via C7 as a network router

[kharan5876]

So I was looking at these Jetway boards http://www.mini-itx.com/store/?c=2#j7f2

I want to build a low powered network router, with wireless. These boards seem perfect because you can add a module to get 4 gigabit ports and then use the pci slot to add a wireless card.

So anyway I was looking at the cpu options and we have
1.2Ghz Eden Fanless
1.5Ghz
2.0Ghz

I would really like to go with the 1.2 Eden as it will give the most power savings but I am a little worried. Does anyone here know if the eden would be able to handle 4 gigabit ports, wireless, and routeing/firewall?

I have looked around google and have not found any good reviews or tests. I don't want to buy the eden and find out it is not powerful enough.

 

[Blue Fox]

You really don't need very much for a router/firewall. It really depends on what software you'll be running to be honest.

 

[MisterSparkle]

Most wireless/gigabit routers you will find these days have sub 500mhz processors in them, and contain around 32mb of ram.

"You really don't need very much for a router/firewall. It really depends on what software you'll be running to be honest."

Exactly. With 1ghz or more to spare on CPU, you won't even need that efficient an installation, and you can start handing it more tasks, such as making it an NTP server as well

The 1.2 looks to be the only fanless model too. Try to stay away from fans if at all possible, and design/have a case with plenty of ventilation.

 

[King of Heroes]

Yeah, Smoothwall 3.0 SP1's system specs (I'm assuming you'll be using Smoothwall for this) aren't that big either:

http://internap.dl.sourceforge.net/sourceforge/smoothwall/smoothwall-express-3.0-install-guide.pdf

Processor: Intel Pentium 200 MHz or compatible processors.

Memory: 128 MB of RAM. More RAM is required for additional services.

Storage: 2 GB hard disk – IDE and SCSI devices supported.

NICs: A minimum of one supported.

If the connection to the Internet is via a broadband device such as a
cable modem, ethernet-presented ADSL, or another ethernet-presented
connection, you will need a second NIC.

Keyboard: If the system BIOS supports boot without keyboard, this is only
required for the initial installation.

Video Card: Only required when installing SmoothWall Express.

Monitor: Only required when installing SmoothWall Express.

CD-ROM: Only required when installing SmoothWall Express.

---

1.2 GHz and the 1GB of memory that board supports is more than enough (probably overkill actually).

 

[Shaggy3zx]

I have looked around google and have not found any good reviews or tests. I don't want to buy the eden and find out it is not powerful enough.

I think it just depends on your needs. I was in the same boat and decided to build a router that used a m-atx board, 1.2ghz celeron processor and intel gb nics. We went this direction because we wanted to use commodity hardware that is readily available and didn't care to fit all the components into a 1U form factor. PFsense has worked out great but we did find that the snort module really gobbled up ram. We have never had issues with cpu load.

 

[Tekara]

I use one of those boards with a 2.0ghz C7 and it works well enough. Have it running M0n0wall as a wireless AP and a router. Only complaint is that the processor, even at 2.0 ghz, isn't powerful enough for anywhere close to gigabit speeds.

 

[OmegaAvenger]

I use one of those boards with a 2.0ghz C7 and it works well enough. Have it running M0n0wall as a wireless AP and a router. Only complaint is that the processor, even at 2.0 ghz, isn't powerful enough for anywhere close to gigabit speeds.

What kind of NICs? If you grab a dual port gigabit intel controller it should have TCP offloading and outta reduce the overhead alot. I have 2 10/100 onboard intel and a dual port PCI 10/100 intel card and my CPU usage rarely ever goes over 30-40% on a celeron 733mhz when I max my connection. I just grabbed 2 of those dual gb NICs the other day for $20 each PCI-X though.

 

[The Spyder]

Running PFsense on a M10000 with 512mgs right now. Works great.

 

[Tekara]

What kind of NICs? If you grab a dual port gigabit intel controller it should have TCP offloading and outta reduce the overhead alot. I have 2 10/100 onboard intel and a dual port PCI 10/100 intel card and my CPU usage rarely ever goes over 30-40% on a celeron 733mhz when I max my connection. I just grabbed 2 of those dual gb NICs the other day for $20 each PCI-X though.

I use a 3-port 10/100/1000 riser card that Jetway makes for that particular motherboard. The only PCI slot is used for the wireless card, so I wouldn't be able to make use of that setup. The box is able to max a 100mbit connection without issue, so it's not a big concern to me. However, it may be to the OP whom looks to be considering a setup nearly like mine.

 

[OmegaAvenger]

I use a 3-port 10/100/1000 riser card that Jetway makes for that particular motherboard. The only PCI slot is used for the wireless card, so I wouldn't be able to make use of that setup. The box is able to max a 100mbit connection without issue, so it's not a big concern to me. However, it may be to the OP whom looks to be considering a setup nearly like mine.

aaah... so wait you have a 100mbit internet connection? or are you routing between seperate networks all connected to the router?

 

[Tekara]

aaah... so wait you have a 100mbit internet connection? or are you routing between seperate networks all connected to the router?

Heh, don't I wish I lived in Japan. No, it is indeed separate networks connected to the router. It all works out rather nicely, the network card built into the motherboard is only 10/100, so the WAN is connected to that. Then the three gigabit ports are used for routing between the different networks. I segregate the computers into 3 networks: Wireless, LAN and my "server." This is where m0n0wall shines, allowing me to control how the networks talk to each other.

 

[OmegaAvenger]

Heh, don't I wish I lived in Japan. No, it is indeed separate networks connected to the router. It all works out rather nicely, the network card built into the motherboard is only 10/100, so the WAN is connected to that. Then the three gigabit ports are used for routing between the different networks. I segregate the computers into 3 networks: Wireless, LAN and my "server." This is where m0n0wall shines, allowing me to control how the networks talk to each other.

aah, my friend has his similar. LAN, WLAN, and WAN. He also has a captive portal on his WLAN for shens.

 

[/dev/null]

I use openbsd/pf & it probably eats 32M ram and 2G of disk space (assuming you have /usr/src on the local machine and compile your own patches from the errata page). On both a C3 and a pentium pro 200, it was entirely idle.

I took down both those boxes as they were too power hungry and way too idle & made an openbsd pf firewall in a vm on "proxmox ve". Works great & my lan is now eating less power I plan to create 2 more nodes for realtime failover. It is actually pretty sweet how it works & not too hard to setup either.

Less power = less cooling = more UPS battery time & cheaper electrical bill.

 

[DarthWombaT]

I've been running a C7 1500mhz m0n0wall

 

[CBD]

IMO, I would look for a used Via C7 Everex PC and build it off that.

 

[mrmylanman]

Even Cisco routers have relatively weak CPUs in them, so you should be fine. Shuffling frames around doesn't take much power or memory. If it's for home use, most definitely enough power. If it's for a medium or larger sized business? Might want to look at actual routing equipment then.

 

[OmegaAvenger]

Even Cisco routers have relatively weak CPUs in them, so you should be fine. Shuffling frames around doesn't take much power or memory. If it's for home use, most definitely enough power. If it's for a medium or larger sized business? Might want to look at actual routing equipment then.

yes, but they are RISC cpus running a highly specialized OS with highly specialized hardware. I'm sure the actually NICs in the routers have TCP checksum offloading with their own ASICs to further reduce load. Monowall/pfsense/etc. isn't as specialzed (so they can run on such a wide variety of hardware, and those VIA motherboards, i doubt thier NICs or anyone you plug in unless its a higher end NIC (which pretty much means intel), aren't going to have TCP offloading either.

 

[keenan]

No experience with the VIA boards, but I have deployed pfSense on a few ALIX single board computers and been very happy with them. If you don't need GigE, anyway - they can saturate 100mbit, and only a couple watts. Cheap too.

Not sure what it's worth to you, but these NICs are less than well regarded around the pfSense forums, and I've seen many reports of early failures with Jetway motherboards there as well.

 

[westrock2000]

If your mobo has IDE, you can use a IDE adaptor for CF flash, since CF had an IDE controller built-in as per the specification. Its not overly fast, but its very small form factor, cheap, and little energy and heat and no sound. 4GB CF flash is $20.

 

[Dr.Pants]

If your mobo has IDE, you can use a IDE adaptor for CF flash, since CF had an IDE controller built-in as per the specification. Its not overly fast, but its very small form factor, cheap, and little energy and heat and no sound. 4GB CF flash is $20.

CF=Compact Flash? This might be the best news I've heard in a long time.

 

[keenan]

Yes. CompactFlash devices have an IDE interface. Just a passive adapter is required.

I would however recommend you use flash and/or an OS that's designed for this use. Running a standard OS with swap off a cheap CF flash card will burn through the write cycles fairly quickly. People report success on doing this with pfSense, but I imagine it really depends on the card and how much disk traffic the OS generates. Better safe than sorry, industrial CF isn't that expensive: http://www.memorydepot.com/ssd/listcat.asp?catid=icf4000

1GB should be sufficient for most firewall distros; pfSense fits in 512MB, though I'd suggest 1GB if you plan to take advantage of many packages.

 

[Dr.Pants]

Yes. CompactFlash devices have an IDE interface. Just a passive adapter is required.

I would however recommend you use flash and/or an OS that's designed for this use. Running a standard OS with swap off a cheap CF flash card will burn through the write cycles fairly quickly. People report success on doing this with pfSense, but I imagine it really depends on the card and how much disk traffic the OS generates. Better safe than sorry, industrial CF isn't that expensive: http://www.memorydepot.com/ssd/listcat.asp?catid=icf4000

1GB should be sufficient for most firewall distros; pfSense fits in 512MB, though I'd suggest 1GB if you plan to take advantage of many packages.

Thanks for the heads-up; oddly enough I was thinking about using pfSense on an atom-based Supermicro barebone (that has two Gb ethernet ports), so this was a pleasant surprise. I assume that there is some benefits of at least the reads from compact flash versus my, oh, old 10 GB IDE drive I was planning to shove in there.

Thanks for the link. I assume industrial CF can endure a certain multiple of write cycles more then consumer CF?

 

[keenan]

Industrial CF really just does better wear leveling, and probably better flash too. End result is that they tend to be spec'd for at least an order of magnitude more write cycles.

If you're using pfSense, the nanoBSD install can be safely run from standard flash memory and include support for quite a few packages (ones that don't do lots of disk i/o like a Squid caching proxy or something). I'd suggest this route, but if you want a full install, I've had an install running on that industrial CF for over a year now with no issues.

Also look at these too. Same flash as in the CF modules, but prepackaged in a direct plug in IDE module, a little more convenient if you're not using an embedded board with a CF slot, especially if you're trying to fit it in 1U (the adapters I've seen are usually vertical direct plug which definitely won't fit in a 1U case, while these modules can) and the price is about the same. I've got one of these out there too in a similar Supermicro server (mine predates the SM Atom boards though, it's a Celeron system).

Performance really isn't very good though. They seem to benchmark okay, but doing a pfSense install takes several times longer and the UI is noticeably less responsive. If disk i/o is important for your workload I would use a 2.5" SSD or modern HDD instead. However for a standard firewall workload they're fine.

 

[Dr.Pants]

Industrial CF really just does better wear leveling, and probably better flash too. End result is that they tend to be spec'd for at least an order of magnitude more write cycles.

That's what I was thinking. Despite anything, I was probably going to nab an extra one for backup (I assume once I get everything configured I can clone it).

If you're using pfSense, the nanoBSD install can be safely run from standard flash memory and include support for quite a few packages (ones that don't do lots of disk i/o like a Squid caching proxy or something). I'd suggest this route, but if you want a full install, I've had an install running on that industrial CF for over a year now with no issues.....

Performance really isn't very good though. They seem to benchmark okay, but doing a pfSense install takes several times longer and the UI is noticeably less responsive. If disk i/o is important for your workload I would use a 2.5" SSD or modern HDD instead. However for a standard firewall workload they're fine.

Thanks for the personal perspective, makes me feel a bit better about nabbing these since I wouldn't be the only one running a CF disc. I'm probably not going to really do a whole lot of disc i/o as far as I know (I'm just running a firewall) but I do know that, since I have a pair of 1GB SODIMMs that'll fit in the barebone, that I might be able to do any intensive i/o on a ramdisc. I'll do some more research on this, I could just be nuts (and probably won't have anything intensive going on anyways).

As for UI responsiveness and etc, I would probably say that's the controller; early SSD AFAIK had the same psuedo-problems.

Also look at these too. Same flash as in the CF modules, but prepackaged in a direct plug in IDE module, a little more convenient if you're not using an embedded board with a CF slot, especially if you're trying to fit it in 1U (the adapters I've seen are usually vertical direct plug which definitely won't fit in a 1U case, while these modules can) and the price is about the same. I've got one of these out there too in a similar Supermicro server (mine predates the SM Atom boards though, it's a Celeron system).

Oh my, I've been looking for these, I'd seen them before I couldn't find them again. Thanks a ton for the link, I owe you for it and your expertise.

 

[drgnfang]

They've got direct plugin sata now too: http://www.logicsupply.com/categories/flash_storage/sata_flash_modules