Re: Packet Filter router i368 vs 64bit
On Tue, Nov 25, 2014 at 1:52 PM, Motty Cruz wrote: > I am searching for hardware to build a router with OpenBSD. I have found > mixed signals as to fastest system with i386 or 64bit. I know in the past > i386 OpenBSD used to perform a lot better than 64bit system. As I understand it, amd64 has been the way to go for some time now (but the network stack will still not see benefit from SMP systems).
Re: Packet Filter router i368 vs 64bit
Greetings Motty Cruz, In general, you could achieve performance by configuring your kernel according to your hardware. You can use dmesg(8) and 'GENERIC' kernel configuration as a guide for your hardware. Sometimes i386 will run faster than 64 bit (see http://www.openbsd.org/amd64.html). Juan J. Fernandez On 11/25/14 16:52, Motty Cruz wrote: Hello all, I am searching for hardware to build a router with OpenBSD. I have found mixed signals as to fastest system with i386 or 64bit. I know in the past i386 OpenBSD used to perform a lot better than 64bit system. Any suggestions! Thanks, Motty
Re: Packet Filter router i368 vs 64bit
Thank you Juan, I appreciate your suggestions and advice. I am planning on using Dual socket B2 (LGA 1356) supports Intel® Xeon® processor E5-2400 v2, I suppose i386 would perform better rather than 64bit amd processor. Thank you again! Thanks, Motty On 11/25/2014 03:01 PM, Juan J. Fernandez wrote: Greetings Motty Cruz, In general, you could achieve performance by configuring your kernel according to your hardware. You can use dmesg(8) and 'GENERIC' kernel configuration as a guide for your hardware. Sometimes i386 will run faster than 64 bit (see http://www.openbsd.org/amd64.html). Juan J. Fernandez On 11/25/14 16:52, Motty Cruz wrote: Hello all, I am searching for hardware to build a router with OpenBSD. I have found mixed signals as to fastest system with i386 or 64bit. I know in the past i386 OpenBSD used to perform a lot better than 64bit system. Any suggestions! Thanks, Motty
Re: Packet Filter router i368 vs 64bit
On Tue, Nov 25, 2014 at 3:01 PM, Juan J. Fernandez wrote: > In general, you could achieve performance by configuring your kernel > according to your hardware. You can use dmesg(8) and 'GENERIC' kernel > configuration as a guide for your hardware. That's bad advice. When you run a non-standard kernel and something goes wrong, the *first* response will be "does it happen on a GENERIC kernel? What are the symptoms, backtrace, etc there?" And what changes are you suggesting would make a *performance* difference? Have you been drinking the kool-aid over at that c*l*mel site? > Sometimes i386 will run faster than 64 bit (see > http://www.openbsd.org/amd64.html). I see nothing on that page to suggest that. Philip Guenther
Re: Packet Filter router i368 vs 64bit
On 11/25/14 18:18, motty cruz wrote: Thank you Juan, I appreciate your suggestions and advice. I am planning on using Dual socket B2 (LGA 1356) supports Intel® Xeon® processor E5-2400 v2, I suppose i386 would perform better rather than 64bit amd processor. Thank you again! The amd64 arch runs on any modern Intel CPU as well as AMD CPUs (as well as VIA). amd64 refers to the ISA not that it will only run on AMD CPUs. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Packet Filter router i368 vs 64bit
Thank you for your advice Philip. Can you please give your advice then ? Thank you :) Juan J. Fernandez On 11/25/14 21:06, Philip Guenther wrote: On Tue, Nov 25, 2014 at 3:01 PM, Juan J. Fernandez wrote: In general, you could achieve performance by configuring your kernel according to your hardware. You can use dmesg(8) and 'GENERIC' kernel configuration as a guide for your hardware. That's bad advice. When you run a non-standard kernel and something goes wrong, the *first* response will be "does it happen on a GENERIC kernel? What are the symptoms, backtrace, etc there?" And what changes are you suggesting would make a *performance* difference? Have you been drinking the kool-aid over at that c*l*mel site? Sometimes i386 will run faster than 64 bit (see http://www.openbsd.org/amd64.html). I see nothing on that page to suggest that. Philip Guenther -- mQINBFRvbjABEADi5s62B4CKyNH8cBQZoThdHSnbVZ9Iwk/Kx0Pldr7Ohj3LqzMC Bgu4RzOL9gahK2H0xqNgydqSduYBkituQ5HRJqnVid/AFLlbP6yXe+/5uFREmNpx ozx3iR1eKHWnSXi2o+23JXKTadV1yK8KqVyILIheaD3/0rNgcFR7ZOFUevuRGQ+A AwxlAyLu3/zy7MbmLalrfWfy1KkD2W8aVZZWVIHx9HYFBVusMY0kv0+D6ytz91Vo HB+lFmXDxfixl9+QW61SDWDHiKyRUZVGFcPc9cWAJxQ1yGN/ziG8uHPksWVScKlQ nFe1B1AQAdExFk5Sf/k5u8pLR6WWS8N3f7wKfRMGZmQswHsG7w/XBcs4aNW6IOjK 1/a2QPXPg65GOVROEEheD/NR0N+ba++FX8jv9ue5lASiNEQSUt9CzlgPDsozYnhp hWVWOA4z3MWCmo3flhADJ0bETHyhcQ4p8FXYP7pgZpSL/fJgd3lF4hrO2lq43Kri 6l6U9bE8ebDl85E5t06hxmeE1RRgmKmohtJnZWLIxF3nsAWnjHGjW1a6j+Pn6QtZ n4dt/5dj34qCDh/Xf4fcrCy0iUlTE1LMZ3i09ukfBeZk4LRWO2i3y/bbKTq4V+EU zfypNTUd/tDQlC9c0pGE6hFVsKCYR+eghF+yu+WVVsY4bKKATzeRVBinbQARAQAB tCtKdWFuIEouIEZlcm5hbmRleiA8anVhbkB0Y3BhcHBsaWNhdGlvbi5jb20+iQI4 BBMBAgAiBQJUb24wAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDFfJ23 Ct2rdDbhD/44Eh4GmtcIiqP7DuQUe/QPqeWBZfgkERJH/GIC30esIitSdeepegwv Sj9DonCZhnNBWli52VGbDPBdjdaNrGMZgTraiYcGDiVOuljQwhnjWMFaP81ns/95 XCuuNv9YxgT7a7z+tjcS9LgWyq96PVetigNlJC6smvGmUNdMQU/IQp0c+glVSREf Chd/WfGqQ3YaAI7GEuKdIN9JXb1HkDojyCm6z2yvXkt/IcF1JYNCDmHQG3wuC/5O 8y0lbJ0ysmkP5hPHps0GY+DAREynSdOCDPBf9XkbKv2X9k8cV2l1by0WPPQUYANz GbSfQ8zfMEXr4P2gjI/UM4QwQZMm2k/Y1CcNJzMBUe0mTDwQSiRyElGSNqWi3Lub uNU8PHFOKe9jf4sSAAzosfLJVG/XUqc5L3S0o56KGwfwQhWxwrDIMMqN2HAbtVMo 8NaNMyEzlQHTcAFrrM7ZPTPu6eFJAmn09E1IjBFtB8Jb+bFisAM92y42dtcvYmwz oLv45OM5ej/zX9Wz34DHjW73+ozA+VD0pf8Njr1u28fpYGtttAf2L1fB+kc2VYtU Ye4+jmAGBbI2n06M07SRIUbXwWsbAV2nXDrOywq83ZIXhz0ki1Zh/ERGDg3unXqn sGOZrkxgLM8AublCfnm8xb+vJFhG0Zn9Bj3a1jjbQk6bdBFheXR+JbkCDQRUb24w ARAA1PPFNCG2wxSJer+FCLhyhvRx1J6nHmKZ7wovpOMskNq56AmLOfbmBV3aKyU2 4LXvj/DuFEOGt6ArsJaXNMFpFxwRtWOQpSNrmjoaZveS8dkOsaWJ7AK60y+95PU+ 13v9VI+FLT9lxom14+4Spygoi2F7pVgurVH/+EpvO/bhGAAU0Ju0TvXq/Td6g/sR r4gGuHJGSexDnVzWfg1cFt1LNBlgvhlUJGXivZ5vp7JXB0RLn6mIQlwgz4ZVn3dk gZixzNx0qSyQjYYzAUhNeyNJUqVr9sh4nOW9fqkkf3xrOIQ7M/VW8mzmvbd4KWiv Z5LGH7ll5gOnu1zLZEqYua3LrD2YLtqhvVt4drkt+awGDzrZraHpYS9Mu7SAGzei O+lWEgDeDvLZDPPdck1ft1K2L7bi/4ok2ETE7wwj6yZvHCT0eYdAy0GXpzX49Duq SHHF6j8WqnvKhwWN5MlrwlLp35+8o1Wb5FSbD9PcW/UwUKiDaDYAmReJhGb3J0/J pCtD7pKv25/HO516G4UBPxq7txNNVXA0cT25+CAoGuCMqwoPVyGDJgfbx4aOxg/u NUUuceGCLDlhN0EhWf6k0HLVR6pnRjoi3V4nRPdMD/d11FLFkFsRxf3fTtyQ9qTc zaXmmajaef9NmCr1aL7dn8U9uSAP1acUkh13P3D/yQo00gUAEQEAAYkCHwQYAQIA CQUCVG9uMAIbDAAKCRDFfJ23Ct2rdOW9D/4zspwA+2qSlCZGl0kb81sEzllcHG8L 8QMjAa7vMO69MGgiVwQeXGmHHdf9JGjrRNohF9vgj4qodGSfj+mhZWl8YeoRM/WA SkWRIn33tS95CycbZCCNjmP++oKTT05CjeZP1FtC90MRCufLPbfAtF7gwf1kru1J GJzdj2rc4rdiY6GYFRAnbQBCRMJaniUI3z9amlogN1/LGuxXB0PYHSIxII+TbBzJ N/dk32GoZn81oAdq97X8mnCa4t2bquDvzWJDqnDhdvPeNeR1vWwgCvtA0g8MsaYH atPcpgBMYomKhSDC93UfRB6EukoBD5juZO+rzSHyLIQtWjhnCpA1fZe8r4LNnW9r lI3K4TAl8P/hR/dPj2rBv1QXeYZTPnY7VLZ5ZvaaeNDA7y0bAnpAOTqEVH7k5SpJ j6y4ITCW8+awTqyeCynX3iZkq7z6jb4RHzoz9466f3ggW0MnALXK4nlIFiKyG26F KOwX9zcWjT2zC0CmluXFgmY+EPfDm3m1pmABFbbGe6JTNuT4RUm9Kd7eAk4IdT5z yp57hYmfCopGzgWj4Y6iBXI9Vod6ULIf1vAzVDPUQDNs5QiiRIiEkmPRxUvEx6wr 9KNRyzG5TFUHQBZ0kh+QpjGpzmUpfcz2bEV5TWvU0kRd+HCzHH7ZjlqeGR/rtX6q 8abov2Nem43Fzg== =07Xr -END PGP PUBLIC KEY BLOCK-
Re: Packet Filter router i368 vs 64bit
Thank you Brad. Juan J. Fernandez On 11/25/14 21:20, Brad Smith wrote: On 11/25/14 18:18, motty cruz wrote: Thank you Juan, I appreciate your suggestions and advice. I am planning on using Dual socket B2 (LGA 1356) supports Intel® Xeon® processor E5-2400 v2, I suppose i386 would perform better rather than 64bit amd processor. Thank you again! The amd64 arch runs on any modern Intel CPU as well as AMD CPUs (as well as VIA). amd64 refers to the ISA not that it will only run on AMD CPUs.
Re: Packet Filter router i368 vs 64bit
On 11/25/14 15:51, Motty Cruz wrote: > Hello all, > I am searching for hardware to build a router with OpenBSD. I have found > mixed signals as to fastest system with i386 or 64bit. I know in the > past i386 OpenBSD used to perform a lot better than 64bit system. Paraphrasing your question: I'm looking for the fastest car for my commute to work. Should it be blue or orange? IF you have truly got an environment where you need to wring the last bit of performance out of the system, you might want to look at the things that actually matter -- like NICs, bus, etc. And you will probably have the budget and motivation to do a bit of experimenting. More than likely, just like my commute to work is throttled by the roads, NOT my car's paint color (or engine), your performance will be throttled by your links more than anything else. Once your machine can move all the packets that your pipes support, the rest is just wasted effort. There are other considerations. My primary firewall/router is an AMD64 capable processor, but running i386. Why? Because if I blow out the computer, I have more i386-capable scrap hw than I do amd64 capable hw. Nick.
Re: Packet Filter router i368 vs 64bit
On 14-11-25 02:52 PM, Motty Cruz wrote: Hello all, I am searching for hardware to build a router with OpenBSD. I have found mixed signals as to fastest system with i386 or 64bit. I know in the past i386 OpenBSD used to perform a lot better than 64bit system. Any suggestions! Thanks, Motty As Nick said, it probably doesn't actually matter. Most of the junk hardware you scrapped years ago can still saturate your WAN connection, unless you work for a high-energy physics laboratory. Generally speaking, if you have an extremely fast network, and you really need to route things quickly, latency and PPS will be much more important to you than raw bandwidth, and in that case you probably shouldn't be using a regular computer as a router at all - go buy a router from Cisco or Juniper or Huawei or Pick-Your-Favourite-Vendor, and they'll typically give you better latency and PPS numbers. If you're determined to go with a software router for one reason or another (cost, typically): if you're going to use OpenBSD, I've found that CPU clock speed matters most to latency, whereas the CPU's instruction dispatch rate (or issue rate) matters most to bandwidth. I'm not sure what affects Packets-per-second most. The quality of your NIC and NIC drivers can easily be more important than a 1GHz difference in clock speed. Don't forget the latency inherent in RAM; slower systems can actually have lower memory latency than faster. In other words, as Nick said, it's simultaneously usually a pointless question to ask, AND an extremely difficult - practically impossible - one to answer. FWIW, I'm running a pair of OpenBSD boxen as routers: each system is a Dell PowerEdge C6100, with dual 2.27GHz L5520 CPUs and 48GB of RAM. It's massive, massive overkill for routing, no matter how many full tables I have in memory. (Top tells me I'm only using 338MB of memory, which seems suspect.) They're fast enough for my needs; the fastest usable connection they have is 1Gbps and they can easily saturate that. -- -Adam Thompson athom...@athompso.net
Re: Packet Filter router i368 vs 64bit
Hello All, On 25 November 2014 at 12:52, Motty Cruz wrote: > Hello all, > I am searching for hardware to build a router with OpenBSD. I have found > mixed signals as to fastest system with i386 or 64bit. I know in the past > i386 OpenBSD used to perform a lot better than 64bit system. > I'm in similar situation as Motty, I'd like an OBSd to use for pf. I'm interested in this: http://store.netgate.com/kit-APU1C4.aspx with the msata drive. Anyone have any objections? I know the NICs are not intel so that will probably get a strike against it, but I like the low power. > Any suggestions! > Thanks, > Motty > Thanks, Jb -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si
Re: Packet Filter router i368 vs 64bit
On 11/27/14 21:35, jungle Boogie wrote: Hello All, On 25 November 2014 at 12:52, Motty Cruz wrote: Hello all, I am searching for hardware to build a router with OpenBSD. I have found mixed signals as to fastest system with i386 or 64bit. I know in the past i386 OpenBSD used to perform a lot better than 64bit system. I'm in similar situation as Motty, I'd like an OBSd to use for pf. I'm interested in this: http://store.netgate.com/kit-APU1C4.aspx with the msata drive. Anyone have any objections? I know the NICs are not intel so that will probably get a strike against it, but I like the low power. I have a couple of the APU1C's and they are Ok. They had and to some extent still have a few BIOS issues. Perhaps it's nit picking, but I wish they would fix the LED link rate issue. The APU's do run pretty warm, but that doesn't seem to hurt reliability. Stan
Re: Packet Filter router i368 vs 64bit
On 11/27/14 22:35, jungle Boogie wrote: Hello All, On 25 November 2014 at 12:52, Motty Cruz wrote: Hello all, I am searching for hardware to build a router with OpenBSD. I have found mixed signals as to fastest system with i386 or 64bit. I know in the past i386 OpenBSD used to perform a lot better than 64bit system. I'm in similar situation as Motty, I'd like an OBSd to use for pf. I'm interested in this: http://store.netgate.com/kit-APU1C4.aspx with the msata drive. Anyone have any objections? I know the NICs are not intel so that will probably get a strike against it, but I like the low power. Unless you guys give some sort of hints as to what these routers and / or firewalls are going to be used for just asking for hardware recommendations without such details is useless. What sort of throughput / packets per second do you forsee on the inside network? What is your target or expectation? If there is a WAN connection how fast is it? Are you lucky enough to have Gbit or is it only say a 50Mbps connection? Those types of details matter. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Packet Filter router i368 vs 64bit
Hi Stan, On 27 November 2014 at 19:49, Stan Gammons wrote: > On 11/27/14 21:35, jungle Boogie wrote: >> >> Anyone have any objections? I know the NICs are not intel so that will >> probably get a strike against it, but I like the low power. >> >> > > I have a couple of the APU1C's and they are Ok. They had and to some extent > still have a few BIOS issues. Perhaps it's nit picking, but I wish they > would fix the LED link rate issue. The APU's do run pretty warm, but that > doesn't seem to hurt reliability. > > Well I think to run free/openBSD, you have to run a bios update. Hopefully there's a newer bios that resolved those issues you > Stan > jb -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si
Re: Packet Filter router i368 vs 64bit
Hi Brad, On 27 November 2014 at 19:51, Brad Smith wrote: > On 11/27/14 22:35, jungle Boogie wrote: >> Anyone have any objections? I know the NICs are not intel so that will >> probably get a strike against it, but I like the low power. > > > Unless you guys give some sort of hints as to what these routers and / > or firewalls are going to be used for just asking for hardware > recommendations without such details is useless. What sort of throughput > / packets per second do you forsee on the inside network? What is your > target or expectation? If there is a WAN connection how fast is it? Are > you lucky enough to have Gbit or is it only say a 50Mbps connection? > Those types of details matter. > > I think the WAN on my home connection is 100Mbit. I'd essentially like it to replace the cable company netgear router. Regarding PPS, I have no idea how I'd measure that. It would be serving a home network with moderate network usage. I'd like basically have a router that I can experiment with pf and openbsd without the worry that the hardware is no good. > > -- > Thanks, jb -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si
Re: Packet Filter router i368 vs 64bit
On 11/27/14 22:01, jungle Boogie wrote: Hi Stan, On 27 November 2014 at 19:49, Stan Gammons wrote: On 11/27/14 21:35, jungle Boogie wrote: Anyone have any objections? I know the NICs are not intel so that will probably get a strike against it, but I like the low power. I have a couple of the APU1C's and they are Ok. They had and to some extent still have a few BIOS issues. Perhaps it's nit picking, but I wish they would fix the LED link rate issue. The APU's do run pretty warm, but that doesn't seem to hurt reliability. Well I think to run free/openBSD, you have to run a bios update. Hopefully there's a newer bios that resolved those issues you The latest BIOS, 9/8/2014, doesn't fix the LED issue. I saw Brad's comments in the other email. The APU is Ok to use as a home firewall. I have no experience on using one in more demanding environment. Stan
Re: Packet Filter router i368 vs 64bit
Hi Stan, On 27 November 2014 at 20:09, Stan Gammons wrote: > > The latest BIOS, 9/8/2014, doesn't fix the LED issue. > > I saw Brad's comments in the other email. The APU is Ok to use as a home > firewall. I have no experience on using one in more demanding environment. > > Well what would be something above OK? A soekris? It doesn't seem those have as much RAM, though. > Stan > Thanks, jb -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si
Re: Packet Filter router i368 vs 64bit
On Thu, 27 Nov 2014 20:10:14 -0800 jungle Boogie wrote: > Hi Brad, > On 27 November 2014 at 19:51, Brad Smith wrote: > > On 11/27/14 22:35, jungle Boogie wrote: > >> Anyone have any objections? I know the NICs are not intel so that will > >> probably get a strike against it, but I like the low power. > > > > > > Unless you guys give some sort of hints as to what these routers and / > > or firewalls are going to be used for just asking for hardware > > recommendations without such details is useless. What sort of throughput > > / packets per second do you forsee on the inside network? What is your > > target or expectation? If there is a WAN connection how fast is it? Are > > you lucky enough to have Gbit or is it only say a 50Mbps connection? > > Those types of details matter. > > > > > > I think the WAN on my home connection is 100Mbit. I'd essentially like > it to replace the cable company netgear router. > > Regarding PPS, I have no idea how I'd measure that. It would be > serving a home network with moderate network usage. I'd like basically > have a router that I can experiment with pf and openbsd without the > worry that the hardware is no good. > > > > > -- > > > > Thanks, > jb > > -- > --- > inum: 883510009027723 > sip: jungleboo...@sip2sip.info > xmpp: jungle-boo...@jit.si > you can just use old hardware for these purposes. from the man who literally wrote the book on pf (from pf tutorial via http://home.nuug.no/~peter/pf/en/long-firewall.html): I have not seen comparable tests performed recently [3.1 era], but in my own experience and that of others, the PF filtering overhead is pretty much negligible. As one data point, the machine which gateways between one of the networks where I've done a bit of work and the world is a Pentium III 450MHz with 384MB of RAM. When I've remembered to check, I've never seen the machine at less than 96 percent 'idle' according to top.
Re: Packet Filter router i368 vs 64bit
Hi, On 27 November 2014 at 20:38, wrote: > > you can just use old hardware for these purposes. > > from the man who literally wrote the book on pf (from pf tutorial via > http://home.nuug.no/~peter/pf/en/long-firewall.html): > > I have not seen comparable tests performed recently [3.1 era], but in my > own experience and that of others, the PF filtering overhead is pretty > much negligible. As one data point, the machine which gateways between > one of the networks where I've done a bit of work and the world is a > Pentium III 450MHz with 384MB of RAM. When I've remembered to check, I've > never seen the machine at less than 96 percent 'idle' according to top. > Yes, that's true! But less fun. ;) I do have some Dell dimensions machine with OpenBSD -current running now that I could easily get two NICs but its kinda old and slow to update current. I'll measure the power to see how much it uses. With the fact that old hardware, why would the APU be "OK" and not good? jb --- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si
Re: Packet Filter router i368 vs 64bit
On Nov 27, 2014, at 9:35 PM, jungle Boogie wrote: > Hello All, > On 25 November 2014 at 12:52, Motty Cruz wrote: >> Hello all, >> I am searching for hardware to build a router with OpenBSD. I have found >> mixed signals as to fastest system with i386 or 64bit. I know in the past >> i386 OpenBSD used to perform a lot better than 64bit system. >> > > I'm in similar situation as Motty, I'd like an OBSd to use for pf. > > I'm interested in this: http://store.netgate.com/kit-APU1C4.aspx > with the msata drive. > > Anyone have any objections? I know the NICs are not intel so that will > probably get a strike against it, but I like the low power. > >> Any suggestions! >> Thanks, >> Motty >> > > Thanks, > Jb > > > -- > --- > inum: 883510009027723 > sip: jungleboo...@sip2sip.info > xmpp: jungle-boo...@jit.si > > This is something I've been interested in trying, but I would want it as a wireless access point as well and not sure what cards are supported and work well. Does anyone know of any good choices? thanks
Re: Packet Filter router i368 vs 64bit
On 11/27/14 23:50, jungle Boogie wrote: Hi, On 27 November 2014 at 20:38, wrote: you can just use old hardware for these purposes. from the man who literally wrote the book on pf (from pf tutorial via http://home.nuug.no/~peter/pf/en/long-firewall.html): I have not seen comparable tests performed recently [3.1 era], but in my own experience and that of others, the PF filtering overhead is pretty much negligible. As one data point, the machine which gateways between one of the networks where I've done a bit of work and the world is a Pentium III 450MHz with 384MB of RAM. When I've remembered to check, I've never seen the machine at less than 96 percent 'idle' according to top. Yes, that's true! But less fun. ;) I do have some Dell dimensions machine with OpenBSD -current running now that I could easily get two NICs but its kinda old and slow to update current. I'll measure the power to see how much it uses. With the fact that old hardware, why would the APU be "OK" and not good? I don't see anyone claiming it would not be good. It's more like if you happen to have some old hw around that it would probably be good enough for what you're describing but the APU system would also do the job just fine. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Packet Filter router i368 vs 64bit
Hi Brad, On 27 November 2014 at 21:01, Brad Smith wrote: > > I don't see anyone claiming it would not be good. It's more like if you > happen to have some old hw around that it would probably be good enough > for what you're describing but the APU system would also do the job just > fine. > > Fair enough. ;) Thanks for the info! > Best, j.b. -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si
Re: Packet Filter router i368 vs 64bit
I only have ADSL with downloads < 23Mb/s. A PC Engines ALIX does just fine for my pf. On Fri, Nov 28, 2014 at 3:25 PM, jungle Boogie wrote: > Hi Stan, > On 27 November 2014 at 20:09, Stan Gammons wrote: > > > > The latest BIOS, 9/8/2014, doesn't fix the LED issue. > > > > I saw Brad's comments in the other email. The APU is Ok to use as a home > > firewall. I have no experience on using one in more demanding > environment. > > > > > > Well what would be something above OK? A soekris? It doesn't seem > those have as much RAM, though. > > > Stan > > > > Thanks, > jb > > > > -- > --- > inum: 883510009027723 > sip: jungleboo...@sip2sip.info > xmpp: jungle-boo...@jit.si > > -- Christopher Vance
Re: Packet Filter router i368 vs 64bit
On 11/28/2014 06:01 AM, Brad Smith wrote: > On 11/27/14 23:50, jungle Boogie wrote: >> Hi, >> On 27 November 2014 at 20:38, wrote: >>> >>> you can just use old hardware for these purposes. >>> >>> from the man who literally wrote the book on pf (from pf tutorial via >>> http://home.nuug.no/~peter/pf/en/long-firewall.html): >>> >>>I have not seen comparable tests performed recently [3.1 era], >>> but in my >>>own experience and that of others, the PF filtering overhead is >>> pretty >>>much negligible. As one data point, the machine which gateways >>> between >>>one of the networks where I've done a bit of work and the world is a >>>Pentium III 450MHz with 384MB of RAM. When I've remembered to >>> check, I've >>>never seen the machine at less than 96 percent 'idle' according >>> to top. >>> >> >> Yes, that's true! But less fun. ;) >> >> I do have some Dell dimensions machine with OpenBSD -current running >> now that I could easily get two NICs but its kinda old and slow to >> update current. I'll measure the power to see how much it uses. >> >> With the fact that old hardware, why would the APU be "OK" and not good? > > I don't see anyone claiming it would not be good. It's more like if you > happen to have some old hw around that it would probably be good enough > for what you're describing but the APU system would also do the job just > fine. > > I run the previous generation ALIX 2D13 with OpenBSD 5.6 on it for a home firewall with 10MB WAN broadband and 100MB between computers. All is fine: low temperature, low consumption, same speed as with a basic 100MBB switch. So I guess the APU1C is fast enought for a home network.
Re: Packet Filter router i368 vs 64bit
On 11/28/14 01:32, Blaise Hizded wrote: On 11/28/2014 06:01 AM, Brad Smith wrote: On 11/27/14 23:50, jungle Boogie wrote: Hi, On 27 November 2014 at 20:38, wrote: you can just use old hardware for these purposes. from the man who literally wrote the book on pf (from pf tutorial via http://home.nuug.no/~peter/pf/en/long-firewall.html): I have not seen comparable tests performed recently [3.1 era], but in my own experience and that of others, the PF filtering overhead is pretty much negligible. As one data point, the machine which gateways between one of the networks where I've done a bit of work and the world is a Pentium III 450MHz with 384MB of RAM. When I've remembered to check, I've never seen the machine at less than 96 percent 'idle' according to top. Yes, that's true! But less fun. ;) I do have some Dell dimensions machine with OpenBSD -current running now that I could easily get two NICs but its kinda old and slow to update current. I'll measure the power to see how much it uses. With the fact that old hardware, why would the APU be "OK" and not good? I don't see anyone claiming it would not be good. It's more like if you happen to have some old hw around that it would probably be good enough for what you're describing but the APU system would also do the job just fine. I run the previous generation ALIX 2D13 with OpenBSD 5.6 on it for a home firewall with 10MB WAN broadband and 100MB between computers. All is fine: low temperature, low consumption, same speed as with a basic 100MBB switch. So I guess the APU1C is fast enought for a home network. The APU1C works fine for a home network. The only 2 things I dislike are the CPU temperature and the link LED's are off when the Ethernet ports are linked at 1 gig. I've complained about the link LED issue on the PC Engines support forum, but I guess there's no desire to fix it. Oh well. # sysctl hw hw.machine=amd64 hw.model=AMD G-T40E Processor hw.ncpu=2 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=sd0:ec53da01dd2f4a0e,sd1: hw.diskcount=2 hw.sensors.km0.temp0=51.50 degC hw.cpuspeed=1000 hw.setperf=100 hw.vendor=PC Engines hw.product=APU hw.version=1.0 hw.serialno=843042 hw.physmem=2098520064 hw.usermem=2098503680 hw.ncpufound=2 hw.allowpowerdown=1 hw.perfpolicy=manual Stan
Re: Packet Filter router i368 vs 64bit
On Fri, Nov 28, 2014 at 12:00 AM, Edgar Pettijohn wrote: > > This is something I've been interested in trying, but I would want it as a > wireless access point as well and not sure what cards are supported and > work well. Does anyone know of any good choices? > > I went with an athn card in my APU: http://www.amazon.com/gp/r.html?R=1VP5WEM85ZPGN&C=3JNG5JOTKOGN0&H=TKW2F041FODZDC3VUWNULCCNSVUA&T=C&U=http%3A%2F%2Fwww.amazon.com%2Fdp%2FB005HMZ8B2%2Fref%3Dpe_385040_121528360_TE_dp_3 It's half sized, so it'll need an adapter to full size to mount in the APU. There are other usable options if you check the wifi man pages and make sure Host AP mode is supported. Tim.
Re: Packet Filter router i368 vs 64bit
On 11/28/2014 06:21 PM, trondd wrote: > On Fri, Nov 28, 2014 at 12:00 AM, Edgar Pettijohn > wrote: > >> This is something I've been interested in trying, but I would want it as a >> wireless access point as well and not sure what cards are supported and >> work well. Does anyone know of any good choices? >> >> > I went with an athn card in my APU: > http://www.amazon.com/gp/r.html?R=1VP5WEM85ZPGN&C=3JNG5JOTKOGN0&H=TKW2F041FODZDC3VUWNULCCNSVUA&T=C&U=http%3A%2F%2Fwww.amazon.com%2Fdp%2FB005HMZ8B2%2Fref%3Dpe_385040_121528360_TE_dp_3 > > It's half sized, so it'll need an adapter to full size to mount in the APU. > > > There are other usable options if you check the wifi man pages and make > sure Host AP mode is supported. > > Tim. > You can also use an external wifi router from any vendor and plug it on an interface of the APU. Then route the traffic from the wifi router to the APU and filter it by the dedicated interface. You can maybe bridge the wifi and apu.
Re: Packet Filter router i368 vs 64bit
Stan Gammons [sg063...@gmail.com] wrote: > > The APU1C works fine for a home network. The only 2 things I dislike are > the CPU temperature and the link LED's are off when the Ethernet ports are > linked at 1 gig. I've complained about the link LED issue on the PC Engines > support forum, but I guess there's no desire to fix it. Oh well. > Call me crazy, but when OpenBSD takes over control of the Realtek chips, isn't it OpenBSD's responsibility to program them properly, not the BIOS? In any event, I'm using a redundant pair of APUs with crucial/plextor msata for DNS, DHCP, NTP, and another pair for FreeRadius with master-master mysql back-end. I also use one at home and in other low-power environments. They run a little warm, like everyone says. They are VERY fast compared to the ALIX.
Re: Packet Filter router i368 vs 64bit
On Tue, Dec 02, 2014 at 07:51:19AM -0800, Chris Cappuccio wrote: > Stan Gammons [sg063...@gmail.com] wrote: > Call me crazy, but when OpenBSD takes over control of the Realtek chips, > isn't it OpenBSD's responsibility to program them properly, not the BIOS? Wouldn't this generally be controlled by the firmware?
Re: Packet Filter router i368 vs 64bit
li...@ggp2.com [li...@ggp2.com] wrote: > On Tue, Dec 02, 2014 at 07:51:19AM -0800, Chris Cappuccio wrote: > > Stan Gammons [sg063...@gmail.com] wrote: > > Call me crazy, but when OpenBSD takes over control of the Realtek chips, > > isn't it OpenBSD's responsibility to program them properly, not the BIOS? > > Wouldn't this generally be controlled by the firmware? Which firmware?
Re: Packet Filter router i368 vs 64bit
On 12/02/14 09:51, Chris Cappuccio wrote: Stan Gammons [sg063...@gmail.com] wrote: The APU1C works fine for a home network. The only 2 things I dislike are the CPU temperature and the link LED's are off when the Ethernet ports are linked at 1 gig. I've complained about the link LED issue on the PC Engines support forum, but I guess there's no desire to fix it. Oh well. Call me crazy, but when OpenBSD takes over control of the Realtek chips, isn't it OpenBSD's responsibility to program them properly, not the BIOS? Well, using any version of OpenBSD 5.5 and newer the LEDs work right with this NIC. re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E-VL (0x2c80), msi, address 90:2b:34:af:eb:1a rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 5 With this NIC, which is the one in the APU, the LEDs don't work right. re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:0d:b9:33:75:88 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 4 So, the question is why don't the LEDs work right on the NIC in the APU? The NIC in the APU is very similar to the one that the LEDs do work right on. I'm pretty sure the FreeBSD Realtek driver is the same as the OpenBSD one, although I haven't tried FreeBSD on an APU. Or have I tried Linux on one. I guess I could try both on the APU to see if there's any difference. Stan
Re: Packet Filter router i368 vs 64bit
On Fri, Nov 28, 2014 at 6:32 PM, Blaise Hizded wrote: > > I run the previous generation ALIX 2D13 with OpenBSD 5.6 on it for a > home firewall with 10MB WAN broadband and 100MB between computers. > All is fine: low temperature, low consumption, same speed as with a > basic 100MBB switch. > I spent some time tuning the vr(4) driver on ALIX a while back[1], and in my experience the throughput maxes out at around 85 Mbit/s of TCP (ie iperf) traffic through it. I don't know what the limiting factor is, but it's not CPU. My guess is it's the checksum offload hardware in the chips, in which case doing those in software would be faster at the cost of using more CPU, but I never tested this theory. [1] http://undeadly.org/cgi?action=article&sid=20130201054156 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Re: Packet Filter router i368 vs 64bit
On Wed, Dec 03, 2014 at 10:54:14AM +1100, Darren Tucker wrote: > On Fri, Nov 28, 2014 at 6:32 PM, Blaise Hizded wrote: > > > > I run the previous generation ALIX 2D13 with OpenBSD 5.6 on it for a > > home firewall with 10MB WAN broadband and 100MB between computers. > > All is fine: low temperature, low consumption, same speed as with a > > basic 100MBB switch. > > > > I spent some time tuning the vr(4) driver on ALIX a while back[1], and in > my experience the throughput maxes out at around 85 Mbit/s of TCP (ie > iperf) traffic through it. I don't know what the limiting factor is, but > it's not CPU. My guess is it's the checksum offload hardware in the chips, > in which case doing those in software would be faster at the cost of using > more CPU, but I never tested this theory. > > [1] http://undeadly.org/cgi?action=article&sid=20130201054156 On my Alix 2d13s I have seen peaks of about 230 Mbps as reported by nfsen, which is in line with Darren's observed results. They've been a good fit on 100 Mbps Ethernet segments.
Re: Packet Filter router i368 vs 64bit
On 02.12.2014 22:25, Stan Gammons wrote: On 12/02/14 09:51, Chris Cappuccio wrote: Stan Gammons [sg063...@gmail.com] wrote: The APU1C works fine for a home network. The only 2 things I dislike are the CPU temperature and the link LED's are off when the Ethernet ports are linked at 1 gig. I've complained about the link LED issue on the PC Engines support forum, but I guess there's no desire to fix it. Oh well. Call me crazy, but when OpenBSD takes over control of the Realtek chips, isn't it OpenBSD's responsibility to program them properly, not the BIOS? Well, using any version of OpenBSD 5.5 and newer the LEDs work right with this NIC. re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E-VL (0x2c80), msi, address 90:2b:34:af:eb:1a rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 5 With this NIC, which is the one in the APU, the LEDs don't work right. re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:0d:b9:33:75:88 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 4 So, the question is why don't the LEDs work right on the NIC in the APU? The NIC in the APU is very similar to the one that the LEDs do work right on. And what was the answer of Realtek on such question? ;-) It may be nice curiosity. I'm pretty sure the FreeBSD Realtek driver is the same as the OpenBSD one, although I haven't tried FreeBSD on an APU. Or have I tried Linux on one. I guess I could try both on the APU to see if there's any difference. Stan
Re: Packet Filter router i368 vs 64bit
On 2014-12-02, Darren Tucker wrote: > On Fri, Nov 28, 2014 at 6:32 PM, Blaise Hizded wrote: >> >> I run the previous generation ALIX 2D13 with OpenBSD 5.6 on it for a >> home firewall with 10MB WAN broadband and 100MB between computers. >> All is fine: low temperature, low consumption, same speed as with a >> basic 100MBB switch. >> > > I spent some time tuning the vr(4) driver on ALIX a while back[1], and in > my experience the throughput maxes out at around 85 Mbit/s of TCP (ie > iperf) traffic through it. I don't know what the limiting factor is, but > it's not CPU. My guess is it's the checksum offload hardware in the chips, > in which case doing those in software would be faster at the cost of using > more CPU, but I never tested this theory. > > [1] http://undeadly.org/cgi?action=article&sid=20130201054156 > Linux developers were seeing higher throughput (though obviously higher cpu usage) when offload was disabled. Apparently the checksum offload can't pipeline. I'm not sure if vlan hw tagging was also implicated. IIRC there were more details in an old lkml post.
Re: Packet Filter router i368 vs 64bit
On Sat, Dec 6, 2014 at 9:25 AM, Stuart Henderson wrote: > > Linux developers were seeing higher throughput (though obviously higher > cpu usage) when offload was disabled. Apparently the checksum offload > can't pipeline. I'm not sure if vlan hw tagging was also implicated. > IIRC there were more details in an old lkml post. > I think I found the one you are referring to: http://lkml.iu.edu/hypermail/linux/kernel/0712.3/1199.html I can't test this at the moment since the hardware is on the other side of the planet, but I might give this a spin when I get a chance. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
