Re: OpenBSD on Mikrotik/RouterBoard hardware ?
> My old companion, OpenBSD router/firewall (Intel Atom based and 5 > Gigabit Intel network interfaces) died 2 weeks ago ... (Really think > motherbord is dead :( ). Quickest choice would be to replicate the updated hardware spec from last time with newer model optionally better manufacturer motherboard, better cooling, new PSU, as far as you go with the network cards etc. > I temporary replaced it by an unused old workstation based on AMD64x2 > processor, 4GB Ram, and with a (unique) Realtek Gigabit card (I use vlan > for routing). > > Installed it with OpenBSD 5.9 amd64, and works pretty well, but seems to > be difficult for this hardware to handle load. Before throwing much more money, consider all aspects of the bottleneck. > So I try to get a better hardware. > > Context : > Optic fiber with 200Mbits/s DL, 50Mbits/s UL came to home this week > (Tuesday) replacing 2 DSL connections. > (that I keep for now : network throughput is somewhat ridiculous > compared to Optic fiber, but stability is really great : being an > homeworker, Internet uptime is a prime goal, despite the throughput). > > About 20 VLAN to handle ... and for most of them, PF rules apply. > > Compared to delivered "router" from ISP (SFR in France, "NB6V box" for > those who know this provider), this temporary "router" seems to lack of > CPU/network interrupts while downloading at high speed (above 10 > MBytes/s) on WAN. As you observed it is not fair to compare a minimal distribution on a resource constrained embedded box, it is just a different device for user convenience to get you started, mostly as a proof of concept ;-) > ping on other hosts drastically increases (+50~200ms based from 4~10 ms > when link is not heavily used) while OpenBSD tries to route/firewall/nat > the WAN traffic. This may be as simple as prioritising your return packets as intended. > I already used Routerboards/RouterOS for several customers : works > pretty great while using high throughput Internet connections. > Customer's need is achieved for all cases, but the inside RouterOS > doesn't feat my needs. (IPv6 policy based routing, and IPv6 NPT for > instance). > > About hardware : > RB2011 (XXX) or RB3011 (XXX) can, I think, match my needs. Inexpensive ubiquitous x86 systems can do much more for the cost range. The difference is that in one case you get the optimisation pre-applied with the device operating system in a convenient GUIsh style, while the latter requires more insight but gives you more options in the long run. There is absolutely incomparably more you can do better with a more powerful hardware platform system and with better software toolkit. > About software : > OpenBSD stands out for a while for being my privileged OS for a > router/firewall, and clearly feats my needs while it's simple to handle > some particular cases ... (compared to a Linux based router for instance). > If not, what's the best hardware you know to operate an OpenBSD router > with high throughput networks and many (about 450~500, including > bridge/tag rules) PF rules ? This is up to you, the platforms listed on the main page say it all: OpenBSD Platforms [http://www.openbsd.org/plat.html] > Best CPU, best known network driver (handling inside hardware > implementations), and so on ... The interesting part of the question, success stories from the field.
Re: OpenBSD on Mikrotik/RouterBoard hardware ?
2016-05-22 15:18 GMT+02:00 Stuart Henderson : > I don't think MikroTik have any ARM boxes. http://routerboard.com/RB3011UiAS-RM -- Michał Markowski
Re: OpenBSD on Mikrotik/RouterBoard hardware ?
Hi Stuart, Jakub , ... Stuart Henderson wrote : On 2016-05-21, Jakub Skrzypnik wrote: I'll be mostly interested in any efforts to keep OpenBSD on ARM based SOHO routers by MikroTik, like RB951G and its family. I don't think MikroTik have any ARM boxes. Like most of their smaller boxes (and many other small routers) the RB951G is a 32-bit MIPS74k design. Their bigger boxes (CCR) are Tilera Tile-GX designs. ARM hasn't been all that popular for router designs in general, Firebrick FB2700/FB6000 and the in-development Turris Omnia use them but I can't think of any others offhand. No ARM boxes indeed, :( . Does it really mean none of the Routerboard archs could be handled using an OpenBSD ? Maybe ( I try :) ) http://routerboard.com/RB1100AHx2 (using macppc or socppc) ? Christophe.
Re: OpenBSD on Mikrotik/RouterBoard hardware ?
On Sun, May 22, 2016 at 01:18:11PM +, Stuart Henderson wrote: > I don't think MikroTik have any ARM boxes. Like most of their smaller > boxes (and many other small routers) the RB951G is a 32-bit MIPS74k > design. Their bigger boxes (CCR) are Tilera Tile-GX designs. That was obviously meant to be MIPS! Sorry for that mistake, Ive recently talking with someone else about ARM CPUs, so I did that unintentionally. But yeah, you're right - they doesn't have any ARM boxes, and that Atheros SoC was indeed based on MIPS arch. Sorry for any misleading.
Re: OpenBSD on Mikrotik/RouterBoard hardware ?
On 2016-05-21, Jakub Skrzypnik wrote: > I'll be mostly interested in any efforts to keep OpenBSD on ARM > based SOHO routers by MikroTik, like RB951G and its family. I don't think MikroTik have any ARM boxes. Like most of their smaller boxes (and many other small routers) the RB951G is a 32-bit MIPS74k design. Their bigger boxes (CCR) are Tilera Tile-GX designs. ARM hasn't been all that popular for router designs in general, Firebrick FB2700/FB6000 and the in-development Turris Omnia use them but I can't think of any others offhand.
Re: OpenBSD on Mikrotik/RouterBoard hardware ?
I'll be mostly interested in any efforts to keep OpenBSD on ARM based SOHO routers by MikroTik, like RB951G and its family. RB951G is affordable, little box with 5 GbE ports with PoE capabilities, running on ~700MHz Atheros ARM SoC, it worked very nicely for my home needs with RouterOS, but I've forced to sell it and use something else instead, but it doesn't mean I'm not considering going back there :)
OpenBSD on Mikrotik/RouterBoard hardware ?
Hello all, My old companion, OpenBSD router/firewall (Intel Atom based and 5 Gigabit Intel network interfaces) died 2 weeks ago ... (Really think motherbord is dead :( ). I temporary replaced it by an unused old workstation based on AMD64x2 processor, 4GB Ram, and with a (unique) Realtek Gigabit card (I use vlan for routing). Installed it with OpenBSD 5.9 amd64, and works pretty well, but seems to be difficult for this hardware to handle load. So I try to get a better hardware. Context : Optic fiber with 200Mbits/s DL, 50Mbits/s UL came to home this week (Tuesday) replacing 2 DSL connections. (that I keep for now : network throughput is somewhat ridiculous compared to Optic fiber, but stability is really great : being an homeworker, Internet uptime is a prime goal, despite the throughput). About 20 VLAN to handle ... and for most of them, PF rules apply. Compared to delivered "router" from ISP (SFR in France, "NB6V box" for those who know this provider), this temporary "router" seems to lack of CPU/network interrupts while downloading at high speed (above 10 MBytes/s) on WAN. ping on other hosts drastically increases (+50~200ms based from 4~10 ms when link is not heavily used) while OpenBSD tries to route/firewall/nat the WAN traffic. I already used Routerboards/RouterOS for several customers : works pretty great while using high throughput Internet connections. Customer's need is achieved for all cases, but the inside RouterOS doesn't feat my needs. (IPv6 policy based routing, and IPv6 NPT for instance). About hardware : RB2011 (XXX) or RB3011 (XXX) can, I think, match my needs. About software : OpenBSD stands out for a while for being my privileged OS for a router/firewall, and clearly feats my needs while it's simple to handle some particular cases ... (compared to a Linux based router for instance). Is there any one who tried this hardware/software association (excepting the RB600A/soppc) ? If not, what's the best hardware you know to operate an OpenBSD router with high throughput networks and many (about 450~500, including bridge/tag rules) PF rules ? Best CPU, best known network driver (handling inside hardware implementations), and so on ... Thanks for reading :) . Christophe.
