Ubiquiti edgerouter lite support?
-
Hey guys, it's easy to get FreeBSD on there and it runs okay, see http://rtfm.net/FreeBSD/ERL
Note that the work is based on FreeBSD 10.
Note that pfSense 2.2 is based on FreeBSD 10.Would you like fries with that?
-
Someone was able to get FreeBSD running on Ubiquiti's Edgerouter Lite:
http://bsdfeed.com/discussion/180344/ubiquiti-edgerouter-lite-works-multi-user-with-current-
Nice! though it sounds like it may still be a ways away from actually being in a state that could run pfSense. His install process seems a bit complex […]
FYI, Juli Mallett (http://people.freebsd.org/~jmallett/) is female.
-
I'm looking forward to the port, I'm fooling with mine now that I got the latest firmware into it and there are many missing features and aggravations compared to pfSense.
-
You teasing the forum again Gonzopancho? ;)
Support for alternative architectures, of any sort, is awesome. It will be very interesting to see how this performs without the FPGA/proprietary module. The link above gives just one figure for anything: 112Mbps over a single NIC. No doubt that could be improved with some polishing. Looking forward to more results… :)Steve
-
Gonzopacho, I did not mean to offend you, very sorry if I did. I only posted the link for the guy who said it was hard to install and anyone else interested, not to impugn your hard work in any way.
-
Thanks gonzo, I didn't mean to imply that there was any rush or pressure, and I do understand those FreeBSD 10 pfSense 2.2 issues - there would be completely no point in even attempting to backport such a thing to FreeBSD 8.3 pfSense 2.1! I had just looked at the hardware specs and particularly noticed the wide range DC input of the bottom-end box.
-
everyone, I'm not offended.
Potentially, things won't be too bad:
http://community.ubnt.com/t5/EdgeMAX/Tolly-report/m-p/328234/highlight/true#M1794
-
Could you tell a little bit more what you know about the hardware crypto support? I installed FreeBSD on mine and /dev/crypto seems to speed up AES by 2x. Is there more hardware on there that needs support? Or only more proprietary/FPGA stuff or something?
-
2X seems pretty good. It depends on what you hand to the processor, of course.
I have the timings for a CN5230-700-SCP (similar, but 4 cores, instead of the 2 core in the ERL) handy:
% ./cryptotest -d cryptocteon -a aes 131072 16 32 64 128 256 512 1024 2048 4096 8192 16384 65536
2.660 sec, 262144 aes crypts, 16 bytes, 1576866 byte/sec, 12.0 Mb/sec
2.704 sec, 262144 aes crypts, 32 bytes, 3102746 byte/sec, 23.7 Mb/sec
2.631 sec, 262144 aes crypts, 64 bytes, 6376600 byte/sec, 48.6 Mb/sec
3.015 sec, 262144 aes crypts, 128 bytes, 11127423 byte/sec, 84.9 Mb/sec
3.294 sec, 262144 aes crypts, 256 bytes, 20374218 byte/sec, 155.4 Mb/sec
3.896 sec, 262144 aes crypts, 512 bytes, 34448261 byte/sec, 262.8 Mb/sec
5.240 sec, 262144 aes crypts, 1024 bytes, 51225481 byte/sec, 390.8 Mb/sec
7.921 sec, 262144 aes crypts, 2048 bytes, 67775915 byte/sec, 517.1 Mb/sec
13.078 sec, 262144 aes crypts, 4096 bytes, 82104791 byte/sec, 626.4 Mb/sec
34.394 sec, 262144 aes crypts, 8192 bytes, 62437704 byte/sec, 476.4 Mb/sec
61.838 sec, 262144 aes crypts, 16384 bytes, 69454744 byte/sec, 529.9 Mb/sec
222.462 sec, 262144 aes crypts, 65536 bytes, 77226068 byte/sec, 589.2 Mb/sec% ./cryptotest -d cryptocteon -z 10000
0.207 sec, 20000 des crypts, 8 bytes, 771672 byte/sec, 5.9 Mb/sec
0.204 sec, 20000 des crypts, 16 bytes, 1569074 byte/sec, 12.0 Mb/sec
0.207 sec, 20000 des crypts, 32 bytes, 3090802 byte/sec, 23.6 Mb/sec
0.204 sec, 20000 des crypts, 64 bytes, 6280452 byte/sec, 47.9 Mb/sec
0.231 sec, 20000 des crypts, 128 bytes, 11065772 byte/sec, 84.4 Mb/sec
0.261 sec, 20000 des crypts, 256 bytes, 19648853 byte/sec, 149.9 Mb/sec
0.316 sec, 20000 des crypts, 512 bytes, 32406704 byte/sec, 247.2 Mb/sec
0.437 sec, 20000 des crypts, 1024 bytes, 46846443 byte/sec, 357.4 Mb/sec
0.683 sec, 20000 des crypts, 2048 bytes, 59981783 byte/sec, 457.6 Mb/sec
1.149 sec, 20000 des crypts, 4096 bytes, 71267814 byte/sec, 543.7 Mb/sec
2.934 sec, 20000 des crypts, 8192 bytes, 55844823 byte/sec, 426.1 Mb/sec
0.209 sec, 20000 3des crypts, 8 bytes, 766956 byte/sec, 5.9 Mb/sec
0.210 sec, 20000 3des crypts, 16 bytes, 1523084 byte/sec, 11.6 Mb/sec
0.209 sec, 20000 3des crypts, 32 bytes, 3065589 byte/sec, 23.4 Mb/sec
0.210 sec, 20000 3des crypts, 64 bytes, 6088686 byte/sec, 46.5 Mb/sec
0.238 sec, 20000 3des crypts, 128 bytes, 10757704 byte/sec, 82.1 Mb/sec
0.267 sec, 20000 3des crypts, 256 bytes, 19188391 byte/sec, 146.4 Mb/sec
0.322 sec, 20000 3des crypts, 512 bytes, 31841588 byte/sec, 242.9 Mb/sec
0.438 sec, 20000 3des crypts, 1024 bytes, 46730998 byte/sec, 356.5 Mb/sec
0.681 sec, 20000 3des crypts, 2048 bytes, 60152408 byte/sec, 458.9 Mb/sec
1.148 sec, 20000 3des crypts, 4096 bytes, 71336390 byte/sec, 544.3 Mb/sec
2.931 sec, 20000 3des crypts, 8192 bytes, 55898496 byte/sec, 426.5 Mb/sec
0.204 sec, 20000 aes crypts, 16 bytes, 1568774 byte/sec, 12.0 Mb/sec
0.204 sec, 20000 aes crypts, 32 bytes, 3139240 byte/sec, 24.0 Mb/sec
0.205 sec, 20000 aes crypts, 64 bytes, 6231986 byte/sec, 47.5 Mb/sec
0.230 sec, 20000 aes crypts, 128 bytes, 11135373 byte/sec, 85.0 Mb/sec
0.253 sec, 20000 aes crypts, 256 bytes, 20260538 byte/sec, 154.6 Mb/sec
0.299 sec, 20000 aes crypts, 512 bytes, 34257345 byte/sec, 261.4 Mb/sec
0.401 sec, 20000 aes crypts, 1024 bytes, 51065570 byte/sec, 389.6 Mb/sec
0.603 sec, 20000 aes crypts, 2048 bytes, 67874353 byte/sec, 517.8 Mb/sec
0.996 sec, 20000 aes crypts, 4096 bytes, 82248583 byte/sec, 627.5 Mb/sec
2.628 sec, 20000 aes crypts, 8192 bytes, 62340145 byte/sec, 475.6 Mb/sec
0.210 sec, 20000 aes192 crypts, 16 bytes, 1524238 byte/sec, 11.6 Mb/sec
0.208 sec, 20000 aes192 crypts, 32 bytes, 3073451 byte/sec, 23.4 Mb/sec
0.209 sec, 20000 aes192 crypts, 64 bytes, 6117903 byte/sec, 46.7 Mb/sec
0.236 sec, 20000 aes192 crypts, 128 bytes, 10838364 byte/sec, 82.7 Mb/sec
0.258 sec, 20000 aes192 crypts, 256 bytes, 19828438 byte/sec, 151.3 Mb/sec
0.310 sec, 20000 aes192 crypts, 512 bytes, 33049209 byte/sec, 252.1 Mb/sec
0.414 sec, 20000 aes192 crypts, 1024 bytes, 49462745 byte/sec, 377.4 Mb/sec
0.632 sec, 20000 aes192 crypts, 2048 bytes, 64853636 byte/sec, 494.8 Mb/sec
1.044 sec, 20000 aes192 crypts, 4096 bytes, 78501044 byte/sec, 598.9 Mb/sec
2.720 sec, 20000 aes192 crypts, 8192 bytes, 60235516 byte/sec, 459.6 Mb/sec
0.208 sec, 20000 aes256 crypts, 16 bytes, 1537796 byte/sec, 11.7 Mb/sec
0.209 sec, 20000 aes256 crypts, 32 bytes, 3059829 byte/sec, 23.3 Mb/sec
0.205 sec, 20000 aes256 crypts, 64 bytes, 6236449 byte/sec, 47.6 Mb/sec
0.232 sec, 20000 aes256 crypts, 128 bytes, 11014922 byte/sec, 84.0 Mb/sec
0.262 sec, 20000 aes256 crypts, 256 bytes, 19547506 byte/sec, 149.1 Mb/sec
0.316 sec, 20000 aes256 crypts, 512 bytes, 32439453 byte/sec, 247.5 Mb/sec
0.427 sec, 20000 aes256 crypts, 1024 bytes, 47990177 byte/sec, 366.1 Mb/sec
0.655 sec, 20000 aes256 crypts, 2048 bytes, 62559948 byte/sec, 477.3 Mb/sec
1.090 sec, 20000 aes256 crypts, 4096 bytes, 75147759 byte/sec, 573.3 Mb/sec
2.807 sec, 20000 aes256 crypts, 8192 bytes, 58366681 byte/sec, 445.3 Mb/sec
0.105 sec, 10000 md5 crypts, 8 bytes, 760948 byte/sec, 5.8 Mb/sec
0.104 sec, 10000 md5 crypts, 16 bytes, 1542124 byte/sec, 11.8 Mb/sec
0.097 sec, 10000 md5 crypts, 32 bytes, 3302305 byte/sec, 25.2 Mb/sec
0.110 sec, 10000 md5 crypts, 64 bytes, 5832445 byte/sec, 44.5 Mb/sec
0.117 sec, 10000 md5 crypts, 128 bytes, 10968107 byte/sec, 83.7 Mb/sec
0.128 sec, 10000 md5 crypts, 256 bytes, 20050753 byte/sec, 153.0 Mb/sec
0.155 sec, 10000 md5 crypts, 512 bytes, 33073226 byte/sec, 252.3 Mb/sec
0.209 sec, 10000 md5 crypts, 1024 bytes, 49065644 byte/sec, 374.3 Mb/sec
0.318 sec, 10000 md5 crypts, 2048 bytes, 64374782 byte/sec, 491.1 Mb/sec
0.961 sec, 10000 md5 crypts, 4096 bytes, 42634158 byte/sec, 325.3 Mb/sec
1.505 sec, 10000 md5 crypts, 8192 bytes, 54440322 byte/sec, 415.3 Mb/sec
0.103 sec, 10000 sha1 crypts, 8 bytes, 774646 byte/sec, 5.9 Mb/sec
0.098 sec, 10000 sha1 crypts, 16 bytes, 1630590 byte/sec, 12.4 Mb/sec
0.098 sec, 10000 sha1 crypts, 32 bytes, 3280167 byte/sec, 25.0 Mb/sec
0.109 sec, 10000 sha1 crypts, 64 bytes, 5893132 byte/sec, 45.0 Mb/sec
0.116 sec, 10000 sha1 crypts, 128 bytes, 11046386 byte/sec, 84.3 Mb/sec
0.126 sec, 10000 sha1 crypts, 256 bytes, 20372920 byte/sec, 155.4 Mb/sec
0.152 sec, 10000 sha1 crypts, 512 bytes, 33646801 byte/sec, 256.7 Mb/sec
0.201 sec, 10000 sha1 crypts, 1024 bytes, 50823651 byte/sec, 387.8 Mb/sec
0.300 sec, 10000 sha1 crypts, 2048 bytes, 68263254 byte/sec, 520.8 Mb/sec
0.921 sec, 10000 sha1 crypts, 4096 bytes, 44478373 byte/sec, 339.3 Mb/sec
1.421 sec, 10000 sha1 crypts, 8192 bytes, 57648975 byte/sec, 439.8 Mb/sec -
Very cool, thanks.
-
This post is deleted! -
Just saw this today: http://rtfm.net/FreeBSD/ERL/
-
I'd love to see a port for the edgerouter lite. This would be great!!
I have a couple of them running and once you get a handle on the CLI commands its not too difficult to setup. Though it is a bit of a learning curve and I would not recommend them to anyone that doesn't feel comfortable learning a new CLI setup system.
When they first came out and I first got one I was overly optimistic about the performance numbers and their marketing might be somewhat deceptive in this regard. There are a lot of features in EdgeOS that will disable the offload engine when they are enabled. Some of those things that I have discovered are: dual wan load balancing, bridging two interfaces, QoS traffic shaping, Flow accounting, all of which disable hardware offload.
Without the hardware offload it's still a nice little box but it's just not mind blowingly amazing anymore.While I really like the idea of an egderouter port (because I already have them) generally I would just like to see a port for some kind of small low power, fan-less router device in the $100 range that has reasonable performance for SOHO type small networks.
-
While I really like the idea of an egderouter port (because I already have them) generally I would just like to see a port for some kind of small low power, fan-less router device in the $100 range that has reasonable performance for SOHO type small networks.
While it doesn't exactly meet your requirements - has a small fan - this device from newegg is close http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007. I've set one up and it has been running solid for a couple of weeks. Since I added a quieter 40mm fan, the total for the empty box ended up being about $140. With 2GB and a cheap 2.5" drive or SSD you can be out for around $200.
I also just ordered an aluminium celeron 1037u box from taobao (see https://forum.pfsense.org/index.php?topic=75262.msg411063#msg411063). I'm taking a little chance on that one… but it certainly looks like an nice little box - and it is fanless.
-
Like you said the devices you linked don't really meet my requirements.
Another requirement that I did not mention is a minimum of 3 network ports. Otherwise I need to add in an inexpensive VLAN switch such as the Mikrotik RB260 and this just adds to the overall cost and complexity of the setup.
I am also not fond of these direct from china boxes and would prefer something from a better known company.
I generally recommend buying two boxes so that a spare is on site and ready to go (cold standby) because it's almost impossible to buy stuff locally anymore. So your solution would be about $500 (with two of the boxes you linked and two managed switched) + $$ for labor at which point my cheap clients start complaining. $200 + labor for the edgerouter solution would be a much easier sell.Anyway I do NOT want to turn this thread into a discussion on alternatives to the edgerouter. That's what new threads are for.
-
@SunCatalyst:
Hope you can still work on this a bit at a time as 2.2 seems a ways off for sure….
2.2 gets closer every day.
-
It sounds interesting to try pfSense on an EdgeRouter.
-
Could you tell a little bit more what you know about the hardware crypto support? I installed FreeBSD on mine and /dev/crypto seems to speed up AES by 2x. Is there more hardware on there that needs support? Or only more proprietary/FPGA stuff or something?
If you (or somebody else) still got FReeBSD running on this device I would like to know some real life experience when using AES-256-CBC for OpenVPN tunnel. I'm stuck at about 7 Mbit/s with stock firmware. A UBNT staff makes the, in my opinion uneducated guess, OpenVPN itself is to blame for poor performance: http://community.ubnt.com/t5/EdgeMAX/OpenVPN-site-to-site-speed-limit-10-Mbit/m-p/925934#M36502
Crypto offloading seems on their ToDo list since the release of the product.
So I am curious what speed you get using the crypto h/w running FreeBSD.
Of course I would like to see pfSense as well for this router but I am waiting patiently. -
any news after the release of the 2.2 version of pfSense?
-
Knew this was coming, one work day after the release.
Not even mad. (But not answering.). :-X