Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Support Whitebox hardware switch/routers like Mellanox and Edge Core

    Scheduled Pinned Locked Moved Hardware
    3 Posts 2 Posters 682 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      beaster
      last edited by beaster

      Curious if anyone has tried running pfsense on old Mellanox hardware like the following
      A lot of these gear is lying around at rather cheap prices and the boxes are basically x64 compatible, the main pain will be the ASIC/NPU support

      Mellanox 851-0168-01 InfiniScale IV IS5023 InfiniBand Switch
Screen/Display size : 15.6
Processor Family : AMD Athlon
Memory size : 4
Hard Drive/Data Storage : 500
Processor Cores : Dual
Format : 2160p
Max resolution : 3840 x 2160
Megapixels : 10

      The obvious concern here is if the pfsense builds can support hardware forwarding between NIC's or of that needs to go back via the CPU, which would negate the value.

      At US$500 for second hand, the worst case is that I re-sell this unit with a little time allocated to learning.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        I would be amazed if pfSense/FreeBSD supported those ASICs. You will probably find you have only a management NIC available and all the routing/filtering will certainly be CPU only.

        If you have one already it might be a fun project but that is all. And $500 is a lot for that IMO.

        Steve

        B 1 Reply Last reply Reply Quote 0
        • B
          beaster @stephenw10
          last edited by beaster

          @stephenw10 , I work for a switching/routing hardware vendor, you'd be surprised at what is supported with BSD, the issue is that most of this code never leaves the private GIT repo of the vendors.

          What is exposed to the OS, for these boxes is the physical switch ports, the appear as native ethernet interfaces like any other device, the core difference however is that you can adjust the behavior of the ASICs that connect each of the ports. The switch ports and intra VLAN switching will operate natively without any need for the control plane to do anything, since this is the defacto operation of an ASIC in an un-managed switch. As long as the ASIC has the instruction for the VLAN tags per port, it will operate like a dumb switch. If not then all the ports are basically operating on an common un-tagged VLAN, which is usually not wise.

          The complexity start when you need traffic to exit a VLAN / IP interface. These boxes have the potential to operate as gen 1 or gen 2 firewalls that traditionally did not have custom designed firewall ASICs or FPGAs. These boxes would still use the CPU for inspection but would significantly reduce the cost point of a dense 1G or 2x 10G setup, with the basic assumption the CPU could handle 10Gbps of traffic.. which is unlikely for an Athlon.

          I doubt that PFsense development community has the time justification for driving even basic port to port single ASIC development for the free community. Realistically when your dealing with 3+ 10G links, pushing traffic over the CPU is not really viable at those speeds especially not on a Athlon CPU.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.