New Alix board for 2013
-
@gonzopancho:
18 months? Says you.
You apparently missed:-
that we are moving to FreeBSD 10 for pfSense 2.2,
-
that the alpha for pfSense 2.2 dropped today,
-
and that FreeBSD 10 hasn't quite shipped yet (release builds began yesterday).
Says me, yes.
And why not?Pfsense 2.2 was and is still unreleased and was even pre-Alpha (!) when I wrote my reply almost three weeks ago.
The current stable is 2.1, which was released mid-september (2013!) and is based on FreeBSD 8.3.
FreeBSD 8.3-Release, in turn, was released in April 2012.
That makes… 17 months, doesn’t it?2.0 Release was mid-september ’11, based on FreeBSD 8.1 (July 2010)
Admittedly, that’s less than 18 months, but still more than a year.@gonzopancho:
And, actually, 802.11n support in FreeBSD 10 is pretty good. (Thanks to Adrian Chadd.)
I have somewhat followed development and I am looking forward to that.
But as you say, while FreeBSD 10 Release is impending, it still has not shipped.It will finally bring 802.11n support - at a time when mainstream Wi-Fi products are currently moving to 802.11ac.
Yet the latter is not even remotely being in sight on BSD.@gonzopancho:
And … 802.11n wasn't ratified until 4 years ago. So much for your '7 years' line of BS.
802.11n’s delay in ratification was a merely political hold-up, with little significance for real-world product availability.
802.11n access points have been available from mainstream manufacturers since 2006 or 2007 (like, for instance, Apple, among others), and they’ve been working and technically stable since 2007. Wikipedia is correct, when I “quote it: ”Prior to the final ratification, enterprises were already migrating to 802.11n networks based on the Wi-Fi Alliance's certification of products conforming to a 2007 draft of the 802.11n proposal.”
Just as running a stable 802.11n network was no problem in 2007, neither is running an 802.11ac network today.
(though obviously not on FreeBSD/pfSense).Now, please don’t get me wrong here. I think pfSense is an awesome product and I have no qualms whatsoever about its development cycle. In fact, I wouldn’t even want release versions to be, let alone run them “bleeding-edge”. As I believe firewall / gateway firmwares are things best approached conservatively and stably (with maybe the sole exception of security fixes). But I’d be more inclined to recommend adopting new/current wireless standards earlier. Waiting a bit longer may always be prudent in bigger production environments but at least there’s no inherent security risk associated with running the latest wireless. And please take into account to what I replied above here (and I quote again):
“Full-speed (…) Wifi (…) performance with little to no compromise.”
“to keep up with the Jones' on the wireless chipset support”That's what I way replying to.
And, give or take a few months here or there, I still don't see what's wrong about the main point I was trying to make here:
If you do need “full-speed Wifi performance with little compromise”, you aren't getting it with pfSense/FreeBSD today, and you won't be getting it anytime soon. You'd better run an external access point on 802.11n, or rather 802.11ac for future-proofedness. That is, in fact, what I do on my network, though it’s “only” 802.11n/2.4GHz. Personally, I won’t be needing more anytime soon, and I will be more than happy when this will be included and supported in pfSense.PS: Just for the record: without getting too much into technicalities, whenever I speak of 802.11n here, I do mean it with proper speed/rate control support (which FreeBSD lacked, even though the '11n standard has technically been supported in FreeBSD for some time)
-
-
The plan for pfSense 2.2 was announce prior to your post.
I wasn't involved with pfSense prior to September 2012 in any way other than the largest vendor and largest supporter of the project.
Since September 2012, I am a co-owner of the company behind pfSense (first BSDP, then ESF), as such, I have more ability to effect change.Since I am, by avocation and training, a software engineer (and before I quit all the dot-com BS and moved to Hawaii in 2004, someone who managed large software and hardware projects), I agree that the release process for pfSense has not been as crisp as it could be.
The extreme delays in getting pfSense 2.1 out the door were due to two primary factors:
-
an abortive attempt at basing 2.1 on FreeBSD 9.0. Most people in the FreeBSD community agree that 9.0 was "not good". When this happened, the decision was taken to base 2.1 on FreeBSD 8.3. This resulted in the partial loss of 6-8 months of work.
-
Adding support for IPv6 required extensive changes and testing. This takes time.
Also, during that time, the original partnership fractured, new owners came on-board, Chris moved from Kentucky to Austin, and several other things which are not appropriate for posting in a public forum were handled. These all slowed work to some degree.
–-
On the subject of 802.11ac, I'll just point out that it is still pre-standard. The 802.11ac standard is expected to clear final 802.11 Working Group approval and publication scheduled in early 2014. See: http://grouper.ieee.org/groups/802/11/Reports/802.11_Timelines.htm
When you say things like 802.11n’s delay in ratification was a merely political hold-up, with little significance for real-world product availability, you appear to not understand the standards process. There was no 802.11n standard prior to its approval and publication in 2007. If you had been in the 802.11 world as long as I have, you would understand that there can be severe financial consequences for claiming something as "802.11n" or "802.11ac" prior to the process completing. Yes, vendors have taken to shipping products marked with "draft" appended to the standards compliance claim. I can't help what greedy people do.
If you really want 802.11ac in FreeBSD, I'm sure I can find someone to make it happen faster for payment.
-
-
@gonzopancho:
@kdk:
hi, will pfsene 2.1 support these APU/chipsets ?????
Pascal reports that it's already running.
Would be really nice to know the throughput and NAT performance of the board, with and without traffic shaping.
-
Looks like it fits into the old enclosures (the alix.2 ones).
This now seems unlikely, at least without some modification, since they are relying on the enclosure to cool the CPU.
Rumor has it that the newer version cases (with antenna holes) will fit the new boards.
There's gonna be a heat spreader in place which is said to be "a bit tricky to position correctly". Black cases will give better cooling results as compared to other colors.
FWIW -
Black cases will give better cooling results as compared to other colors.
Some time ago I was trying to convince a colleague of mine of this fact. Despite being a very experienced engineer he didn't believe me, I actually had to run a test to prove it.
Do they do it in absolute black? ;)Steve
-
-
How much more black could this be…
-
;D
-
-
Should I expect the VPN accelerators (Soekris vpn1411) to work in the new device? I would love to know what 3DES throughput to expect from this new device, with and without 3DES accel. If current Alix has some 32Mbit/s 3DES with vpn1441 accel, you think some 50-60 Mbit/s would be within reach?
-
That specific card won't be usable as the new Alix only has mini-PCIe slots so it won't fit.
I would expect the software throughput tot be greater than that card is capable of anyway.Steve
-
That specific card won't be usable as the new Alix only has mini-PCIe slots so it won't fit.
I would expect the software throughput tot be greater than that card is capable of anyway.Oh, OK then.
I am in a bit of dilemma here… we will be upgrading from current ~15Mbs to 30 or more. Current 3DES throughput of Alix without the accel. is enough to fill the current bandwidth, but I have a constant 100% CPU usage. Once we upgrade to >30, Alix with accel would also be enough, but I'd have 100% CPU usage again. Is having constant ~100% usage something bad in the long run? The box does DHCP serving, DNS forwarding, NATing, firewalling... would those services get degraded because of near 100% CPU usage? If so, I will probably want to get some mini-ITX box, but I had good expirience with Alix devices so I'm hoping the new board would enough to cover the needs of the office using ~30 Mbit/s. Did any of you guys here get a demo board, maybe you can feed us with some numbers and benchmarks?
Once the new box comes out, do you expect to see some compatible VPN accelerators or you'd say we'll have to stick with software only encryption? -
The Jaguar-based processor planned for the release version supports the AES-NI instruction set, so provided it's supported in software, it would allow for accelerated throughput when using the AES cipher.
Either way, the new CPU cores are significantly faster than the current Geode CPU, so as stephenw10 said, it's likely the new ALIX will be faster in software than the current one is with accelerators.
-
The Jaguar-based processor planned for the release version
The release version will be based on the the older Ontario core (T40E) without AES-NI support, not on Jaguar.
When they say, Jaguar's on their roadmap, I'd take this as "further down the road". This design should be a much smaller step up than from Alix to the APU - but it's no simple drop-in replacement either. I think AES-NI support in software won't be a big issue - but I wouldn't hold my breath for an "AES-NI-capable Alix" hardware release earlier than 2015.
The pending 1st generation APU should be a magnitude faster than the Alix though. I should alsol be faster on crypto, even without hardware support.
-
It would be very interesting to see some acceleration using the graphics cores that would presumably otherwise be unused. I see people talking about that possibility.
Steve
-
I seem to remember reading (or possibly misreading) that the release version would use the Kyoto APU.
Of course, it becomes a one-chip solution with that so the board would need to be largely re-designed from the two-chip Brazos platform.
-
I seem to remember reading (or possibly misreading) that the release version would use the Kyoto APU.
That would be the Opteron on the roadmap.
I was referring to Pascal Dorniers post on the PC Engines support forum:
"Production boards will change from T40N (9W TDP) to T40E (6W TDP)"
-
Yeah, I'm just using the platform/market/core names interchangeably sorry. Worded another way, I thought the Jaguar part would be used on the release version, with the Bobcat platform only released in limited quantities.
Now I think of it though, that doesn't make a ton of sense.
Like I say I've probably just misread it somewhere. Either way, no biggie. :)
-
Hello gents, I got the APU board prototype yesterday with the recommended package:
apu1b board
case1d2blku enclosure (black gives best cooling)
ac12veur2 AC adapter (or ac12vus)
msata16a m-SATA SSD (optional)
wle200nx miniPCI wifi + 2 pigsma + 2 antsmadb (optional)First of all I tried flashing the embedded NanoBSD image to a SanDisk 4GB SDHC card (2) and it failed to mount the filesystem after boot, I also tried the Memstick image on the sdcard and it failed too, I'm not sure why but from the documentation provided with the board it says that the sdcard reader is connected through USB on board.
Next thing I tried was flashing the embedded nanobsd image on a usb flash drive and that also failed, I ended up booting it successfully with flashing the memstick-serial image on the usb flash drive, and installing the OS on the m-SATA, since installing on SDCard also failed using this method (got incorrect block/geometry I think)
the provided WiFi kept giving me kernel panic, I tried mixed G+N mode and it crashed with auto channel selection, when I set it to channel 11 it didn't crash the kernel but the wifi card failed to start and the interface kept showing as DOWN, also 802.11g failed and crashed the kernel:
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0xe
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff802e830f
stack pointer = 0x28:0xffffff802f059750
frame pointer = 0x28:0xffffff8000299000
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 74391 (ifconfig)
trap number = 12
panic: page fault
cpuid = 1
panic: bufwrite: buffer is not busy???
cpuid = 1ath0: unable to reset hardware; hal status 3
aath0: ath_chan_set: unable to reset channel 11 (2462 MHz, flags 0x480), hal status 3
th0: ath_reset: unable to reset hardware; hal status 3Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual aFatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0xe
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff802eaedd
stack pointer = 0x28:0xffffff80000209f0
frame pointer = 0x28:0xffffff8000299000
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 11 (swi4: clock)
trap number = 12
panic: page fault
cpuid = 1
ddress = 0xe
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff802e830f
stack pointer = 0x28:0xffffff802f02c750
frame pointer = 0x28:0xffffff8000299000
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 45851 (ifconfig)
trap number = 12Packages managing the LEDs aren't working.
-
Hello gents, I got the APU board prototype yesterday with the recommended package:
When you find the time it would be great if you could do some performance tests, like NAT / Routing performance with or without traffic shaping.
