New Alix board for 2013
-
Might be suitable then. Just have to wait and see.
Steve
-
This is fantastic news. I love the ALIX, but had to stop using it as it's 100mbps ports wouldn't do my 120mbps internet justice.
What I'm even more excited about is while the first of the new ones use T40N/E Bobcat APU's, PCEngines did mention on that APU page they will move to Jaguar cores in upcoming revisions. The big difference between those two vis a vis pfSense users is the latter has AES-NI support. That said there is some movement on making an engine for OpenSSL making use of OpenCL and the Bobcat does have a Radeon 6250 with 80 shaders in it…
Then with the 2-3 mini-PCIe slots, hopefully these new ALIX's will be able to fulfil a serious hub role. Full-speed OpenVPN, Wifi and routing performance with little to no compromise. Then it'll just depend on FreeBSD's and pfSense's hardware support to keep up with the Jones' on the wireless chipset support and the only thing you'll need to upgrade as the wireless pace moves on should be the wlan card in the box.
-
Full-speed OpenVPN, Wifi and routing performance with little to no compromise.
If you want "full-speed Wifi performance (…) with little to no compromise", you are simply not getting it with pfSense('s built-in support) today - and you're not going to get it anytime soon.
Then it'll just depend on FreeBSD's and pfSense's hardware support to keep up with the Jones' on the wireless chipset support
And that's the problem: pfSense's development currently seems to be trailing FreeBSD by about 18 months. FreeBSD's wireless support in turn is probably lagging behind Linux' even further. And it is literally years behind proprietary solutions. For example, early (draft) 802.11n routers were released to market about 7 years ago - yet 802.11n is still not fully supported in FreeBSD today, let alone in pfSense. 802.11ac adoption is currently picking up, yet quasi nonexistent in FreeBSD.
Having said that, I personally have no need for cutting-edge wireless support or speed. I would probably go for the convenience of having router/firewall & wireless access point in a single box. However, if you do need/want "full speed" wireless throughput, I think you should rather look at external solutions and deploy a dedicated access point.
Returning back to topic, I cannot wait for a an Temash-/Kabini-based Alix successor. mSATA and SD card support is much welcome.
That said there is some movement on making an engine for OpenSSL making use of OpenCL and the Bobcat does have a Radeon 6250 with 80 shaders in it…
We’ll see how that plays out. AES-NI support is becoming quite so common in CPUs lately (even latest Intel Atom) that it seems to render (AES) acceleration on GPU somewhat pointless.
Also, in the special case of this PC Engines board, I wonder whether GPU usage won’t be pushing the thermal envelope and cooling solution? It seems designed for non-GPU usage. I recall a post from Mr. Dornier himself on the support forum which pretty much ruled out video output due to this.
-
18 months? Says you. :P
You apparently missed:
-
that we are moving to FreeBSD 10 for pfSense 2.2,
-
that the alpha for pfSense 2.2 dropped today,
-
and that FreeBSD 10 hasn't quite shipped yet (release builds began yesterday).
And, actually, 802.11n support in FreeBSD 10 is pretty good. (Thanks to Adrian Chadd.)
And … 802.11n wasn't ratified until 4 years ago. So much for your '7 years' line of BS.
Finally, there is no AES-NI support on Bobcat, though Pascal has promised a Jaguar-based board after the Bobcat-based one.
-
-
@kdk:
hi, will pfsene 2.1 support these APU/chipsets ?????
Pascal reports that it's already running.
-
I think that's a little bit steep. Maybe same price to replace old board would be a better choice. If units are installed on clients site and used for minor traffic then old units do just fine.
If plan is to not sell many of this (which I don't see why) then yeah higher price would be better. However, it's probably now cheaper to make the newer model than it is to make the older model.
Pascal has already said $120 to $140 "depending on OEM options and market price".
Basically, how much RAM you want, (all the Netgate ones will be 4GB) and the spot price for that RAM.
-
@gonzopancho:
18 months? Says you.
You apparently missed:-
that we are moving to FreeBSD 10 for pfSense 2.2,
-
that the alpha for pfSense 2.2 dropped today,
-
and that FreeBSD 10 hasn't quite shipped yet (release builds began yesterday).
Says me, yes.
And why not?Pfsense 2.2 was and is still unreleased and was even pre-Alpha (!) when I wrote my reply almost three weeks ago.
The current stable is 2.1, which was released mid-september (2013!) and is based on FreeBSD 8.3.
FreeBSD 8.3-Release, in turn, was released in April 2012.
That makes… 17 months, doesn’t it?2.0 Release was mid-september ’11, based on FreeBSD 8.1 (July 2010)
Admittedly, that’s less than 18 months, but still more than a year.@gonzopancho:
And, actually, 802.11n support in FreeBSD 10 is pretty good. (Thanks to Adrian Chadd.)
I have somewhat followed development and I am looking forward to that.
But as you say, while FreeBSD 10 Release is impending, it still has not shipped.It will finally bring 802.11n support - at a time when mainstream Wi-Fi products are currently moving to 802.11ac.
Yet the latter is not even remotely being in sight on BSD.@gonzopancho:
And … 802.11n wasn't ratified until 4 years ago. So much for your '7 years' line of BS.
802.11n’s delay in ratification was a merely political hold-up, with little significance for real-world product availability.
802.11n access points have been available from mainstream manufacturers since 2006 or 2007 (like, for instance, Apple, among others), and they’ve been working and technically stable since 2007. Wikipedia is correct, when I “quote it: ”Prior to the final ratification, enterprises were already migrating to 802.11n networks based on the Wi-Fi Alliance's certification of products conforming to a 2007 draft of the 802.11n proposal.”
Just as running a stable 802.11n network was no problem in 2007, neither is running an 802.11ac network today.
(though obviously not on FreeBSD/pfSense).Now, please don’t get me wrong here. I think pfSense is an awesome product and I have no qualms whatsoever about its development cycle. In fact, I wouldn’t even want release versions to be, let alone run them “bleeding-edge”. As I believe firewall / gateway firmwares are things best approached conservatively and stably (with maybe the sole exception of security fixes). But I’d be more inclined to recommend adopting new/current wireless standards earlier. Waiting a bit longer may always be prudent in bigger production environments but at least there’s no inherent security risk associated with running the latest wireless. And please take into account to what I replied above here (and I quote again):
“Full-speed (…) Wifi (…) performance with little to no compromise.”
“to keep up with the Jones' on the wireless chipset support”That's what I way replying to.
And, give or take a few months here or there, I still don't see what's wrong about the main point I was trying to make here:
If you do need “full-speed Wifi performance with little compromise”, you aren't getting it with pfSense/FreeBSD today, and you won't be getting it anytime soon. You'd better run an external access point on 802.11n, or rather 802.11ac for future-proofedness. That is, in fact, what I do on my network, though it’s “only” 802.11n/2.4GHz. Personally, I won’t be needing more anytime soon, and I will be more than happy when this will be included and supported in pfSense.PS: Just for the record: without getting too much into technicalities, whenever I speak of 802.11n here, I do mean it with proper speed/rate control support (which FreeBSD lacked, even though the '11n standard has technically been supported in FreeBSD for some time)
-
-
The plan for pfSense 2.2 was announce prior to your post.
I wasn't involved with pfSense prior to September 2012 in any way other than the largest vendor and largest supporter of the project.
Since September 2012, I am a co-owner of the company behind pfSense (first BSDP, then ESF), as such, I have more ability to effect change.Since I am, by avocation and training, a software engineer (and before I quit all the dot-com BS and moved to Hawaii in 2004, someone who managed large software and hardware projects), I agree that the release process for pfSense has not been as crisp as it could be.
The extreme delays in getting pfSense 2.1 out the door were due to two primary factors:
-
an abortive attempt at basing 2.1 on FreeBSD 9.0. Most people in the FreeBSD community agree that 9.0 was "not good". When this happened, the decision was taken to base 2.1 on FreeBSD 8.3. This resulted in the partial loss of 6-8 months of work.
-
Adding support for IPv6 required extensive changes and testing. This takes time.
Also, during that time, the original partnership fractured, new owners came on-board, Chris moved from Kentucky to Austin, and several other things which are not appropriate for posting in a public forum were handled. These all slowed work to some degree.
–-
On the subject of 802.11ac, I'll just point out that it is still pre-standard. The 802.11ac standard is expected to clear final 802.11 Working Group approval and publication scheduled in early 2014. See: http://grouper.ieee.org/groups/802/11/Reports/802.11_Timelines.htm
When you say things like 802.11n’s delay in ratification was a merely political hold-up, with little significance for real-world product availability, you appear to not understand the standards process. There was no 802.11n standard prior to its approval and publication in 2007. If you had been in the 802.11 world as long as I have, you would understand that there can be severe financial consequences for claiming something as "802.11n" or "802.11ac" prior to the process completing. Yes, vendors have taken to shipping products marked with "draft" appended to the standards compliance claim. I can't help what greedy people do.
If you really want 802.11ac in FreeBSD, I'm sure I can find someone to make it happen faster for payment.
-
-
@gonzopancho:
@kdk:
hi, will pfsene 2.1 support these APU/chipsets ?????
Pascal reports that it's already running.
Would be really nice to know the throughput and NAT performance of the board, with and without traffic shaping.
-
Looks like it fits into the old enclosures (the alix.2 ones).
This now seems unlikely, at least without some modification, since they are relying on the enclosure to cool the CPU.
Rumor has it that the newer version cases (with antenna holes) will fit the new boards.
There's gonna be a heat spreader in place which is said to be "a bit tricky to position correctly". Black cases will give better cooling results as compared to other colors.
FWIW -
Black cases will give better cooling results as compared to other colors.
Some time ago I was trying to convince a colleague of mine of this fact. Despite being a very experienced engineer he didn't believe me, I actually had to run a test to prove it.
Do they do it in absolute black? ;)Steve
-
-
How much more black could this be…
-
;D
-
-
Should I expect the VPN accelerators (Soekris vpn1411) to work in the new device? I would love to know what 3DES throughput to expect from this new device, with and without 3DES accel. If current Alix has some 32Mbit/s 3DES with vpn1441 accel, you think some 50-60 Mbit/s would be within reach?
-
That specific card won't be usable as the new Alix only has mini-PCIe slots so it won't fit.
I would expect the software throughput tot be greater than that card is capable of anyway.Steve
-
That specific card won't be usable as the new Alix only has mini-PCIe slots so it won't fit.
I would expect the software throughput tot be greater than that card is capable of anyway.Oh, OK then.
I am in a bit of dilemma here… we will be upgrading from current ~15Mbs to 30 or more. Current 3DES throughput of Alix without the accel. is enough to fill the current bandwidth, but I have a constant 100% CPU usage. Once we upgrade to >30, Alix with accel would also be enough, but I'd have 100% CPU usage again. Is having constant ~100% usage something bad in the long run? The box does DHCP serving, DNS forwarding, NATing, firewalling... would those services get degraded because of near 100% CPU usage? If so, I will probably want to get some mini-ITX box, but I had good expirience with Alix devices so I'm hoping the new board would enough to cover the needs of the office using ~30 Mbit/s. Did any of you guys here get a demo board, maybe you can feed us with some numbers and benchmarks?
Once the new box comes out, do you expect to see some compatible VPN accelerators or you'd say we'll have to stick with software only encryption? -
The Jaguar-based processor planned for the release version supports the AES-NI instruction set, so provided it's supported in software, it would allow for accelerated throughput when using the AES cipher.
Either way, the new CPU cores are significantly faster than the current Geode CPU, so as stephenw10 said, it's likely the new ALIX will be faster in software than the current one is with accelerators.
-
The Jaguar-based processor planned for the release version
The release version will be based on the the older Ontario core (T40E) without AES-NI support, not on Jaguar.
When they say, Jaguar's on their roadmap, I'd take this as "further down the road". This design should be a much smaller step up than from Alix to the APU - but it's no simple drop-in replacement either. I think AES-NI support in software won't be a big issue - but I wouldn't hold my breath for an "AES-NI-capable Alix" hardware release earlier than 2015.
The pending 1st generation APU should be a magnitude faster than the Alix though. I should alsol be faster on crypto, even without hardware support.
