Small footprint box

cmb

We have decent test environments thanks to the vendors on our recommended vendors page, but we don't have the huge resources that Netgear has for setting up a test environment to simulate 200 tunnels and 60 Mb throughput, etc.

My educated guess would be 500 MHz with 256 MB RAM will handle 50-100 IPsec tunnels and your 4/1.5 Mb Internet connection with no problem. Bandwidth would be the primary concern for hardware sizing, and 4/1.5 is so little that pretty much any CPU over 300-400 MHz should be fine, just a matter of having enough RAM for that many tunnels and even 128 MB may be adequate for that.

covex

well… as some girls say "size doesn't matter"  ;D
even with it's huge resourses netgear can't come up with a decent firmware for it's business-class router and yours is working right out of the box.

covex

i've found what i was looking for!  :)
http://www.portwell.com/products/detail.asp?CUSTCHAR1=NAD-2081
but i has marvell nics on board and i can't find them in the list of supported hardware. are they not supported at all?
and also is cavium supported by pfsense?

Cry Havok

It looks like the sk driver has supported that chip since FreeBSD 5.3, so pfSense should be fine.  That said, the official FreeBSD documentation doesn't reflect this, just some CVS logs and mailing list postings…

covex

i tried to google "marvell 88e8001 pfsense" and all posts there say that it's not working. can't find anything about freebsd.

covex

dear experts…
between these two boxes
http://advantech.com/products/Model_Detail.asp?model_id=1-23A32I&BU=NCG&PD=

http://portwell.com/products/detail.asp?CUSTCHAR1=NAD-2081

which one would you pick...

cmb

I believe that Marvell chipset is the same one Scott has in one of his firewalls at work and hasn't had good luck with. The other box doesn't even list what NIC chipset is used at all, that I see.

Given that, my answer would be "neither", unless you can figure out what NIC chipset that other one uses.

covex

_One 10/100 Intel 82562 FE port for management
Gigabit Ethernet Four 10/100/1000 Mbps GbE ports

FWA-700 GbE Controller 4 x Marvell 8053_

or

_FWA-710 4 x Intel 82573

LAN Bypass Two segment on GbE ports_

dotdash

I think your best bet of those would be the FWA-710. Intel GB NICs FTW.

kapara

Did you end up buying the FWA-710?  Looks interesting.  Did you get pricing on the unit?  Would be interested to know.

Thanks

covex

no… couldn't get through to sales rep there so i got myself nad-2081 http://portwell.com/products/detail.asp?CUSTCHAR1=NAD-2081
nice unit. even though cmb was warning me about marvell chips it works fine. all 4 interfaces were recognized right out of the box.

cmb

covex: Interesting, keep us posted on how that box works out for you.

covex

ok… i installed this box in my office. using only 2 ports (lan and wan) out of 4 (sk0 sk1 sk2 sk3) at the moment. first test (transfer 40MB file inside vpn from remote site) gives me 4mbps (turbo dsl). if you wanna see something else, let me know what to run.
for dmesg please see the attachment.

dmesg.txt

covex

looks like these marvell chips are not as bad as people saying  :)
even though i found on the net tons of complains about them under *nix and windows mine are working Ok and also i got intel box here running as dc and it has marvell giga chip in there too. so i guess it's not the chip that bad it's just bad implementation of it done by asus and co.

covex

new update…  :)
got wistron cm9 installed in the box. works greate! now my gateway/vpn server aslo acting as an ap.
this pfsense is a realy greate pease of software!

Issacsim

Any idea on price?

covex

i paid ~$1100 for p4 2.8gzh, 512mb, 40gb hdd.

cna

First I want to apology for offtopic, but I jusg got curios.

@covex:

it's just bad implementation of it done by asus and co.

What you mean with that?
I have ASUS MB, with marvell giga LAN chip(I buy that in about 3years ago). I used it wit many different OS's and did not got a single mistake from it, even now I'm using that MB.
Never test it with PfSense, but with FreeBSD it OK, it must be the same situation in PfSense.

covex

maybe you just got lucky  :)
try to google marvell and freebsd or pfsense and you'll see how many people having issues with this chip out there. and most of them have asus mobos or something similar.
i'm not saying that asus is bad, i have tens of stations running on different asus mobos, but you have to agree that when it comes to comparing asus mobo and intel mobo i wouldn't bet on asus.

plus in my post i said "…i guess it's not the chip that bad it's just bad implementation of it done by asus and co…"
means imho  :)

cna

I don't think that I just got lucky. Biggest part of people who write those … are lazy.
Well enough with offtopics  ;)