Hey, pfSense team: no love for old hardware?



  • Although I am generally very pleased with pfSense as a project, enough to even buy some stickers and if you keep it up maybe even a coffee mug or T-shirt or something. (However, as an enthusiast, it is unlikely I would ever purchase the more expensive services offered.)

    I am a little disappointed that the pfSense project has decided to send old hardware to the scrap heap. With 2.3, it is most computers that can't boot via USB. With (likely) 2.4, it will be most computers that don't have a SATA port, assuming most enthusiasts are like me and completely do not trust HDDs for 24/7 service and EIDE SSDs are typically more expensive than a used computer with SATA ports.

    The result of this is a negative contribution to the environment. The production of most technology devices involves a lot of polluting from every stage in the supply chain, including reclamation. I'm certainly not an environmental expert, but working in the scrap industry I have given this a lot of thought and I have concluded it is much better to put into use old equipment, most especially when there is little to no gain from upgraded equipment.

    I don't pretend to think that the development is trivial or resources unlimited, but it would be nice if there were some compromise offered for keeping this old stuff in use. And, I mean, really, what am I supposed to do with 137 blank DVD-Rs? Or my 32 MB CF card? (o;



  • i'm in no way involved with development decisions but for me its pretty simple:

    • hardware that doesn't boot from USB (older or equal to intel P3 era) is unlikely to provide me with enough performance/throughput to be of any use for me.
    • DVDs are going down the same path as the dodo. mediums change every couple of years (punch cards / early tapes / floppy disks are no longer used, because there was no longer a point in keeping them around)
    • <2GB flash media is harder to find & more expensive then their bigger counter parts.

    about the environment: keeping ancient tech in operation, is generally worse for the environment (read power-usage).



  • Perhaps the developers are more considerate of some things you may not be:

    -My Atom 330 is never taxed at all, except when loading the dashboard (~50% CPU for a few seconds). Note that my old Pentium Pro 200 could not boot from USB due to BIOS limitations. It also didn't need any fans.
    -My whole point is that making use of DVDs prevents more environmental waste, as there are tons of us who can get by just fine with only pfSense and no packages. Your reference to the dodo bird suggests a purely emotion-based path to hardware decisions.
    -The cost to me of my 32 MB and even 512 MB CF cards is zero because I already own them, as is the case for probably a whole lot of people who purchased such media in the early 2000s and still have a few hanging around in the bottom of a storage tub.

    About the environment: I used to have an old AMD board that only consumed about 30-35w, and, besides, electricity isn't the only thing that contributes to pollution. Actual calculations on net benefit are far more complicated and a surprising amount of the time will come out in favor of not replacing, assuming no increase in realized utility. Not to mention that only upgrading the PSU can result in a large increase in efficiency without having to purchase any additional hardware (I run picoPSU for efficiency and reliability, YMMV).


  • Netgate

    @openletter:

    I am a little disappointed that the pfSense project has decided to send old hardware to the scrap heap. With 2.3, it is most computers that can't boot via USB. With (likely) 2.4, it will be most computers that don't have a SATA port, assuming most enthusiasts are like me and completely do not trust HDDs for 24/7 service and EIDE SSDs are typically more expensive than a used computer with SATA ports.

    The only thing we took out of 2.3 was support for the LiveCD image.  It was just … too 90s for my taste.  You can still boot
    and install via CD (that's what the ISO image is for), and you can install to your EIDE device.

    pfSense 2.4 will remove 32-bit Intel (i386) images.  There are a couple reasons for this.  The primary one is to reduce the size of the
    test matrix.  Unless you've not been following, we're seriously contemplating ARM (and, in fact, have a dual port ARM board
    in design).  Also, with 2.4, we will be on FreeBSD 11, and will be bringing the standard FreeBSD boot loader to pfSense, rather than
    the one that has been used since the early days of the project.  This will, among other things, bring the possibility of ZFS support,
    and I don't want to deal with people attempting ZFS on low-memory 32-bit machines.

    Support for 2.3 will not end when 2.4 is released.  Chris and I just haven't made the announcement yet.

    And, I mean, really, what am I supposed to do with 137 blank DVD-Rs? Or my 32 MB CF card? (o;

    I dunno, art project?



  • Well, I can understand the move away from 32-bit. It seems like everything is going that way and development resources is obviously an important issue.

    The problem with EIDE is that it really just isn't economical. I've had too many HDDs fail in relatively short order after putting them on server duty, and network gateways never fail at a convenient time. That said, my old Jetway does have SATA ports, but I moved back to LiveCD after an SSD failure (it was a very low quality and old SSD - I knew I was pushing it).

    I believe we are both referring to this statement from the documentation wiki:

    Planning for the Future
    NanoBSD will be phased out in a future major version, likely pfSense 2.4. We recommend investigating alternate installation methods now rather than waiting and being surprised later. In most cases, a full installation may be used in its place. Activating the option to keep /var and /tmp in RAM can typically yield the same net benefits for older/slower CF and SD media. Firewalls with modern SSDs should have no concerns with writes.

    I wasn't sure if I could take this to mean that the 8GB microSD I've targeted for running pfSense on will work reliably by keeping /var and /tmp in RAM, but if you plan to keep supporting 2.3, that would do me just fine.

    As for ARM, I haven't messed around with or looked at various ARM hardware options, but I'm definitely hip to the ginormous power savings the platform offers.

    From the sounds of it, I'd almost say a FreeNAS/OMV style fork is coming lol.



  • @jwt:

    Unless you've not been following, we're seriously contemplating ARM (and, in fact, have a dual port ARM board
    in design).

    Well, great news… the big question is, will this version, for the ARM architecture, be Open Source and avaiable like the current one?

    @jwt:

    Support for 2.3 will not end when 2.4 is released.  Chris and I just haven't made the announcement yet.

    I asked the previous question and this phrase also made me think… we have a "Community Edition" under the logo now, does this mean we will have two versions? One paid and one free?


  • Rebel Alliance Developer Netgate

    LFCavalcanti, Those questions have already been asked and answered in other threads. Don't start that nonsense FUD on unrelated threads again. Start your own thread if you want to discuss it and can't find any of the existing threads (on the retired 2.3 board).



  • @jimp:

    LFCavalcanti, Those questions have already been asked and answered in other threads. Don't start that nonsense FUD on unrelated threads again. Start your own thread if you want to discuss it and can't find any of the existing threads (on the retired 2.3 board).

    Right here is the problem with you guys… If I'm asking it's because I don't know of any previous statements anyone from ESF made about the questions I posted.

    Point me to the threads, discussions on Github or Redmine ticket this was addressed. Otherwise, calling everything people raise about the project as "nonsense FUD" will not grant you any win on the argument.

    EDIT:
    As you might answer in the same manner here, I'll create two threads to address the questions.


  • Rebel Alliance Developer Netgate

    2 seconds of clicking later:

    https://forum.pfsense.org/index.php?topic=108822.0

    You can't expect us to repeat ourselves constantly for nonsense like that. You have to accept some burden to locate the answers. Just because you haven't seen the answers doesn't mean they don't exist, only that you haven't looked enough. And even then, new subject, new thread, don't hijack threads.



  • I made the jump to 'old' 64-bit hardware around the time of 2.1.5 and I am pleased that I did. I still have one 32-bit pfSense machine in service but that's simply because it is practically silent and is used in a noise sensitive area. I reluctantly scrapped most of my 32-bit hosts at the recyclers and bought thirteen old 64-bit server class machines to replace them for less than the cost of a budget spec new Windows10 laptop.

    I think amd64/x64 hardware will be common for a long time yet but ARM kit will flash by as quick as mobile phone hardware does. I am surprised about pfSense considering ARM it must be a 'factory' requirement. For the Community Edition ARM has the added complexity of processor variety that is almost proprietory with bits and bobs of some ARM versions being used in others E.g. RaspberryPi ARM6+7 as well as 32-bit and 64-bit versions needing some GPL violating binary blob for some functionality.



  • Please stop using hardware more than 8 years old. Supporting old hardware holds everyone back. Either you're moving forward or backward.



  • @Harvy66:

    Please stop using hardware more than 8 years old.

    No, thank you.



  • @Harvy66:

    Please stop using hardware more than 8 years old. Supporting old hardware holds everyone back. Either you're moving forward or backward.

    I don't think what matters here is the age of a piece of hardware, but the technology standards it conforms to.

    There's a huge difference between an Intel Pentium 4 an a Core i7 for sure, but not much difference between a Core 2 Duo and a Core i7 when it comes to hardware compatibility.

    Performance in the other hands has to be scaled, but that's another conversation entirely…

    In any case, the SG-2440 on the pfSense store does better with a cheap price than most old Hardware you can buy.



  • @Harvy66:

    Please stop using hardware more than 8 years old. Supporting old hardware holds everyone back. Either you're moving forward or backward.

    Free hardware trumps holding you back every time.


  • Netgate

    Some things that have no initial cost are still not free.



  • @jwt:

    Some things that have no initial cost are still not free.

    Like the school district north of me that in the earlier part of last decade had a donor that wanted to give them 20 brand new computers.

    The district thought about it and decided to not accept the donation based on the ongoing maintenance and replacement costs that would follow.


  • Galactic Empire Netgate

    @openletter:

    @Harvy66:

    Please stop using hardware more than 8 years old.

    No, thank you.

    You would like to keep your old hardware but use new software?



  • I think its time to dig out that old 286 that I have stashed in the garage!  ;D



  • I think its time to dig out that old 286 that I have stashed in the garage!

    Don't laugh, up until pfSense 2.2.5, I had one site still running on an old P-III w/384MB RAM

    They finally succumbed to progress and  moved into the 90's with a 64 bit machine - last year



  • The days of grabbing an old piece of junk out of the closet and repurposing it are coming to an end.

    Increasingly in the industry, new software requires new hardware. It's becoming a simple fact of life. There are many good reasons behind this, but two that I will call out are 1) the greater overall system advances that are achieved by the software taking advantage of the new hardware, and 2) the dramatic reduction in QA and support costs. The economics are plain and simple. Given a option between "how do we make this work on 5+ year old hardware" and "how can we make use of Intel's new instruction set", the choice is clear. [Btw, don't assume that because something is open source that economics don't apply–the currency is people's time.]

    And at some point, all other things aside, old hardware becomes a loosing proposition. The bathtub curve always wins in the end.

    Five years and out. Trending down.



  • I'm sad 32bit support has ended as I got a real kick out of my router being a 2004 vintage P4 box I got for free. I've had a lot of great years with this machine. Now, I'm replacing it with a Xeon-based machine I bought from a recycler for about $30. No more will I be on 768MB of RAM, but rather 6GB. Thing is, for what my router does, which is definitely routing and the like, the P4 probably could be good for some years to come. I don't really need or want pfsense to add tons of other features, as I like my infrastructure to be compartmentalized. No matter, the change is more of a minor inconvenience than anything. I might whine more if I were paying anything, but you know… I'm not. So thanks pfsense!


    UPDATE: Here I am about an hour later, running on my "new" pfsense router. I gotta admit the switch from a Dell Optiplex GX260 to a Dell Precision 490 (P4 2.26GHz, 1core, 768MB memory to Xeon 5120 1.87GHz, 4 threads, 6GB memory). This $36 Xeon dumpster box from around 2010 should serve me well for another decade or four. I bet it'll be retired only to switch to something more power efficient. My exported pfsense had a lot of customizations in it, but it imported easily. The only issue at all was some interface names had changed. pfsense handled that easily. I even brought over one of my PATA drives without much effort (I use it for squid cache). Hah. Retro upgrade.

    Based on numerous before and after throughput tests (speedtest.net), seems my latency is about the same, in some cases a lot higher, in a few cases barely faster. My up and down throughput remains basically identical to before dumping my P4 rig. Any of these changes may simply be due to the time of day (Saturday, mid-day).


    UPDATE 2: Well, my new machine derailed pretty hard after not too long. After the initial install, I imported my old config. Then I updated one minor pfsense release to the latest version successfully. Then I made some minor config changes and added a line to my /etc/fstab that I confirmed working by invoking it from the command-line. Finally, I did a last reboot to confirm all was stable and it died with this message:

    I tried a few minor things to recover, but ultimately just reinstalled. But this time I opted not to bother with ZFS and just went with UFS. I've added back my fstab mod and all's well. Everything's updated again, reboots are survived. I'm inclined not to blame ZFS, but.. Maybe.



  • dennypage - I disagree.  I think the reasonable limits for an opensource project should be OS limits.

    For example…  An OS won't boot with less than a certain amount of ram.  Or the OS removed support for this or that hardware.

    If you have to spend time writing code to exclude certain hardware, you are not acting like any opensource project I know of.

    Hell - Go that route and people will just buy cisco.



  • @kejianshi:

    dennypage - I disagree.  I think the reasonable limits for an opensource project should be OS limits. 
    Hell - Go that route and people will just buy cisco.

    Dude-  Your replying to a post from April 2016..    ;D

    But have you tried to run Cisco software on a non Cisco device?    Good luck!

    32 bit has another year of updates at this point.  At the end of that year the boxes are not going to magically stop working..  (well, maybe have a higher failure rate due to age)

    People still using 32 bit equipment will still be more secure than consumer grade store bought routers bought today in a couple of years I bet.  But it gives them time to plan and find a new AES-NI box.  :)


  • Netgate

    Not building and maintaining and testing the 32-bit subsystem is not more work as asserted. It is less work.



  • In my case I was referring to AES-NI.  Which I still think 95% of users don't NEED.

    For most people its just a cool spec they get to "oooooohhhhh" over when they look at their dashboard.

    I run VPNs on every box I've installed, so I probably NEED it more than most.  And I still don't need it.

    If I had gigabit connections on both ends of a VPN tunnel I probably would.  Thats still an extremely small percent of users.


  • Galactic Empire Netgate

    Let's not revive old threads please. The 64bit and AES-NI requirements have been discussed many times, it's time to move on. Thank you.


Locked