Support Whitebox hardware switch/routers like Mellanox and Edge Core
-
Curious if anyone has tried running pfsense on old Mellanox hardware like the following
A lot of these gear is lying around at rather cheap prices and the boxes are basically x64 compatible, the main pain will be the ASIC/NPU supportMellanox 851-0168-01 InfiniScale IV IS5023 InfiniBand Switch Screen/Display size : 15.6 Processor Family : AMD Athlon Memory size : 4 Hard Drive/Data Storage : 500 Processor Cores : Dual Format : 2160p Max resolution : 3840 x 2160 Megapixels : 10
The obvious concern here is if the pfsense builds can support hardware forwarding between NIC's or of that needs to go back via the CPU, which would negate the value.
At US$500 for second hand, the worst case is that I re-sell this unit with a little time allocated to learning.
-
I would be amazed if pfSense/FreeBSD supported those ASICs. You will probably find you have only a management NIC available and all the routing/filtering will certainly be CPU only.
If you have one already it might be a fun project but that is all. And $500 is a lot for that IMO.
Steve
-
@stephenw10 , I work for a switching/routing hardware vendor, you'd be surprised at what is supported with BSD, the issue is that most of this code never leaves the private GIT repo of the vendors.
What is exposed to the OS, for these boxes is the physical switch ports, the appear as native ethernet interfaces like any other device, the core difference however is that you can adjust the behavior of the ASICs that connect each of the ports. The switch ports and intra VLAN switching will operate natively without any need for the control plane to do anything, since this is the defacto operation of an ASIC in an un-managed switch. As long as the ASIC has the instruction for the VLAN tags per port, it will operate like a dumb switch. If not then all the ports are basically operating on an common un-tagged VLAN, which is usually not wise.
The complexity start when you need traffic to exit a VLAN / IP interface. These boxes have the potential to operate as gen 1 or gen 2 firewalls that traditionally did not have custom designed firewall ASICs or FPGAs. These boxes would still use the CPU for inspection but would significantly reduce the cost point of a dense 1G or 2x 10G setup, with the basic assumption the CPU could handle 10Gbps of traffic.. which is unlikely for an Athlon.
I doubt that PFsense development community has the time justification for driving even basic port to port single ASIC development for the free community. Realistically when your dealing with 3+ 10G links, pushing traffic over the CPU is not really viable at those speeds especially not on a Athlon CPU.