0x23
> lm1 at wbsio0 port 0xa00/8: W83627DHG
> vmm0 at mainbus0: VMX
> uhidev0 at uhub1 port 1 configuration 1 interface 0 "SIGMACHIP USB Keyboard"
rev 1.10/1.10 addr 2
> uhidev0: iclass 3/1
> ukbd0 at uhidev0: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> wskbd1: connecting to wsdisplay0
> uhidev1 at uhub1 port 1 configuration 1 interface 1 "SIGMACHIP USB Keyboard"
rev 1.10/1.10 addr 2

> uhidev1: iclass 3/0, 2 report ids
> uhid0 at uhidev1 reportid 1: input=2, output=0, feature=0
> uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0
> vscsi0 at root
> scsibus1 at vscsi0: 256 targets
> softraid0 at root
> scsibus2 at softraid0: 256 targets
> root on wd0a (c39a3eaa2bb5100d.a) swap on wd0b dump on wd0b
>
> $ sysctl hw
> hw.machine=amd64
> hw.model=Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
> hw.ncpu=2
> hw.byteorder=1234
> hw.pagesize=4096
> hw.disknames=wd0:c39a3eaa2bb5100d
> hw.diskcount=1
> hw.sensors.cpu0.temp0=27.00 degC
> hw.sensors.lm1.temp0=31.00 degC
> hw.sensors.lm1.temp1=34.50 degC
> hw.sensors.lm1.fan0=5818 RPM
> hw.sensors.lm1.fan1=21093 RPM
> hw.sensors.lm1.volt0=1.08 VDC (VCore)
> hw.sensors.lm1.volt1=12.25 VDC (+12V)
> hw.sensors.lm1.volt2=3.25 VDC (+3.3V)
> hw.sensors.lm1.volt3=3.25 VDC (+3.3V)
> hw.sensors.lm1.volt4=-11.50 VDC (-12V)
> hw.sensors.lm1.volt5=1.58 VDC
> hw.sensors.lm1.volt6=1.48 VDC
> hw.sensors.lm1.volt7=3.25 VDC (3.3VSB)
> hw.sensors.lm1.volt8=1.60 VDC (VBAT)
> hw.cpuspeed=2793
> hw.setperf=99
> hw.serialno=1122C00444
> hw.uuid=00020003-0004-0005-0006-000700080009
> hw.physmem=4242145280
> hw.usermem=4238712832
> hw.ncpufound=2
> hw.allowpowerdown=1
> hw.perfpolicy=manual
>

Thanks, unfortunately Fleabay doesn't turn up anything for "caswell"
in my price range.

As it is, I might be able to resurrect my Lacie using a pair of USB
thumb drives plugged into the onboard header, set up in softraid 1.

--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Damian McGuckin
To answer some of my own questions, and after wise guidance from the list,
I have noticed that all our firewall hardware using 'vr' ethernet ports
hit a wall somewhere between 65Mbps->69Mbps. This is the case with the
Geodes in a net5501 and various VIA x86 CPUs in VIA embedded systems,

I am thinking of replacing the motherboard in my Net5501 system with one
of the APU2 systems. If anybody has any experience with these, please feel
free to share it. That will keep the price down but probably still about
twice the level that I think Aaron is trying to achieve.

They use an AMD GX-412TC, 1Ghz quad Jaguar core and have 3*1Gbps ethernet
(Intel i210AT) ports. The GX-412TC nominally is about 5 times faster than
the Geode LX in the Net5501.

We need something better than the Soekris Net5501/Geode-LX on the end of
an (Optus) cable internet link which we know runs at 110Mbps (raw) and on
the end of two symmetric fibre links, both 100Mbps, one Optus and one
Telstra. For non-Aussies, Optus and Telstra = ISPs. No, not NBN.

Thanks - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Paul Suh-2
In reply to this post by Predrag Punosevac-2
> On Dec 16, 2016, at 8:32 PM, Predrag Punosevac <[hidden email]>
wrote:
>
> This is my favorite Ebay seller and they have lots of nice network
> equipment for home, small, and large business.
>
> http://stores.ebay.com/MITXPC/

+1 for MITXPC. I've purchased several systems from them over the years and
they've always been responsive and helpful.


--Paul

[demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]

Reply | Threaded
Open this post in threaded view
|

Re: Hardware recommendations for compact 1U firewall

Aaron Mason
On Tue, Jan 10, 2017 at 12:58 PM, Paul Suh <[hidden email]> wrote:

>> On Dec 16, 2016, at 8:32 PM, Predrag Punosevac <[hidden email]>
> wrote:
>>
>> This is my favorite Ebay seller and they have lots of nice network
>> equipment for home, small, and large business.
>>
>> http://stores.ebay.com/MITXPC/
>
> +1 for MITXPC. I've purchased several systems from them over the years and
> they've always been responsive and helpful.
>
>
> --Paul
>
> [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
>

I'd do this if it weren't for the fact that shipping their items to
Australia costs more than their items themselves...

--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

12