Which product is the best and/or requirements.

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
Okay to begun, me and a friend are looking into building a few of these
embedded router/gateway/firewall devices, mainly because most of the
consumer level routers don't provide us with the level of control that we
want over our routing, plus we're also doing this for fun, as a
learning/educational project.  And so far we've done excessive amount of
researching and searching for suitable products but we're not certain what
would best fit our needs/requirement for a such device so...

Anyway here's a list of minimum requirement that are strongly wanted to be
meet for the embedded device.

* It needs to be able to sustain at minimum 10 Mbps throughput from WAN to
LAN on the router with the following below features included,  however the
faster it is the better, but at minimum 10 Mbps.
 
* At minimum 2 ports, but more ports are welcomed, one port for WAN, one
port for LAN, then if a product has more than 2 port such as 3+, the 3rd
one would probably be used for DMZ, and/or separate subnet for certain
types of devices, but its not required to have more than 2 ports.

* Firewall ruleset of approximately 50 to maybe 150 rules, plus hopefully
connection tracking for helping speed up the firewall processing, in other
word, the initial packet probably will have to go though a lots of rules,
but then hopefully it'll be added into an connection tracking table and
future packet could take a shortcut though connection tracking. (Probably
Iptables or pf filter)
 
* QoS scheduling/queuing for priority traffic that require low latency
connection such as ssh, probably will have approximately 3-5 queues for
such items such as: bulk traffic (torrents/large downloads), latency
sensive traffic (Ssh, video relay, VoIP), and others, its also used to
ensure all device/computers on the network gets a fair share the network
connection, aka webpages/e-mail/etc are pirorized over bulk traffic such
as torrents.
 
* Masquerading/NAT, including a few port forwarding to a few
device/computer on the network, this will be for approximately 10+
computer and/or devices, such as WAP, console games, video relay device,
VoIP devices.
 
* DNS Masquerading, to speed up most of the most commonly used dns queries
to make the network appear faster to the users.
 
* Static DHCP IP address, based on mac address, plus a separate subnet of
dynamic assigned IP address for wireless devices on the WAP accesspoint.
 
* Low powered, preferably 25 watt or under, but if necessary to implement
all of the above features and the optional features, willing to accept up
to 50 watt or so.
 
* Most of the traffic will be mainly web browsering, e-mails, IM from
majority of the computer, but there will be one computer doing very light
to moderate torrenting, as in 5ish or so torrents running, also there will
be console games playing games online, and also there is the Video relay
and/or VoIP.


Now these features below would be nice to have, but its not mandatory, if
its not possible to do in an embedded device or low powered device, I and
my friend probably can offload most of these to an second computer on the
DMZ that is dedicated to processing those kind of stuff, aka a server.

* Hopefully implement some form of port knocking to open up a port to
allow ssh to connect to this router or/and VPN of some form, maybe IPsec,
or what so not to connect to this router, or be forwarded to an DMZ server
on the LAN.
 
* Would be nice to be able to do packet logging with it forwarding the
logs to a log server, possible a bit of packet sniffing and IDS, but that
probably would be too much for a low powered embedded processor, so maybe
forwarding those packets to an DMZ server on the LAN for IDS processing
and what so not.
 
* Want to see if its possible to break up the network into several subnet,
such as 192.168.1.* for computers, then 192.168.2.* for console games,
then other subnet for DMZ, WAP and so forth.
 
* Also it would be nice to be able to support at least one encrypted VPN
link from outside world, linking to the private LAN, or an encrypted VPN
from the wireless for more security.  If its too much for a embedded
system to handle, it could maybe unloaded to an encryption accelerator, or
an DMZ computer on the LAN that is generated/sustainable for that kind of
work.

Anyway before we decided to post on this newsgroup me and my roommate did
a lots of researching, but we can't really find any good benchmark and
what so not which will explain how much memory, how much processing power
it would take to do the above requirement/wants.  But anyway we're also
not clear on the difference on CPU speed/Archinure.  We've heard that an
AMD geode 266 MHz processor would be equivalent to 100 MHz Pentium
processor, and that an 1 GHz VIA Nehemiah would be equivalent to 400-500
MHz Pentium processor.  But were not sure how accurate these comparison
are, plus we found a few products using ARM Archinure, and MIPS Archinure
which were also not sure how they compare up to the competitions.

But anyway without additional ados here's a few products that we have been
looking at and considering.

* VIA mini-itx with one motherboard Ethernet and maybe a Ethernet card to
supply 1 or 2 more Ethernet ports.  Advange of these platform is it has
relatively strong processor and some of the later VIA CPU has encryption
accelerator inside the CPU itself.  But however they also have ton of
excess and un-needed crap on them, such as mpeg accelerator, VGA ports,
sound cards and so forth, so were not sure how much excess power draw will
be wasted on these items which we won't even use. (Approx 500 MHz to 1.5
GHz VIA processors available) - http://mini-itx.com/store /
 
* Next one we've considered is an processor based off the Intel xscale
processor which as far as we know is an ARM processor, and were not sure
how good the support are for these, but this processor we found is
approximately 533 MHz, and the board itself is attractive, but one
negative is the flash is soldered onto the board... would prefer a
solution with removable compact flash.  Also were not sure how a 500 MHz
xscale processor would stack up vs the competitions. -
http://www.adiengineering.com/php-bin/ecomm4/productDisplay.php?category_id27%&product_id79 %
 
* Another product is the soekris board, which has an 266 AMD geode
processor, and it certainly looks like an attractive board, but just how
powerful is the processor, and can it support the demands that we want to
place on it, also I've heard that hardware encryption that soekris offer
aren't that great, as in the producer of the hfin chipset has closed their
document and there is currently an pretty severe bug in the code that
probably won't get fixed due to hfin closing their document. -
http://soekris.com/net4801.htm
 
* An competitor product to the soekris board are the WRAP board, which
seems mostly similar in many forms to the soekris boards -
http://www.pcengines.ch/wrap.htm
 
* Another option we are considering is maybe an mini-itx motherboard that
supports the Pentium mobile processor, then we can stick in an ultra low
volt Pentium mobile processor, but that solution probably will consume
more power, as in 50 watt and up. -
http://www.cappuccinopc.com/default.asp
 
* Another AMD geode processor, this one at 1.4 GHz, but we're not sure how
much power it would consume and if it would be suitable for our
application -
http://www.gearxs.com/gearxs/product_info.php?cPath14%5&products_id49%00
 
* Then a firewall product based off a 400 MHz Cceleron based off i believe
the Pentium mobile Arnchiure, but we're not familiar with the company and
if they're reliable, plus how much power would it draw, but this one looks
nice also. - http://www.acrosser.com/firewall/product/1666.htm
 
* Similar to the above one - http://www.acrosser.com/products/ar-b1720.htm
 
* Then we found an embedded board using an 400 MHz MIPS 32 4Kc CPU, but
how powerful is this CPU, we don't have any clue how MIPS and ARM compare
to the other offering, so no real way to determinate how powerful this
product is - http://www.routerboard.com/rb500.html


If wanted and/or needed we can provide more products links, but anyway I
guess what we are looking for is a good guideline on minimum memory
requirement, and minimum processor speed to be able to at least do most of
the items listed in the required list, and it would also be nice to get an
idea of how much processing power would be required to do almost
everything in the above list.

Re: Which product is the best and/or requirements.

Quoted text here. Click to load it

And when you are done with this, I have some wheels that need
reinventing.

<snip>
Quoted text here. Click to load it

If this is a requirement, quit looking at all that PC crap in your
list.

My suggestion: Google "open wrt54g" You can buy them cheap at retail
and add features to your desires.


There is no "x" in my email address.

Re: Which product is the best and/or requirements.

Quoted text here. Click to load it

My advice would be the standard response(s) to "How do I optimize my
code to ..."

  a) Don't do it.
  b) Don't do it yet.

Your plan sounds ok as a "for-fun/learning/educational" project.
But selecting a hardware platform at the beginning of a project whose
specs and requirements are still ill-defined is not, in my opinion,
the correct approach to follow. Instead:

Although you did not mention it in your post, the functionality you
describe implies the availability of an operating system with rich
network functionality, like NetBSD, Linux, etc. So,

(a) Choose an operating system.

With that done, I would use a standard desktop computer to

(b) Implement a prototype first.

(c) Measure / profile memory and CPU requirements.

After that is done, you will have a much solid base to

(d) Select a hardware platform that supports the OS chosen on a), and
provides the memory and CPU performance required based on the
measurements on c)

In the time taken to go from a) to d) the choices you mention in your
post may have changed, you may find you can select faster processors,
more memory, better hardware integration, and tiny nuclear-fusion
based power supplies. ;)


Re: Which product is the best and/or requirements.
Quoted text here. Click to load it

I thought this was in comp.arch.embedded, not comp.os.linux.embedded
My bad, it is Linux then.

Re: (Replies to everyone)
I did some research and found that most consumer routers esp the higher
end netgear routers could achieve almost wire speed of 100Mbps, so I'll
revise my requirement to require almost wire speed speed of 100Mbps.

By speed like 100Mbps, what kind of traffic?

* Web-browsering – short burst of high speed transportation, probably
500Kbps to a few Mbps

* IM, constant low bandwidth stream of data, approximately i would
estimate 5-10 Kbps up/down

* Games, varying bandwidth but sort of constant up/down of approximately
10-50+ Kbps

* Video Relay, when its being used, 300-500 Kbps up/down

* Torrents, remaining bandwidth, probably 500Kbps up, and 4-5Mbps down

Multiply that by approximately 1 to 5 device to get the aggregate
bandwidth of each actives.

Video Relay, is basically similar to VoIP, but its Video over IP, we're
deaf so no use for VoIP.

And the goal here is to let bulk ftp/http/torrent consume all available
bandwidth until something/someone needs the bandwidth then QoS will scale
the bulk download back to make bandwidth available

Hopefully that details the bandwidth requirement a bit better?


Then to reply to everyone else.


Steve Calfee: It is possible to get many of these embedded products that
consumes less than 50 watt, for example the soekris board production
specification says that they consumes approximately 15 or less watt for
most configuration.  Then quite a few of the chips on there list that I
posted in my original post consumes less than 50 watt for majority of
them, mainly the low powered x86 chips, ARM, and/or MIPS chip, but i do
have few higher powered chips such as the VIA mini-itx board and
Pentium-mobile boards but those are last resort if the other lowered
powered products are not strong enough to meet our requirements.

The reason why we want to get the power consumption to be as low as is
reasonable possible is because these devices will be 24/7 on, because it
will form the backbone infrastructure of an small apartment network.  So
it would be nice to conservative as much electricity as possible.

Now, another reason why we aren't going after a commercial product is
because we like the sense of accomplishment of developing and deploying
our own home built box, me and my friend likes the amount of control that
a Linux installation or BSD installation will provide you in managing the
network, and the amount of tools that are available for these
distributions makes it extremely flexible.

Now sure we can get a linksys router and stick a Linux firmware onto it,
but we both want to build the actual hardware ourselves, and be able to
customize it to better meet our requirement if at all possible, plus it
gives us additional sense of accomplishment to say that we built the
router/gateway/firewall ourselves.




Roberto Waltman: Good point there, but if we were going to deploy for a
commercial site we would've gotten a commercial product or what so not,
but this is for an apartment with a few kids in it, and we both would love
to get the experience of managing/administrating a few part of the network
in Linux/BSD, I am currently running several Linux server/desktop machines
myself and want to extend my knowledge by building an
router/gateway/firewall for the rest of the network.

Now on the operating system, the odds is I probably will go with a Linux
operating system because that's what i am familiar with, but I'll also be
playing around with BSD to get a feeling for its ability and to see if it
can do what we want to do easier than in Linux or if i prefer their system
or what so not.

Now, for using a standard desktop to test, I'm actually at the moment in
process of setting up a Vmware image to install BSD and Linux onto which
will become the router image, where we will set things up on it and then
perform test though it to see what kind of performance requirement is
needed, but at the moment, hopefully with the specification that we posted
earlier and the more detailed bandwidth requirement above, i was hoping
you guys could help by giving a ballpark estimation of how much
memory/processing power would meet that kind of requirement.

Finally, I'm aware that BSD/Linux will run on most x86, ARM, MIPS chips,
so its not that big of a issue at the moment, but anyway.

I'm wondering if some of you guys could give a general benchmark
comparison of a few chips

400 MHz MIPS 32 4Kc
533 MHz Intel xScale (ARM) (Intel® IXP425) 266 MHz AMD Geode (x86)
(SC1100)

But anyway I'm wondering how those three chips compares up, and on say an
scale of an Pentium processor, like for example, i heard the AMD Geode was
approximately equivalent to 100-150 MHz Pentium processor.  Now the reason
why i want an approximate, is because all thing else equivalent all three
board with those three processors are excellent so its down to selecting
them based on the memory and the processor speed.

Re: (Replies to everyone)
Quoted text here. Click to load it


If you look on embedded processors like Intel XScale or Freescale
PowerQuick families you will find processors that are specifically
designed to target communication applications and thus provide
dedicated hardware ("accelerators") for communication tasks including
encryption.

Then the performance of only the CPU core does not tell you the overall
performance such a device would have in your application. Thus a
comparison to a Pentium may become difficult if not meaningless.

Some of these processors provide several ethernet interfaces (fast
ethernet or even Gigabit) and can be run under Linux. They should
enable you to create a very sophisticated embedded device.

The downside is that probably you will have difficulties to find
ready-to-run boards at reasonable costs and that you may have to deal
with issues close to the hardware.

Although these type of processors may not be the ideal platform for a
"fun-and-learning" project, I just wanted to point out that there are
other options than the PC-like processors.

By the way: The WRT54GL V1.1 uses the BCM5325 processor and has 16 MB
of RAM and 4 MB of flash. Maybe this is an indicator on the resources
required.

Regards,
Matthias


Re: (Replies to everyone)

Quoted text here. Click to load it

That's true, but its kind of hard to qualify those kind of boards, it
would be nice to have a ranking, but unfortunately its not always possible
in the computer world, and like you said, I could get a board with faster
than hell CPU, but it wouldn't be good board because of, maybe the network
processor/whatever isn't working right and slows down the whole thing, or
the memory bandwidth on that board is very restricted and so forth.

But I just wish it was easier to get overall indication of performance off
those boards, but ah well.  But I do know I'm going to be building a few
vmware image so I can perform simulation of the "average" day to day
network load to help assist me in getting to know the kind of memory
requirement and/or processor speed I will generally need, then it can
hopefully help me narrow down my selection to a few potentiality candidate
then I can perhaps e-mail the manufacture and ask them for more detailed
specification/performance information to make a better informated
decision.

And I kind of think this as a fun and challenging project, yes I do get
frustrated but in the end its worth it when you got a finished project
that works great. :-)

And that's good point about the Linksys router, doesn't require that much
processing, but I'm not sure but most of the linksys routers tend to max
out around 10-30 Mbps, but for our needs it might be adequate, and I'm
aware that it might be better choice, but we're after the challenge and
pride of being able to build our own whole router system from hardware
down to software.  But I'll keep the linksys performance and requirement
in mind.

Re: Which product is the best and/or requirements.
Quoted text here. Click to load it

# 10 Mbps bridging or routing ? You say on the router so you mean routed
throughput ?
# 10 Mbps routing just like that - that is a requirement I hope you get
easily if you want 2 (or more) 100Mbps interfaces.
# With max packetsize or with min packetsize also (small packets means
more packets per s to get the throughput - means much more powerfull CPU
needed)?
# routing what ? UDP ? or IPSECtraffic ? or ... ?

I just want to point out that that is not a clear requirement ...


btw - I believe someone referred to the WRT54G. Indeed it is a favorite
of lots - to play with. But it has several versions - be carefull.
If you think about it, first read this:
http://www.tomsnetworking.com/2006/06/08/linksys_wrt54g_v5_really_is_a_lousy_router /

Re: Which product is the best and/or requirements.
Hello,

I am looking for something similar, I stumbled upon www.embeddedarm.com
saw an add for it in linuxjournal.com :-) their boards seems reasonable,
linux supported and low power.

However I haven't been able to get any response regarding casing, or
international ac adapters or regarding RoHS / shipping to .eu.

Don't know if there is any .eu distributors or similar companies
outthere ? will check the urls in your mail thanks :)

best regards
   lars

Paul wrote:
Quoted text here. Click to load it
http://www.adiengineering.com/php-bin/ecomm4/productDisplay.php?category_id27%&product_id79 %
Quoted text here. Click to load it

Re: Which product is the best and/or requirements.
Quoted text here. Click to load it

I have the 7260.  Its a nice board with its own switching power supply
that uses very low power.  I have a full USB microdrive install of
Debian and xforward the graphical apps to my laptop.

I ordered mine over the phone and the sales guy was an engineer.  Very
helpful.

Site Timeline