Re: router solutions based on Debian?

[Dan Ritter]

On Wed, Nov 30, 2016 at 02:45:00PM +0100, Daniel Pocock wrote:
> 
> 
> On 30/11/16 13:28, Dan Ritter wrote:
> > Ubiquiti has a major problem: they violate the GPL up down and sideways.
> > 
> > http://libertybsd.net/ubiquiti/
> > 
> 
> If the device can be completely reflashed, is that an issue?

The routing hardware is controlled by unavailable drivers. You
would have a low-powered appliance that doesn't route.

But even that wasn't an issue  -- buying hardware from a company that
doesn't take minimal steps to comply with the terms of the licenses that
they are directly benefitting from? I don't think that's a good move.

It's not like these are x86 boxes where you can replace things ad-hoc.

-dsr-

Re: router solutions based on Debian?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 30, 2016 at 02:45:00PM +0100, Daniel Pocock wrote:
> 
> 
> On 30/11/16 13:28, Dan Ritter wrote:

[...]

> > Ubiquiti has a major problem: they violate the GPL up down and sideways.
> > 
> > http://libertybsd.net/ubiquiti/
> > 
> 
> If the device can be completely reflashed, is that an issue?

Yes, you renounce to "vote with your wallet". May be that bothers you,
may be not. It would bother me, I know.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlg+2e0ACgkQBcgs9XrR2kbFLACeL4WMEokUQj6TjRqgWRJ42fuw
WXsAnArhH8bX/teT+m8YJcB4w97ifuu/
=msp5
-END PGP SIGNATURE-

Re: router solutions based on Debian?

[Daniel Pocock]

On 30/11/16 13:28, Dan Ritter wrote:
> On Tue, Nov 29, 2016 at 03:00:24PM -0800, J Mo wrote:
>>
>> When it comes to router-web-UI distros, the only thing I could recommend was
>> was PFSense. Everything else was disappointing.
> 
> I don't recommend that anyone, ever, use a web UI to try to
> control a router. 
> 

I would suggest that the priorities, from highest to lowest, are:

- security
- functionality (does it do what is needed)
- performance
- web UI

Many people do like a nice web UI these days, but as the saying goes,
never judge a book by its cover.

E.g. the OpenWRT web UI is nice, but only allows me to enable one of
DHCP or DHCPv6 when I really want both concurrently (dual stack).  The
web UI actually stops me doing something that the software is perfectly
capable of.


>> That being said, a regular old Debian box would make a fine router if you
>> are a command-line oriented person. There is plenty of ITX-sized and smaller
>> hardware out there to meet your needs. This seems to be the way you were
>> headed anyhow.
>>

I don't mind building a box if that is the best way to proceed, but if
using a ready-made solution is more cost effective and saves time I
usually prefer to go that way.


>> It should be noted that Ubiquiti firewall/routers are Debian based and drop
>> you right into a bash shell. They are worth looking at. Their web-UI isn't
>> bad either, but it doesn't have feature-parity with command line yet (maybe
>> never will). I would highly recommend any network engineer to pick up their
>> little $50 ERX to play with.
> 
> Ubiquiti has a major problem: they violate the GPL up down and sideways.
> 
> http://libertybsd.net/ubiquiti/
> 

If the device can be completely reflashed, is that an issue?

Regards,

Daniel

Re: router solutions based on Debian?

[Dan Ritter]

On Tue, Nov 29, 2016 at 03:00:24PM -0800, J Mo wrote:
> 
> When it comes to router-web-UI distros, the only thing I could recommend was
> was PFSense. Everything else was disappointing.

I don't recommend that anyone, ever, use a web UI to try to
control a router. 

> That being said, a regular old Debian box would make a fine router if you
> are a command-line oriented person. There is plenty of ITX-sized and smaller
> hardware out there to meet your needs. This seems to be the way you were
> headed anyhow.
> 
> It should be noted that Ubiquiti firewall/routers are Debian based and drop
> you right into a bash shell. They are worth looking at. Their web-UI isn't
> bad either, but it doesn't have feature-parity with command line yet (maybe
> never will). I would highly recommend any network engineer to pick up their
> little $50 ERX to play with.

Ubiquiti has a major problem: they violate the GPL up down and sideways.

http://libertybsd.net/ubiquiti/

-dsr-

Re: router solutions based on Debian?

[J Mo]

Please excuse my late reply.

I am network engineer (Cisco and Juniper big routers/switches) and I 
recently did a review of about eight router-type Linux/BSD distros, all 
run under KVM on a virtual test network. I also recently started 
contributing some code to LEDE (OpenWRT). I do router-y/switch-y kinds 
of things on a daily basis.


I found that almost all of these router distros pretty much suck. The 
web UIs were not functional/practical and they often had web UIs that 
looked like they were straight out of the 90s. I'm not talking about 
minimalism -- I'm talking about bad design and poor judgement.


PFsense was overwhelmingly the best and was the only one that I had a 
positive opinion on or would otherwise consider using in a business 
environment. It's FreeBSD based.


Untangle is Debian based but it's basically for-profit garbage that has 
confused a router with an iPhone.


Endian was interesting but also locks you out of some features unless 
you buy a support contract. Might be as good as PFsense some day if they 
keep trying, but I doubt it. Also Debian based I think.


IPfire, IPcop, and Shorewall all looked like they ten years old and 
there was obvious missing functionality in the web UI. They looked more 
like weekend projects than anything professional like PFsense.


When it comes to router-web-UI distros, the only thing I could recommend 
was was PFSense. Everything else was disappointing.


That being said, a regular old Debian box would make a fine router if 
you are a command-line oriented person. There is plenty of ITX-sized and 
smaller hardware out there to meet your needs. This seems to be the way 
you were headed anyhow.


It should be noted that Ubiquiti firewall/routers are Debian based and 
drop you right into a bash shell. They are worth looking at. Their 
web-UI isn't bad either, but it doesn't have feature-parity with command 
line yet (maybe never will). I would highly recommend any network 
engineer to pick up their little $50 ERX to play with.


As several people have already mentioned PCEngines boards are awesome 
and I think they even have models that have a SFP for optical.


Good luck! Come back and share what you get and how you feel about it.



On 11/23/2016 06:54 AM, Daniel Pocock wrote:


My ISP is upgrading my connection to gigabit on Friday and I suspect my
current router may struggle with it.

My existing router runs OpenWRT but I've found the firewall and IPsec
setup is a little bit constrained in that environment and it is tempting
to move to a router running a full OS.

I've seen a lot of discussions about making DIY routers running a free
OS like Debian, FreeBSD or OpenBSD and I was tempted to go with
something like that running Shorewall, strongSwan, DHCP and DNS.  Maybe
it will also do wifi or maybe the existing router will be a bridge to wifi.

Can anybody share any comments or links about this topic?

- quiet (fanless), low-power and low cost hardware suitable for Gigabit
routing and maybe use as a NAS too.  It would also be useful to have
fibre support in the router and avoid using a media convertor.

- are there any live builds or other out-of-the-box solutions that
address this use case particularly well?

- any blogs or other articles that provide a good example of how other
people already did this?

One particular concern for me is minimizing the number of components.
I've got a media convertor and fibre transceiver already, but that has
its own plug-pack PSU and those are all extra things that can fail at
some random moment in the future.  Having a self-contained solution
without a bunch of plug-pack PSUs would hopefully be easier to support
and make less clutter.

Regards,

Daniel

Re: router solutions based on Debian?

[Dan Ritter]

On Wed, Nov 23, 2016 at 03:54:17PM +0100, Daniel Pocock wrote:
> 
> I've seen a lot of discussions about making DIY routers running a free
> OS like Debian, FreeBSD or OpenBSD and I was tempted to go with
> something like that running Shorewall, strongSwan, DHCP and DNS.  Maybe
> it will also do wifi or maybe the existing router will be a bridge to wifi.
> 
> Can anybody share any comments or links about this topic?

I wrote about my hardware selection in

https://randomstring.org/blog/blog/2014/11/09/a-new-firewall/

It's been working very well for me for the last two years,
running iptables, DHCP in failover with another server, Unbound,
OpenVPN, all on top of Debian Jessie.

If I did it over again I would note that 2GB of RAM and a slower
CPU could probably serve just as long, and that I only need
three gig-e ports, not five. 

Having a small SSD to keep a full reboot cycle under 30 seconds
is an awesome win, though. TCP sessions don't drop. Highly 
recommended.

-dsr-

Re: router solutions based on Debian?

[Daniel Pocock]

On 24/11/16 14:46, Jonathan Dowland wrote:
> More focussed at being a NAS than a router, but I built my own
> based on a J1900 Celeron (passively cooled, low power) SoC. I wrote
> up details[1]. Lars Wirzenius did something similar (focussed on
> being a router rather than NAS) and wrote that up too[2].
> 
> The vendor I bought mine from offered a bundle with a daughter
> board bringing it up to 5 gigabit ports (but I didn't opt for that
> option personally) (also this was a different, Atom-based SoC)
> 
> J1900 is Bay Trail, there are probably similar products in the
> Braswell or other, newer lines, which may or may not be lower power
> usage, or higher performance, or both...
> 
> From a NAS POV, I'd look for a case that supports 3.5" drives and
> possibly some growing room. What I really wanted was something a
> bit like the "toaster"-style NAS appliances you can get (two
> vertical 3.5" drives) but I didn't find quite what I wanted and
> ended up with something bigger. I've since seen some cases which
> look closer to what I want than I achieved[4], but still not quite
> as compact as an off the shelf Synology or QNAP.
> 


Thanks for sharing that feedback and the links.  Lars' blog is one
that I had recalled seeing but couldn't quite find when searching.

My latest thinking about the NAS is that I probably won't prioritize
this requirement, mainly for security reasons but also because it will
be good to be able to do upgrades on the router independently of
upgrades/modifications to the NAS.

A few years back I set up a number of pairs of FreeBSD-based routers
on x86 servers for BGP and OSPF with quagga.  These were in data
centers rather than my home.  It was quite satisfactory and felt a lot
better than using one of the proprietary routers.  At the time, many
people felt FreeBSD offered substantially more net IO performance than
the Linux kernel, especially with those type of routing tables, is
that still the feeling today or is such a solution just as valid with
Debian as it is with FreeBSD or OpenBSD?

Regards,

Daniel

Re: router solutions based on Debian?

[Jonathan Dowland]

More focussed at being a NAS than a router, but I built my own based on a J1900
Celeron (passively cooled, low power) SoC. I wrote up details[1]. Lars Wirzenius
did something similar (focussed on being a router rather than NAS) and wrote 
that
up too[2].

The vendor I bought mine from offered a bundle with a daughter board bringing it
up to 5 gigabit ports (but I didn't opt for that option personally) (also this 
was
a different, Atom-based SoC)

J1900 is Bay Trail, there are probably similar products in the Braswell or 
other,
newer lines, which may or may not be lower power usage, or higher performance, 
or
both...

From a NAS POV, I'd look for a case that supports 3.5" drives and possibly some
growing room. What I really wanted was something a bit like the "toaster"-style
NAS appliances you can get (two vertical 3.5" drives) but I didn't find quite
what I wanted and ended up with something bigger. I've since seen some cases
which look closer to what I want than I achieved[4], but still not quite as
compact as an off the shelf Synology or QNAP.

[1] https://jmtd.net/hardware/phobos/
[2] http://blog.liw.fi/posts/minipc-router/
[3] http://www.mini-itx.com/store/?c=105 - this is a Pineview based board, so an
older generation than even Bay Trail, but it's a 5x gigabit LAN set up. This
vendor do a newer Braswell bundle but only 2x NIC.
[4] 
https://linitx.com/product/cfi-a2060-miniitx-nasserver-case-2-hot-swap-bays/13404

-- 
Jonathan Dowland
Please do not CC me, I am subscribed to the list.


signature.asc
Description: Digital signature

Re: router solutions based on Debian?

[Daniel Pocock]

On 23/11/16 15:54, Daniel Pocock wrote:

> 
> Can anybody share any comments or links about this topic?
> 
> - quiet (fanless), low-power and low cost hardware suitable for Gigabit
> routing and maybe use as a NAS too.  It would also be useful to have
> fibre support in the router and avoid using a media convertor.
>

A few things appeared on planet.debian.org over the last few months,
here is one of them

https://anarc.at/blog/2016-11-15-omnia/

Google didn't dig up any others though, if anybody else can share links
to things on this topic that would be great

Re: router solutions based on Debian?

[Jan Bakuwel]

Hi Daniel,

> On 24/11/2016, at 04:26, Bernhard Schmidt  wrote:
> 
> Daniel Pocock  wrote:
> 
> Hi Daniel,
> 
>> My ISP is upgrading my connection to gigabit on Friday and I suspect my
>> current router may struggle with it.
>> 
>> My existing router runs OpenWRT but I've found the firewall and IPsec
>> setup is a little bit constrained in that environment and it is tempting
>> to move to a router running a full OS.
>> 
>> I've seen a lot of discussions about making DIY routers running a free
>> OS like Debian, FreeBSD or OpenBSD and I was tempted to go with
>> something like that running Shorewall, strongSwan, DHCP and DNS.  Maybe
>> it will also do wifi or maybe the existing router will be a bridge to wifi.
>> 
>> Can anybody share any comments or links about this topic?
>> 
>> - quiet (fanless), low-power and low cost hardware suitable for Gigabit
>> routing and maybe use as a NAS too.  It would also be useful to have
>> fibre support in the router and avoid using a media convertor.
>> 
>> - are there any live builds or other out-of-the-box solutions that
>> address this use case particularly well?
> 
> My recommendation if you basically want a fanless mini PC is the PC
> Engines APU (2C4 for example). Quadcore 1GHz amd64 with AES-NI, 4 GB
> RAM, 3 GE ports, USB 3.0 external. I recommend using a M2 SSD for boot
> media. With PSU and case it starts around 220 EUR. Debian works out of
> the box.
> 
> You can also have a look at the Ubiquiti EdgeRouter line. There are
> models with SFP slot available, even the small models are supposed to be
> able to support GE throughput and are < 100 EUR. They are MIPS Cavium
> boards with a custom kernel, but you can get a rootshell and there is a
> Debian (I think Wheezy at the moment) userland on it. I don't think you
> can get the hardware to be fully-free running a vanilla Debian, so YMMV.

+1 for PCenigines APU boards. Used the predecessors (Alix) for years, now using 
APU's where higher speeds are required, all running Debian out of the box. 
These never missed a beat. They also have a SATA port if you'd like to use it 
as a NAS as well.

SSD is great if you can afford them. They also work with cheaper SD cards.

regards,
Jan

Re: router solutions based on Debian?

[maderios]

On 11/23/2016 03:54 PM, Daniel Pocock wrote:


I've seen a lot of discussions about making DIY routers running a free
OS like Debian, FreeBSD or OpenBSD and I was tempted to go with
something like that running Shorewall, strongSwan, DHCP and DNS.  Maybe
it will also do wifi or maybe the existing router will be a bridge to wifi.

Can anybody share any comments or links about this topic?


Hi
Good luck...
https://wiki.debian.org/DebianWRT

--
Maderios

Re: router solutions based on Debian?

[Stefan Monnier]

> Can anybody share any comments or links about this topic?
> - quiet (fanless), low-power and low cost hardware suitable for Gigabit
> routing and maybe use as a NAS too.  It would also be useful to have
> fibre support in the router and avoid using a media convertor.

I don't know what you consider low-power, or low-cost, or suitable for
gigabit, but I use a BananaPi for this task.

If you need more network connections, there's the "BPI-R1", but the
switch part is only supported in the OpenWRT kernel (just like all other
home-router-style switches: doesn't prevent you from using Debian, but
makes it less convenient since you have to build your own kernel).

> - are there any live builds or other out-of-the-box solutions that
> address this use case particularly well?

I just setup dnsmasq, shorewall, and OpenVPN by hand.

I used an OpenWRT box before and actually liked the luci web-interface
(although usually "web-interface" and "like" are usually incompatible in
my world), but haven't found anything comparable for Debian.  But this
is compensated by the ease of installing and upgrading packages,
compared to what needs to be done with OpenWRT.


Stefan

Re: router solutions based on Debian?

[Bernhard Schmidt]

Daniel Pocock  wrote:

Hi Daniel,

> My ISP is upgrading my connection to gigabit on Friday and I suspect my
> current router may struggle with it.
>
> My existing router runs OpenWRT but I've found the firewall and IPsec
> setup is a little bit constrained in that environment and it is tempting
> to move to a router running a full OS.
>
> I've seen a lot of discussions about making DIY routers running a free
> OS like Debian, FreeBSD or OpenBSD and I was tempted to go with
> something like that running Shorewall, strongSwan, DHCP and DNS.  Maybe
> it will also do wifi or maybe the existing router will be a bridge to wifi.
>
> Can anybody share any comments or links about this topic?
>
> - quiet (fanless), low-power and low cost hardware suitable for Gigabit
> routing and maybe use as a NAS too.  It would also be useful to have
> fibre support in the router and avoid using a media convertor.
>
> - are there any live builds or other out-of-the-box solutions that
> address this use case particularly well?

My recommendation if you basically want a fanless mini PC is the PC
Engines APU (2C4 for example). Quadcore 1GHz amd64 with AES-NI, 4 GB
RAM, 3 GE ports, USB 3.0 external. I recommend using a M2 SSD for boot
media. With PSU and case it starts around 220 EUR. Debian works out of
the box.

You can also have a look at the Ubiquiti EdgeRouter line. There are
models with SFP slot available, even the small models are supposed to be
able to support GE throughput and are < 100 EUR. They are MIPS Cavium
boards with a custom kernel, but you can get a rootshell and there is a
Debian (I think Wheezy at the moment) userland on it. I don't think you
can get the hardware to be fully-free running a vanilla Debian, so YMMV.

Best Regards,
Bernhard

Re: router solutions based on Debian?

[Eero Volotinen]

check out pfsense.org

eero

23.11.2016 4.54 ip. "Daniel Pocock"  kirjoitti:

>
>
> My ISP is upgrading my connection to gigabit on Friday and I suspect my
> current router may struggle with it.
>
> My existing router runs OpenWRT but I've found the firewall and IPsec
> setup is a little bit constrained in that environment and it is tempting
> to move to a router running a full OS.
>
> I've seen a lot of discussions about making DIY routers running a free
> OS like Debian, FreeBSD or OpenBSD and I was tempted to go with
> something like that running Shorewall, strongSwan, DHCP and DNS.  Maybe
> it will also do wifi or maybe the existing router will be a bridge to wifi.
>
> Can anybody share any comments or links about this topic?
>
> - quiet (fanless), low-power and low cost hardware suitable for Gigabit
> routing and maybe use as a NAS too.  It would also be useful to have
> fibre support in the router and avoid using a media convertor.
>
> - are there any live builds or other out-of-the-box solutions that
> address this use case particularly well?
>
> - any blogs or other articles that provide a good example of how other
> people already did this?
>
> One particular concern for me is minimizing the number of components.
> I've got a media convertor and fibre transceiver already, but that has
> its own plug-pack PSU and those are all extra things that can fail at
> some random moment in the future.  Having a self-contained solution
> without a bunch of plug-pack PSUs would hopefully be easier to support
> and make less clutter.
>
> Regards,
>
> Daniel
>
>

router solutions based on Debian?

[Daniel Pocock]

My ISP is upgrading my connection to gigabit on Friday and I suspect my
current router may struggle with it.

My existing router runs OpenWRT but I've found the firewall and IPsec
setup is a little bit constrained in that environment and it is tempting
to move to a router running a full OS.

I've seen a lot of discussions about making DIY routers running a free
OS like Debian, FreeBSD or OpenBSD and I was tempted to go with
something like that running Shorewall, strongSwan, DHCP and DNS.  Maybe
it will also do wifi or maybe the existing router will be a bridge to wifi.

Can anybody share any comments or links about this topic?

- quiet (fanless), low-power and low cost hardware suitable for Gigabit
routing and maybe use as a NAS too.  It would also be useful to have
fibre support in the router and avoid using a media convertor.

- are there any live builds or other out-of-the-box solutions that
address this use case particularly well?

- any blogs or other articles that provide a good example of how other
people already did this?

One particular concern for me is minimizing the number of components.
I've got a media convertor and fibre transceiver already, but that has
its own plug-pack PSU and those are all extra things that can fail at
some random moment in the future.  Having a self-contained solution
without a bunch of plug-pack PSUs would hopefully be easier to support
and make less clutter.

Regards,

Daniel