![]() |
|
||||
![]()
I want to build a low power fanless OpenBSD firewall. I've been searching the net looking at products from various companies but not finding exactly what I want. I came across this and thought it was perfect for what I'm looking to do, but it appears to be an embedded Linux system. I wanted something more powerful than a Soekris board, and something that has SATA to run an SSD. Two NIC's is fine, but more would be fine too.
Does anyone know of anything like this or seen some cool looking devices worth checking out? My budget is less than $400.
__________________
Mike |
|
||||
![]()
The SuperMicro Atom boards are the best available at the moment IMO:
http://www.supermicro.com/products/nfo/atom.cfm The single-core variant only has one NIC, but you can use a PCI or PCIe NIC. They're not fanless, on my Atom 330 the temperature is pretty good, I bet I could even remove the small CPU fan without too much problem. Although it's not something I would recommend. Maybe you could remove the small heatsink and replace it with a bigger one to compensate ... As a sidenote, this site is running on the 5015A-H with an Atom 330, it works really well IMO and the price is also good. I payed about 300 euro in total, this includes two disks, power supply, casing. The single-core variant is cheaper. |
|
|||
![]()
Another embedded x86 platform is PC Engines's ALIX, it's moderately faster than the Soekris offerings.
http://www.pcengines.ch/alix.htm As for the system you mentioned in your first post, ARM platform aren't really standardized.. so running OpenBSD on that specific system would require that you port it (..and possibly write additional drivers). There are a few embedded ARM platforms that are supported, you can find them here. |
|
||||
![]()
Yeah I just discovered the Supermicro unit myself. Fanless wouldn't be an absolute requirement as long as the unit is quiet. This application is going to be for a small office and the computer equipment will be nearby. As long as it's "very quiet" and shelvable I can live with it. Having SATA is great. It would be nice if the rack mount brackets were removable, oh well.
I found these just now too. They are pre-built boxes, but complete units still. http://www.applianceshop.eu/
__________________
Mike |
|
|||
![]()
For $400, you will be able to run two ALIX systems connected via CARP -- which means that you can update system while the other is performing its duties. This is the configuration I run.
|
|
|||
![]()
As said by Carpetsmoker, another option for smaller x86 systems with easy to find cases.. MiniITX, NanoITX or PicoITX are damned small, and you can get cases for those practically anywhere.
Is that an option? |
|
||||
![]() Quote:
Would it be too much to ask if you could please post a couple of little benchmark work on your Atom 330 dual-core. Code:
# time openssl dhparam -out 4096.pem 4096 Code:
# time dd if=/dev/urandom bs=4k count=1024 | openssl enc -e -k 1234 -aes-128-cbc -out /dev/null Code:
# time openssl speed aes Code:
# time openssl speed -multi 2 aes Code:
# time openssl speed -multi 3 aes /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. ![]() Last edited by s2scott; 9th October 2009 at 07:02 PM. |
|
||||
![]() Quote:
Code:
[~]% uname -a FreeBSD cthulhu.daemonforums.org 7.2-STABLE FreeBSD 7.2-STABLE #2: Sat Sep 26 23:38:19 UTC 2009 carpetsmoker@cthulhu.daemonforums.org:/usr/obj/usr/src/sys/CTHULHU i386 I also disabled HyperThreading in the BIOS. There was a thread about the "new" hyperthreading on questions@ some time ago, and benchmarks showed little difference and sometimes even a slowdown. I didn't actually measure it myself though. Quote:
Code:
[~]% time dd if=/dev/urandom bs=4k count=1024 | openssl enc -e -k 1234 -aes-128-cbc -out /dev/null 1024+0 records in 1024+0 records out 4194304 bytes transferred in 0.329336 secs (12735641 bytes/sec) 0.33 real 0.00 user 0.31 sys Code:
[~]% time openssl speed aes To get the most accurate results, try to run this program when this computer is idle. Doing aes-128 cbc for 3s on 16 size blocks: 3578836 aes-128 cbc's in 2.98s Doing aes-128 cbc for 3s on 64 size blocks: 936183 aes-128 cbc's in 2.98s Doing aes-128 cbc for 3s on 256 size blocks: 236468 aes-128 cbc's in 2.98s Doing aes-128 cbc for 3s on 1024 size blocks: 59330 aes-128 cbc's in 2.98s Doing aes-128 cbc for 3s on 8192 size blocks: 7412 aes-128 cbc's in 2.98s Doing aes-192 cbc for 3s on 16 size blocks: 3161725 aes-192 cbc's in 2.98s Doing aes-192 cbc for 3s on 64 size blocks: 811916 aes-192 cbc's in 2.98s Doing aes-192 cbc for 3s on 256 size blocks: 204905 aes-192 cbc's in 2.98s Doing aes-192 cbc for 3s on 1024 size blocks: 51330 aes-192 cbc's in 2.98s Doing aes-192 cbc for 3s on 8192 size blocks: 6423 aes-192 cbc's in 2.98s Doing aes-256 cbc for 3s on 16 size blocks: 2803864 aes-256 cbc's in 2.98s Doing aes-256 cbc for 3s on 64 size blocks: 717044 aes-256 cbc's in 2.98s Doing aes-256 cbc for 3s on 256 size blocks: 180732 aes-256 cbc's in 2.98s Doing aes-256 cbc for 3s on 1024 size blocks: 45262 aes-256 cbc's in 2.98s Doing aes-256 cbc for 3s on 8192 size blocks: 5665 aes-256 cbc's in 2.98s OpenSSL 0.9.8e 23 Feb 2007 built on: Sun Sep 20 13:27:38 UTC 2009 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 19188.13k 20081.54k 20293.25k 20364.51k 20356.04k aes-192 cbc 16955.50k 17414.58k 17579.33k 17617.89k 17636.09k aes-256 cbc 15035.42k 15378.67k 15507.41k 15537.68k 15550.91k 45.73 real 44.77 user 0.00 sys Code:
[~]% time openssl speed -multi 2 aes Forked child 0 Forked child 1 +DT:aes-128 cbc:3:16 +DT:aes-128 cbc:3:16 +R:3552672:aes-128 cbc:3.000014 +DT:aes-128 cbc:3:64 +R:3203486:aes-128 cbc:3.000331 +DT:aes-128 cbc:3:64 +R:929164:aes-128 cbc:3.000574 +DT:aes-128 cbc:3:256 +R:913984:aes-128 cbc:3.000854 +DT:aes-128 cbc:3:256 +R:236249:aes-128 cbc:3.000572 +DT:aes-128 cbc:3:1024 +R:235224:aes-128 cbc:3.000856 +DT:aes-128 cbc:3:1024 +R:59244:aes-128 cbc:3.000592 +DT:aes-128 cbc:3:8192 +R:58974:aes-128 cbc:3.000851 +DT:aes-128 cbc:3:8192 +R:7408:aes-128 cbc:3.000716 +DT:aes-192 cbc:3:16 +R:7260:aes-128 cbc:3.230340 +DT:aes-192 cbc:3:16 +R:3156597:aes-192 cbc:3.000096 +DT:aes-192 cbc:3:64 +R:3143427:aes-192 cbc:3.000031 +DT:aes-192 cbc:3:64 +R:796566:aes-192 cbc:3.000585 +DT:aes-192 cbc:3:256 +R:806742:aes-192 cbc:3.000561 +DT:aes-192 cbc:3:256 +R:204534:aes-192 cbc:3.000609 +DT:aes-192 cbc:3:1024 +R:203728:aes-192 cbc:3.000558 +DT:aes-192 cbc:3:1024 +R:51300:aes-192 cbc:3.000535 +DT:aes-192 cbc:3:8192 +R:51056:aes-192 cbc:3.000572 +DT:aes-192 cbc:3:8192 +R:6415:aes-192 cbc:3.000792 +DT:aes-256 cbc:3:16 +R:6393:aes-192 cbc:3.004059 +DT:aes-256 cbc:3:16 +R:2790117:aes-256 cbc:3.000359 +DT:aes-256 cbc:3:64 +R:2790455:aes-256 cbc:3.000368 +DT:aes-256 cbc:3:64 +R:715075:aes-256 cbc:3.000573 +DT:aes-256 cbc:3:256 +R:712461:aes-256 cbc:3.000548 +DT:aes-256 cbc:3:256 +R:180520:aes-256 cbc:3.000610 +DT:aes-256 cbc:3:1024 +R:179660:aes-256 cbc:3.000589 +DT:aes-256 cbc:3:1024 +R:45227:aes-256 cbc:3.000642 +DT:aes-256 cbc:3:8192 +R:45011:aes-256 cbc:3.000619 +DT:aes-256 cbc:3:8192 +R:5655:aes-256 cbc:3.000692 Got: +H:16:64:256:1024:8192 from 0 Got: +F:15:aes-128 cbc:18947495.58:19818373.42:20156071.58:20217962.32:20223951.88 from 0 Got: +F:16:aes-192 cbc:16834645.29:16990094.93:17450025.64:17507277.87:17512603.34 from 0 Got: +F:17:aes-256 cbc:14878843.50:15252020.20:15401241.75:15434179.75:15438358.89 from 0 +R:5629:aes-256 cbc:3.001016 Got: +H:16:64:256:1024:8192 from 1 Got: +F:15:aes-128 cbc:17083373.80:19492776.39:20066722.30:20124083.47:18411040.32 from 1 Got: +F:16:aes-192 cbc:16764770.76:17207278.24:17381556.36:17423792.53:17433564.39 from 1 Got: +F:17:aes-256 cbc:14880601.31:15196392.13:15327977.27:15360585.27:15365718.81 from 1 OpenSSL 0.9.8e 23 Feb 2007 built on: Sun Sep 20 13:27:38 UTC 2009 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: aes-128 cbc 36030.87k 39311.15k 40222.79k 40342.05k 38634.99k aes-192 cbc 33599.42k 34197.37k 34831.58k 34931.07k 34946.17k aes-256 cbc 29759.44k 30448.41k 30729.22k 30794.77k 30804.08k 45.26 real 0.01 user 0.00 sys Code:
[~]% time openssl speed -multi 3 aes Forked child 0 Forked child 1 +DT:aes-128 cbc:3:16 +DT:aes-128 cbc:3:16 Forked child 2 +DT:aes-128 cbc:3:16 +R:3085472:aes-128 cbc:3.000411 +DT:aes-128 cbc:3:64 +R:2335941:aes-128 cbc:3.096367 +R:1765266:aes-128 cbc:3.000347 +DT:aes-128 cbc:3:64 +DT:aes-128 cbc:3:64 +R:717500:aes-128 cbc:3.000921 +DT:aes-128 cbc:3:256 +R:722494:aes-128 cbc:3.000608 +DT:aes-128 cbc:3:256 +R:470843:aes-128 cbc:3.000406 +DT:aes-128 cbc:3:256 +R:173636:aes-128 cbc:3.000849 +DT:aes-128 cbc:3:1024 +R:149047:aes-128 cbc:3.067905 +DT:aes-128 cbc:3:1024 +R:153905:aes-128 cbc:3.070786 +DT:aes-128 cbc:3:1024 +R:41614:aes-128 cbc:3.000255 +DT:aes-128 cbc:3:8192 +R:46257:aes-128 cbc:3.073060 +DT:aes-128 cbc:3:8192 +R:33592:aes-128 cbc:3.000096 +DT:aes-128 cbc:3:8192 +R:5908:aes-128 cbc:3.003046 +DT:aes-192 cbc:3:16 +R:5543:aes-128 cbc:3.102018 +DT:aes-192 cbc:3:16 +R:4298:aes-128 cbc:3.001001 +DT:aes-192 cbc:3:16 +R:2046810:aes-192 cbc:3.000435 +DT:aes-192 cbc:3:64 +R:2134905:aes-192 cbc:3.000296 +R:1878963:aes-192 cbc:3.096334 +DT:aes-192 cbc:3:64 +DT:aes-192 cbc:3:64 +R:583581:aes-192 cbc:3.051573 +DT:aes-192 cbc:3:256 +R:477738:aes-192 cbc:3.000449 +R:613944:aes-192 cbc:3.022771 +DT:aes-192 cbc:3:256 +DT:aes-192 cbc:3:256 +R:194166:aes-192 cbc:3.000458 +DT:aes-192 cbc:3:1024 +R:103472:aes-192 cbc:3.000390 +DT:aes-192 cbc:3:1024 +R:106748:aes-192 cbc:3.052449 +DT:aes-192 cbc:3:1024 +R:34781:aes-192 cbc:3.000570 +DT:aes-192 cbc:3:8192 +R:44114:aes-192 cbc:3.000014 +DT:aes-192 cbc:3:8192 +R:31268:aes-192 cbc:3.000960 +DT:aes-192 cbc:3:8192 +R:3160:aes-192 cbc:3.011755 +DT:aes-256 cbc:3:16 +R:3823:aes-192 cbc:3.000690 +DT:aes-256 cbc:3:16 +R:4679:aes-192 cbc:3.000900 +DT:aes-256 cbc:3:16 +R:2428290:aes-256 cbc:3.000376 +R:1389504:aes-256 cbc:3.000931 +DT:aes-256 cbc:3:64 +DT:aes-256 cbc:3:64 +R:1815014:aes-256 cbc:3.000895 +DT:aes-256 cbc:3:64 +R:587956:aes-256 cbc:3.000607 +R:341651:aes-256 cbc:3.047712 +DT:aes-256 cbc:3:256 +DT:aes-256 cbc:3:256 +R:494284:aes-256 cbc:2.999994 +DT:aes-256 cbc:3:256 +R:149532:aes-256 cbc:3.000442 +DT:aes-256 cbc:3:1024 +R:80491:aes-256 cbc:3.000114 +R:123433:aes-256 cbc:3.000586 +DT:aes-256 cbc:3:1024 +DT:aes-256 cbc:3:1024 +R:43577:aes-256 cbc:3.000612 +DT:aes-256 cbc:3:8192 +R:24787:aes-256 cbc:3.000499 +DT:aes-256 cbc:3:8192 +R:25766:aes-256 cbc:3.000990 +DT:aes-256 cbc:3:8192 +R:4161:aes-256 cbc:3.000421 +R:3611:aes-256 cbc:3.000217 +R:3730:aes-256 cbc:3.001099 Got: +H:16:64:256:1024:8192 from 0 Got: +F:15:aes-128 cbc:12070615.66:10043291.47:14812746.66:15413681.48:14638295.46 from 0 Got: +F:16:aes-192 cbc:11385036.68:12998806.72:8952643.60:10669396.46:12772957.45 from 0 Got: +F:17:aes-256 cbc:9677187.64:10544746.42:10530892.30:8791893.34:10181656.79 from 0 Got: +H:16:64:256:1024:8192 from 1 Got: +F:15:aes-128 cbc:16453596.52:15301968.96:12830487.05:11465702.43:11732490.59 from 1 Got: +F:16:aes-192 cbc:9709355.64:10190218.86:8828462.97:15057508.40:10436938.17 from 1 Got: +F:17:aes-256 cbc:12949257.03:12540523.97:6868304.34:8459222.28:9859724.15 from 1 Got: +H:16:64:256:1024:8192 from 2 Got: +F:15:aes-128 cbc:9413663.15:15410082.22:12437162.17:14203038.08:16116415.13 from 2 Got: +F:16:aes-192 cbc:10914737.36:12239321.82:16566302.88:11869659.43:8595227.70 from 2 Got: +F:17:aes-256 cbc:7408388.93:7174452.18:12758184.29:14871248.93:11360709.71 from 2 OpenSSL 0.9.8e 23 Feb 2007 built on: Sun Sep 20 13:27:38 UTC 2009 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: aes-128 cbc 37937.88k 40755.34k 40080.40k 41082.42k 42487.20k aes-192 cbc 32009.13k 35428.35k 34347.41k 37596.56k 31805.12k aes-256 cbc 30034.83k 30259.72k 30157.38k 32122.36k 31402.09k 46.49 real 0.01 user 0.00 sys |
|
||||
![]()
Firstly, big time thank you!
Secondly, whoo ha! The ATOM 330 is pretty darn quick. Here's my mono-core P4 3 GHz DDR machine. Code:
# time dd if=/dev/urandom bs=4k count=1024 | openssl enc -e -k 1234 -aes-128-cbc -out /dev/null 1024+0 records in 1024+0 records out 4194304 bytes (4.2 MB) copied, 1.34392 seconds, 3.1 MB/s real 0m1.353s user 0m0.116s sys 0m1.353s # /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. ![]() |
|
||||
![]()
What's also interesting is the openssl speed [-multi 1] vs -multi 2 vs -multi 3 results. The parallel test (-multi 2 and -multi 3) results are FASTER and more useful work then non-parallel, which looks to mean that the second core kicks in nicely.
I note the it's "freeBSD," not "openBSD." Oh, I'd love to see if the openbsd.mp kicks in as well. Well, you've assured one thing -- my asterisk/freePBX telephony box is going ATOM 330 from it's P4. Anyone out there with an openBSD-ATOM 330 ... ? Again, thanks, Carpetsmoker! /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. ![]() Last edited by s2scott; 10th October 2009 at 12:12 AM. |
|
||||
![]()
No, but I do have an Atom 230, single-core HT. It runs my wife's WinXP/32 desktop. But, I could easily run the same tests with OpenBSD i386/amd64 if you like, should you have any interest. I just have to get her permission to borrow it on a temporary basis.
|
|
||||
![]() Quote:
![]() This is especially true considering you are running a P4 netburst piece of junk (Sorry, but I have strong feelings towards those). Quote:
Quote:
![]() IMO this board has a very good price/quality ratio. How many 125$ boards (incl. CPU) do you know where you can control the BIOS over serial line? Even on many 400$ boards you can't. |
|
||||
![]()
Oh, yes, please!
Quote:
:-) /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. ![]() Last edited by s2scott; 10th October 2009 at 01:23 AM. |
|
||||
![]() Quote:
Quote:
Hence it relegation to a SOHO asterisk/freePBX machine. On the PRO side: to be fair, at 3 GHz, it plows through the job very well. On the CON side: It sucks power, does NOT have HPET timer source (which would help asterisk), and doesn't have the working SSE3 (sic) and 4 extensions (which the CODECs would appreciate). ATOM address all the CONS. The ATOM follow-on, the PINEVIEW, though yet unseen, is expected 1Q2010 and is alleged to blow everything away (except its i7 brother). /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. ![]() Last edited by s2scott; 10th October 2009 at 02:32 AM. |
|
||||
![]() Quote:
I can get the ASUS or INTEL 330 boards for CAD$90 or CAD$105, respectively, but they don't have the PCI-e slots and fine-grained BIOS control that you mention. Not sure how much I care for the asterisk/freePBX box, but as a openBSD multi-NIC firewall/VPN/etc box, I think the supermicro is the hands-down winner. /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. ![]() |
|
||||
![]() Quote:
|
![]() |
Tags |
firewall, firewall hardware, hardware |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
PF firewall | bsdnewbie999 | OpenBSD General | 3 | 28th April 2009 12:35 PM |
firewall for 2 adsl | milo974 | OpenBSD General | 2 | 13th October 2008 05:03 PM |
The great appliance hunt. | diw | General Hardware | 8 | 23rd July 2008 07:02 PM |
OpenBSD firewall resources | J65nko | OpenBSD Security | 0 | 1st June 2008 02:28 AM |
Web GUI for firewall ? | giga | FreeBSD General | 6 | 8th May 2008 05:10 AM |