I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help. Basically think about a sophisticated home user, or a 1-5 person small office. Think DSL, Cable Modem, maybe Cell Card or ISDN as backups. Looking for an "appliance", very much fire and forget. I probably won't get all the features that I want, but in no particular order: - Able to load balance over 2 links (probably via NAT). - IPv6 support, native or tunnel to tunnelbroker.net type thing. - Able to deal with "backup" connectivity, eg. Cell Cards which you only want to use if the primary is down. - User friendly features, e.g. UPNP, NAT-PMP, etc. - Good manageability. ssh to a cli would be a huge bonus, at least the ability to backup a config. - Able to handle decent througput, probably 20Mbps/sec min, 50 would be nice. _ Nice firewall features. - IDS features are cool. WiFi is not strictly required, but would be cool. Things like "guest" WiFi would be an added bonus. Something a NANOGer might want at home would be a good baseline. I realize the exact product may differ depending on DSL/Cable/Cell/ISDN, that's ok, let's get some various good solutions going here. What is the state of the art, and who has it? -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
ClearOS appliance. http://www.clearcenter.com/ClearBOX-Overview/clearbox-overview.html multi-wan, snort IDS, reporting, all built in. Manageable via the web interface, or ssh (it's linux after all) On 11/11/2010 8:41 PM, Leo Bicknell wrote:
Something a NANOGer might want at home would be a good baseline. I realize the exact product may differ depending on DSL/Cable/Cell/ISDN, that's ok, let's get some various good solutions going here.
On 11/11/10 8:41 PM, Leo Bicknell wrote:
Something a NANOGer might want at home would be a good baseline. I realize the exact product may differ depending on DSL/Cable/Cell/ISDN, that's ok, let's get some various good solutions going here.
What is the state of the art, and who has it? I've been pretty happy with the Astaro firewall product - It's basically a Linux system with a nice web-based interface for management. Either get their appliance, or throw it on a x86 box. Only thing out of your wish list I've really had a problem with is lack of IPv6 support.
They have a free home version that I've got all sorts of weird stuff running through on a cable modem without any problems. www.astaro.com David
Try the Linksys RV016. We're using this to load balance three satellite uplinks in Afghanistan, 2 Mbps each, but it will supposedly handle much higher. Best regards, Jeff On Fri, Nov 12, 2010 at 4:41 AM, Leo Bicknell <bicknell@ufp.org> wrote:
I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help.
Basically think about a sophisticated home user, or a 1-5 person small office. Think DSL, Cable Modem, maybe Cell Card or ISDN as backups. Looking for an "appliance", very much fire and forget. I probably won't get all the features that I want, but in no particular order:
- Able to load balance over 2 links (probably via NAT). - IPv6 support, native or tunnel to tunnelbroker.net type thing. - Able to deal with "backup" connectivity, eg. Cell Cards which you only want to use if the primary is down. - User friendly features, e.g. UPNP, NAT-PMP, etc. - Good manageability. ssh to a cli would be a huge bonus, at least the ability to backup a config. - Able to handle decent througput, probably 20Mbps/sec min, 50 would be nice. _ Nice firewall features. - IDS features are cool.
WiFi is not strictly required, but would be cool. Things like "guest" WiFi would be an added bonus.
Something a NANOGer might want at home would be a good baseline. I realize the exact product may differ depending on DSL/Cable/Cell/ISDN, that's ok, let's get some various good solutions going here.
What is the state of the art, and who has it?
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
And does this take cellular modems as a backup? The only wifi AP I've seen that would take SIM cards besides ethernet was a no-name chinese brand I saw in a Hong Kong electronics store. On Fri, Nov 12, 2010 at 7:18 AM, Jeffrey Lyon <jeffrey.lyon@blacklotus.net> wrote:
Try the Linksys RV016. We're using this to load balance three satellite uplinks in Afghanistan, 2 Mbps each, but it will supposedly handle much higher.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On 12 Nov 2010, at 01:54, Suresh Ramasubramanian wrote:
And does this take cellular modems as a backup? The only wifi AP I've seen that would take SIM cards besides ethernet was a no-name chinese brand I saw in a Hong Kong electronics store.
The Vigor2820 series of WiFi AP/Router/ADSL boxes will take a USB 3G modem stick. They will probably also do the necessary for the OP, although v6 is experimental I believe. Solwise have some HomeAV devices that will take USB 3G dongles. f
Check out cradlepoint. Doesn't have all the features you want, but will do wifi/3g/ethernet as wan options. Not sure if it load balances between them though. Also check out pfsense. That's what I am currently running. On 11/11/2010 05:54 PM, Suresh Ramasubramanian wrote:
And does this take cellular modems as a backup? The only wifi AP I've seen that would take SIM cards besides ethernet was a no-name chinese brand I saw in a Hong Kong electronics store.
They also have an adapter for using with other routers in a pass-through scenario. http://www.cradlepoint.com/products/cba250-cellular-broadband-adapter# On 11/12/10 11:00 AM, "Charles N Wyble" <charles@knownelement.com> wrote:
Check out cradlepoint. Doesn't have all the features you want, but will do wifi/3g/ethernet as wan options. Not sure if it load balances between them though. Also check out pfsense. That's what I am currently running.
On 11/11/2010 05:54 PM, Suresh Ramasubramanian wrote:
And does this take cellular modems as a backup? The only wifi AP I've seen that would take SIM cards besides ethernet was a no-name chinese brand I saw in a Hong Kong electronics store.
Last time I looked into this, the small Fortinet boxes and the Juniper NetScreen-5 or -25 were in this class. Juniper now has the SSG to replace the small NetScreen devices. I'm using a Fortinet box to do many of the things on your list, including IPv6 support, at home. Matthew Kaufman
On 11/11/2010 5:56 PM, Matthew Kaufman wrote:
Last time I looked into this, the small Fortinet boxes and the Juniper NetScreen-5 or -25 were in this class. Juniper now has the SSG to replace the small NetScreen devices.
I'm using a Fortinet box to do many of the things on your list, including IPv6 support, at home.
And I forgot to mention an even more relevant operational note... quite a few of these boxes can support quite a few more security zones (or profiles or whatever they call them) than they have ports. Consider VLAN-trunking one of these into a low-end VLAN-capable switch as a port expander. Matthew Kaufman
I'm very happy with my SRX-100, but, I wouldn't call it particularly low-end at $600. Owen On Nov 11, 2010, at 5:56 PM, Matthew Kaufman wrote:
Last time I looked into this, the small Fortinet boxes and the Juniper NetScreen-5 or -25 were in this class. Juniper now has the SSG to replace the small NetScreen devices.
I'm using a Fortinet box to do many of the things on your list, including IPv6 support, at home.
Matthew Kaufman
I'd take a peak at Juniper's branch model SRX line. Something like the SRX210 has a mini-PIM slot that can take a DOCSIS hand-off. Can't speak to pricing, however, but they're great little boxes. Adam On Nov 11, 2010, at 18:43, Leo Bicknell <bicknell@ufp.org> wrote:
I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help.
Basically think about a sophisticated home user, or a 1-5 person small office. Think DSL, Cable Modem, maybe Cell Card or ISDN as backups. Looking for an "appliance", very much fire and forget. I probably won't get all the features that I want, but in no particular order:
- Able to load balance over 2 links (probably via NAT). - IPv6 support, native or tunnel to tunnelbroker.net type thing. - Able to deal with "backup" connectivity, eg. Cell Cards which you only want to use if the primary is down. - User friendly features, e.g. UPNP, NAT-PMP, etc. - Good manageability. ssh to a cli would be a huge bonus, at least the ability to backup a config. - Able to handle decent througput, probably 20Mbps/sec min, 50 would be nice. _ Nice firewall features. - IDS features are cool.
WiFi is not strictly required, but would be cool. Things like "guest" WiFi would be an added bonus.
Something a NANOGer might want at home would be a good baseline. I realize the exact product may differ depending on DSL/Cable/Cell/ISDN, that's ok, let's get some various good solutions going here.
What is the state of the art, and who has it?
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
As well as an expresscard slot for a wireless modem.. On Nov 11, 2010 8:27 PM, "Adam Leff" <adam@leff.co> wrote:
I'd take a peak at Juniper's branch model SRX line. Something like the SRX210 has a mini-PIM slot that can take a DOCSIS hand-off.
Can't speak to pricing, however, but they're great little boxes.
Adam
On Nov 11, 2010, at 18:43, Leo Bicknell <bicknell@ufp.org> wrote:
I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help.
Basically think about a sophisticated home user, or a 1-5 person small office. Think DSL, Cable Modem, maybe Cell Card or ISDN as backups. Looking for an "appliance", very much fire and forget. I probably won't get all the features that I want, but in no particular order:
- Able to load balance over 2 links (probably via NAT). - IPv6 support, native or tunnel to tunnelbroker.net type thing. - Able to deal with "backup" connectivity, eg. Cell Cards which you only want to use if the primary is down. - User friendly features, e.g. UPNP, NAT-PMP, etc. - Good manageability. ssh to a cli would be a huge bonus, at least the ability to backup a config. - Able to handle decent througput, probably 20Mbps/sec min, 50 would be nice. _ Nice firewall features. - IDS features are cool.
WiFi is not strictly required, but would be cool. Things like "guest" WiFi would be an added bonus.
Something a NANOGer might want at home would be a good baseline. I realize the exact product may differ depending on DSL/Cable/Cell/ISDN, that's ok, let's get some various good solutions going here.
What is the state of the art, and who has it?
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
On 11/11/2010 8:41 PM, Leo Bicknell wrote:
I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help.
Basically think about a sophisticated home user, or a 1-5 person small office. Think DSL, Cable Modem, maybe Cell Card or ISDN as backups. Looking for an "appliance", very much fire and forget. I probably won't get all the features that I want, but in no particular order:
- Able to load balance over 2 links (probably via NAT). - IPv6 support, native or tunnel to tunnelbroker.net type thing. - Able to deal with "backup" connectivity, eg. Cell Cards which you only want to use if the primary is down. - User friendly features, e.g. UPNP, NAT-PMP, etc. - Good manageability. ssh to a cli would be a huge bonus, at least the ability to backup a config. - Able to handle decent througput, probably 20Mbps/sec min, 50 would be nice. _ Nice firewall features. - IDS features are cool.
WiFi is not strictly required, but would be cool. Things like "guest" WiFi would be an added bonus.
Something a NANOGer might want at home would be a good baseline. I realize the exact product may differ depending on DSL/Cable/Cell/ISDN, that's ok, let's get some various good solutions going here.
What is the state of the art, and who has it?
DD-WRT supported hardware may be a start... -- /Jason
I have sort of recently gone from a little netscreen 5 to a mikrotik rb750g. Happily running for about 4 months. Way more of a power user or net admin than consumer oriented device. Fast though, loads faster than the netscreen On Nov 11, 2010 6:41 PM, "Leo Bicknell" <bicknell@ufp.org> wrote:
I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help.
Basically think about a sophisticated home user, or a 1-5 person small office. Think DSL, Cable Modem, maybe Cell Card or ISDN as backups. Looking for an "appliance", very much fire and forget. I probably won't get all the features that I want, but in no particular order:
- Able to load balance over 2 links (probably via NAT). - IPv6 support, native or tunnel to tunnelbroker.net type thing. - Able to deal with "backup" connectivity, eg. Cell Cards which you only want to use if the primary is down. - User friendly features, e.g. UPNP, NAT-PMP, etc. - Good manageability. ssh to a cli would be a huge bonus, at least the ability to backup a config. - Able to handle decent througput, probably 20Mbps/sec min, 50 would be nice. _ Nice firewall features. - IDS features are cool.
WiFi is not strictly required, but would be cool. Things like "guest" WiFi would be an added bonus.
Something a NANOGer might want at home would be a good baseline. I realize the exact product may differ depending on DSL/Cable/Cell/ISDN, that's ok, let's get some various good solutions going here.
What is the state of the art, and who has it?
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
On 11/11/2010 10:55 PM, Michael Loftis wrote:
I have sort of recently gone from a little netscreen 5 to a mikrotik rb750g. Happily running for about 4 months. Way more of a power user or net admin than consumer oriented device. Fast though, loads faster than the netscreen
I would recommend their products except for one thing: They have quite a few different models which experience a still-unfixed problem where the Ethernet port(s) simply go silent for 5-20 minutes and then come back all on their own (or with a reboot). Totally unacceptable, and their support forums are filled with others having the same problem *and* no confirmation of what the company is doing to fix it. And hard to debug, I'm sure, because the problem is one of those "happens every other day for 4 days, then not again for 3 weeks" kinds of bugs. Matthew Kaufman
On Fri, Nov 12, 2010 at 8:36 AM, Matthew Kaufman <matthew@matthew.at> wrote:
On 11/11/2010 10:55 PM, Michael Loftis wrote:
I have sort of recently gone from a little netscreen 5 to a mikrotik rb750g. Happily running for about 4 months. Way more of a power user or net admin than consumer oriented device. Fast though, loads faster than the netscreen
I would recommend their products except for one thing: They have quite a few different models which experience a still-unfixed problem where the Ethernet port(s) simply go silent for 5-20 minutes and then come back all on their own (or with a reboot). Totally unacceptable, and their support forums are filled with others having the same problem *and* no confirmation of what the company is doing to fix it.
And hard to debug, I'm sure, because the problem is one of those "happens every other day for 4 days, then not again for 3 weeks" kinds of bugs.
I've never actually had that problem, and wasn't even aware of it until reading your message just now. It might be that I use the thing in a completely different manner (I've a bridge+vlan tagging setup). Being as I work from home it gets used very thoroughly so if it had had the issue I would've noticed. I'm wondering if some units are having thermal issues, seems to be a common thread/problem lately with embedded devices. Newer gen processors are starting to see thermal and PSU loads (on account of lower voltages) that haven't been dealt with much by these hardware makers. Or I could just be lucky, or my office is cooler than others. I've heard a lot of people having thermal issues with the global tech guruplug server plus wall wart units, and while the two I have do get very hot, I haven't had any crashes. But they are still way too hot for me to ever recommend them for anything. The RB750G though doesn't ever seem to warm up or anything so it's very odd that there's issues. I'm running the 4.x stable releases though too, not 5.x, I'll have to look into the forum posts on this. Good to know about!
On 12 nov 2010, at 02:41, Leo Bicknell wrote:
I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help.
<snip>
What is the state of the art, and who has it?
<shameless plug> Have a look at http://labs.ripe.net/Members/mirjam/ipv6-cpe-surveys/ if you want some pointers on IPv6 support. As always feedback is more than welcome, I'll try and publish a new one in a few weeks. </shameless plug> Frank Bulk maintains something similiair on the arin wiki at http://www.getipv6.info/index.php/Broadband_CPE MarcoH
On Thu, Nov 11, 2010 at 05:41:00PM -0800, Leo Bicknell wrote:
I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help.
An ALIX with pfSense 2.0 (BETA4 at the moment) would fit most of the above. IPv6 support is coming (is mostly there in the kernel, but interface only alpha). If you want to run the snort package I'd however pick a Supermicro Atom system with 2 onboard NICs and add a dual-port Intel NIC, and run pfSense from a small SSD or an USB stick. Albeit a rackmount, the system would be quiet enough for SOHO. There are multiple recommended hardware vendors http://www.pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50 and also commercial support http://www.pfsense.org/index.php?option=com_content&task=view&id=62&Itemid=73
Basically think about a sophisticated home user, or a 1-5 person small office. Think DSL, Cable Modem, maybe Cell Card or ISDN as backups. Looking for an "appliance", very much fire and forget. I probably won't get all the features that I want, but in no particular order:
- Able to load balance over 2 links (probably via NAT).
Check.
- IPv6 support, native or tunnel to tunnelbroker.net type thing.
Requires hacking at the moment, but is coming fast.
- Able to deal with "backup" connectivity, eg. Cell Cards which you only want to use if the primary is down. - User friendly features, e.g. UPNP, NAT-PMP, etc. - Good manageability. ssh to a cli would be a huge bonus, at least the ability to backup a config.
Very well supported. http(s) and ssh both.
- Able to handle decent througput, probably 20Mbps/sec min, 50 would be nice.
ALIX does about 70 MBit/s, an dual-core Atom can probably handle 500 MBit/s.
_ Nice firewall features. - IDS features are cool.
WiFi is not strictly required, but would be cool. Things like "guest" WiFi would be an added bonus.
Something a NANOGer might want at home would be a good baseline. I realize the exact product may differ depending on DSL/Cable/Cell/ISDN, that's ok, let's get some various good solutions going here.
What is the state of the art, and who has it?
I run pfSense both at home (6/100 MBit/s DOCSIS 3.0 cable modem) and in the colo (GBit Ethernet, failover cluster). Very happy.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
On 2010-11-12, at 4:24 AM, Eugen Leitl wrote:
On Thu, Nov 11, 2010 at 05:41:00PM -0800, Leo Bicknell wrote:
I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help.
Mikrotik RB750G here with RouterOS 5.0RC3 Since I'm on a cable modem with Port 25 blocked and I want an SMTP server at home, I'm now using the Router to additionally set-up an L2TP tunnel into PortableIP.com, grab a fixed IP over there, use this as my MX and DST-NAT into an SMTP server at home. Also I'm SRC-NATting out everything to the cable modem, but the SMTP traffic back out the L2TP interface. All of this on a $70 box, with a very fast CPU, and 5 GigE ports. F.
All of this on a $70 box, with a very fast CPU, and 5 GigE ports.
Currently playing with a little ADSL box made by Gennet (Athens, Greece). They have a beta which includes v6 support. Still some work to do but it looks very promising and the basics work (PPP dual stack, dhcpv6 PD, DNS). Firewall is under development and they have a nasty bug in the wlan driver which needs fixing so it's supports v6. http://broadband.gennetsa.com/oxygen_router.html Groet, MarcoH
On 11/12/2010 01:24 AM, Eugen Leitl wrote:
On Thu, Nov 11, 2010 at 05:41:00PM -0800, Leo Bicknell wrote:
I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help. An ALIX with pfSense 2.0 (BETA4 at the moment) would fit most of the above. IPv6 support is coming (is mostly there in the kernel, but interface only alpha).
PPPOE is currently broken in 2.0 BETA4. :(
If you want to run the snort package I'd however pick a Supermicro Atom system with 2 onboard NICs and add a dual-port Intel NIC, and run pfSense from a small SSD or an USB stick. Albeit a rackmount, the system would be quiet enough for SOHO.
Yes. I agree. Have SNORT run as a transparent bridge and have a separate management interface. Use vlans on that interface to handle whatever you need to do (dedicated vlan for snort, one for your management network, one for secure wifi, one for guest wifi etc).
Basically think about a sophisticated home user, or a 1-5 person small office. Think DSL, Cable Modem, maybe Cell Card or ISDN as backups. Looking for an "appliance", very much fire and forget. I probably won't get all the features that I want, but in no particular order:
- Able to deal with "backup" connectivity, eg. Cell Cards which you only want to use if the primary is down. - User friendly features, e.g. UPNP, NAT-PMP, etc. - Good manageability. ssh to a cli would be a huge bonus, at least the ability to backup a config. Very well supported. http(s) and ssh both.
Well the SSH interface is very limited. You can login and do some basic checks. However everything is driven from a single XML config file that gets parsed by PHP scripts during the init process and then writes out all the UNIX configuration files. However all the things I've ever done from the CLI on a Linux box are readily available from the pfSense web interface (arp table checks, traceroute,ping,iperf,tcpdump). I only use the CLI when I have broken something.
_ Nice firewall features.
- IDS features are cool.
It has a SNORT package that's pretty nice. Also has some other AV type stuff and a proxy. I haven't gotten the proxy/av to work yet, but haven't put much time into them.
WiFi is not strictly required, but would be cool. Things like "guest" WiFi would be an added bonus.
It supports a lot of wifi cards. I put a USB wifi stick in my pfsense box and configured it as an AP from the web UI. I'm running the current stable pfSense (1.2.3 I think). Very happy with it. It's a fully featured distribution that is incredibly well put together.
Leo Bicknell <bicknell@ufp.org> writes:
- IPv6 support, native or tunnel to tunnelbroker.net type thing.
This is far too diffuse. You'll get a "yes, we've got IPv6". You should at least add - IPv6 packet filtering and policy management (at least simple access lists) - DHCPv6-PD client running over PPP or ethernet (possibly bridged DSL) WAN interface(s) - Ability to split the delegated prefix into a /64 for every LAN and loopback interface, preferably fully configurable - Configurable RA on LAN interfaces, using the dynamically allocated prefixes - (wishlist) configurable ifid's on the LAN and loopback interfaces as an alternative to using EUI-64 - WAN link addressing using whatever is available of SLAAC, DHCPv6 IA_NA or link local. Specifically: Using SLAAC for the WAN link should be possible without sacrificing any router functionality on the CPE. and probably a lot more. DNS resolver handling needs a chapter on it's own.... The point is: We've been asking for "IPv6" for too long. That's just one bit in a packet header. We need to start asking for the features we expect, which is a lot more than that bit. Bjørn
On 12 Nov 2010, at 12:55, Bjørn Mork wrote:
This is far too diffuse. You'll get a "yes, we've got IPv6".
You should at least add - IPv6 packet filtering and policy management (at least simple access lists) <snip>
The point is: We've been asking for "IPv6" for too long. That's just one bit in a packet header. We need to start asking for the features we expect, which is a lot more than that bit.
For IPv6 CPE requirements, you might want to look at http://tools.ietf.org/html/draft-ietf-v6ops-ipv6-cpe-router-07 and comment on the IETF v6ops list. Tim
-----Original Message----- From: Leo Bicknell [mailto:bicknell@ufp.org] Sent: Thursday, November 11, 2010 8:41 PM To: nanog@nanog.org Subject: Low end, cool CPE. I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help. Basically think about a sophisticated home user, or a 1-5 person small office. Think DSL, Cable Modem, maybe Cell Card or ISDN as backups. Looking for an "appliance", very much fire and forget. I probably won't get all the features that I want, but in no particular order: - Able to load balance over 2 links (probably via NAT). - IPv6 support, native or tunnel to tunnelbroker.net type thing. - Able to deal with "backup" connectivity, eg. Cell Cards which you only want to use if the primary is down. - User friendly features, e.g. UPNP, NAT-PMP, etc. - Good manageability. ssh to a cli would be a huge bonus, at least the ability to backup a config. - Able to handle decent througput, probably 20Mbps/sec min, 50 would be nice. _ Nice firewall features. - IDS features are cool. I've been very happy with Peplink's Balance line (have a couple of 380's) -Keith
Everytime I'm in the market for a device like you describe, it comes down to the limitations of consumer devices. You can't get all those things in a low cost solution. I end up rolling my own. My latest system is this http://www.supermicro.com/products/system/1U/5015/SYS-5015A-PHF.cfm , with Endian http://endian.com/en/community/download/ and an additional dual port nic. With all the parts (HD,NIC) it's under $400. It's an atom board, so you could put whatever you wanted on it. I have a 50mbps net connection and it doesn't have any issues.
On Fri, Nov 12, 2010 at 10:10:30AM -0500, Jason Lewis wrote:
Everytime I'm in the market for a device like you describe, it comes down to the limitations of consumer devices. You can't get all those things in a low cost solution. I end up rolling my own. My latest system is this http://www.supermicro.com/products/system/1U/5015/SYS-5015A-PHF.cfm
Exactly my stock system. Apparently, there's a version which doesn't need a slot spacer, and has frontally accessible ports: http://www.thomas-krenn.com/de/server-systeme/1HE-rack-server/1HE-intel-sing... Aye, that's the rub: no ECC memory. But nice enough IPMI.
, with Endian http://endian.com/en/community/download/ and an additional dual port nic. With all the parts (HD,NIC) it's under $400.
It's an atom board, so you could put whatever you wanted on it. I have a 50mbps net connection and it doesn't have any issues.
Works well on GBit/s as well. I haven't measured the throughput yet, though. Should be ~500 MBit/s, assuming a single Atom core is about equivalent to a Pentium 3 at the same frequency.
On 11/12/10 11:30 PM, Eugen Leitl wrote:
On Fri, Nov 12, 2010 at 10:10:30AM -0500, Jason Lewis wrote:
Everytime I'm in the market for a device like you describe, it comes down to the limitations of consumer devices. You can't get all those things in a low cost solution. I end up rolling my own. My latest system is this http://www.supermicro.com/products/system/1U/5015/SYS-5015A-PHF.cfm
<snip>
, with Endian http://endian.com/en/community/download/ and an additional dual port nic. With all the parts (HD,NIC) it's under $400.
It's an atom board, so you could put whatever you wanted on it. I have a 50mbps net connection and it doesn't have any issues.
Works well on GBit/s as well. I haven't measured the throughput yet, though. Should be ~500 MBit/s, assuming a single Atom core is about equivalent to a Pentium 3 at the same frequency.
An atom should easily be able to forward some high fraction of a gig between two pci-e 1x connected interfaces certainly in the soho context such a box can do ipsec at farily reasonable rates as well. Regarding equivalence to a PIII an atom is a scalar rather than super scalar device. it is slower clock for clock than a pIII but there are also multicore variants and of course they run faster at loewr poper consumption rates than the equivalent PIII derived embedded processor such as the intel a800
participants (22)
-
Adam Leff
-
Andrew Kirch
-
Bjørn Mork
-
Byers, Micah
-
Charles N Wyble
-
David Coulson
-
Eugen Leitl
-
Fearghas McKay
-
Francois Menard
-
Jason Bertoch
-
Jason Lewis
-
Jeffrey Lyon
-
Joel Jaeggli
-
Leo Bicknell
-
Marco Hogewoning
-
Matthew Kaufman
-
Michael Loftis
-
Owen DeLong
-
Suresh Ramasubramanian
-
Tim Chown
-
Tim Jackson
-
Wallace Keith