On 2014-05-15, Waldemar Brodkorb <m...@waldemar-brodkorb.de> wrote:
> Hi OpenBSD hackers,
>
> At work we have a firewall on two Dell PowerEdge 2940 servers, with
> 10 NIC's in use, which I want to substiute in the near future.
> The second machine act as cold standby.
>
> I would like to use OpenBSD pf and carp/pfsync to make a ha firewall.
>
> I further want to use an embedded system to reduce heat and power
> consumption in our server room. What hardware would you suggest?
>
> Would a Soekris net6501-30 with two lan1841 be powerful enough to
> route and filter ip traffic for 50 clients in the LAN and 50 servers
> in the DMZ with a 300 Mbit uplink?
>
> Is there any other embedded system supported by OpenBSD with at
> least 9 gigabit ethernet network interfaces?
>
> Any octeon system available?
>
> Thanks in advance for any suggestion.
>
> best regards
> Waldemar
>
>
As a minimum I think you want the fastest of the 6501, but even then
if it works at all for this amount of traffic (which depends on traffic
mix, ruleset, what services are run on the system; vpn etc) you will
have little headroom to handle attacks with high pps (or even some
normal traffic, heavy voip etc).
Also, though I'm not quite sure how the PCIe lane speed translates to
total network throughput, the 1.0a lanes on the processor the 6501 uses
have a data rate of 250MByte/s (2Gbit/s) so it seems they would be at
2x oversubscribed if you have 4x1Gb on a lane, so I don't see trunking
as being likely to improve total throughput.
If you really need that many physical nic, a board with one of the
new avoton c2xxx soc + 6-port pcie nic would perform a lot better.
OpenBSD 5.5-current (GENERIC.MP) #126: Mon May 12 22:40:04 MDT 2014
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8562782208 (8166MB)
avail mem = 8326078464 (7940MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe7180 (51 entries)
bios0: vendor American Megatrends Inc. version "1.0b" date 11/06/2013
bios0: Supermicro A1SAi
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP FPDT SPMI MCFG WDAT UEFI APIC BDAT HPET SSDT HEST BERT
ERST EINJ
acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) EHC1(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU C2550 @ 2.40GHz, 2400.44 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU C2550 @ 2.40GHz, 2399.99 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Atom(TM) CPU C2550 @ 2.40GHz, 2399.99 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Atom(TM) CPU C2550 @ 2.40GHz, 2399.99 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEX1)
acpiprt2 at acpi0: bus 2 (BR04)
acpiprt3 at acpi0: bus 3 (PEX2)
acpiprt4 at acpi0: bus 4 (PEX3)
acpicpu0 at acpi0: C2, C1, PSS
acpicpu1 at acpi0: C2, C1, PSS
acpicpu2 at acpi0: C2, C1, PSS
acpicpu3 at acpi0: C2, C1, PSS
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2400 MHz: speeds: 2401, 2400, 2300, 2200, 2100, 2000,
1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x1f02 rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "ASPEED Technology AST1150 PCI" rev 0x03
pci2 at ppb1 bus 2
vga1 at pci2 dev 0 function 0 "ASPEED Technology AST2000" rev 0x30
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb2 at pci0 dev 2 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci3 at ppb2 bus 3
"Renesas uPD720201 xHCI" rev 0x03 at pci3 dev 0 function 0 not configured
ppb3 at pci0 dev 3 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci4 at ppb3 bus 4
pchb1 at pci0 dev 14 function 0 "Intel Atom C2000 RAS" rev 0x02
"Intel Atom C2000 RCEC" rev 0x02 at pci0 dev 15 function 0 not configured
"Intel Atom C2000 SMBus" rev 0x02 at pci0 dev 19 function 0 not configured
em0 at pci0 dev 20 function 0 "Intel I354 SGMII" rev 0x03: msi, address
00:25:90:f2:e1:c6
em1 at pci0 dev 20 function 1 "Intel I354 SGMII" rev 0x03: msi, address
00:25:90:f2:e1:c7
em2 at pci0 dev 20 function 2 "Intel I354 SGMII" rev 0x03: msi, address
00:25:90:f2:e1:c8
em3 at pci0 dev 20 function 3 "Intel I354 SGMII" rev 0x03: msi, address
00:25:90:f2:e1:c9
ehci0 at pci0 dev 22 function 0 "Intel Atom C2000 USB" rev 0x02: apic 2 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ahci0 at pci0 dev 23 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI 1.3
scsibus1 at ahci0: 32 targets
ahci1 at pci0 dev 24 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI 1.3
scsibus2 at ahci1: 32 targets
sd0 at scsibus2 targ 0 lun 0: <ATA, INTEL SSDSC2BB08, D201> SCSI3 0/direct
fixed naa.55cd2e404b5a933f
sd0: 76319MB, 512 bytes/sector, 156301488 sectors, thin
pcib0 at pci0 dev 31 function 0 "Intel Atom C2000 PCU" rev 0x02
ichiic0 at pci0 dev 31 function 3 "Intel Atom C2000 PCU SMBus" rev 0x02: apic 2
int 18
iic0 at ichiic0
iic0: addr 0x18 00=00 01=00 02=00 03=00 04=00 05=c2 06=1b 07=0a 08=00 09=00
0a=00 0b=00 0c=00 0d=00 0e=00 0f=00 words 00=007f 01=0000 02=0000 03=0000
04=0000 05=c256 06=1b09 07=0a00
iic0: addr 0x19 00=00 01=00 02=00 03=00 04=00 05=c2 06=1b 07=0a 08=00 09=00
0a=00 0b=00 0c=00 0d=00 0e=00 0f=00 words 00=007f 01=0000 02=0000 03=0000
04=0000 05=c27a 06=1b09 07=0a00
iic0: addr 0x2e 00=3d words 00=3d3d 01=0000 02=0000 03=0000 04=0000 05=0000
06=0000 07=0000
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
uhub1 at uhub0 port 1 "Intel product 0x07db" rev 2.00/0.02 addr 2
uhub2 at uhub1 port 2 "Alps Electric Hub in Apple USB Keyboard" rev 1.10/2.10
addr 3
uhidev0 at uhub2 port 1 configuration 1 interface 0 "Alps Electric Apple USB
Keyboard" rev 1.10/1.03 addr 4
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes, country code 13
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhub3 at uhub1 port 3 "vendor 0x0000 product 0x0001" rev 2.00/0.00 addr 5
uhidev1 at uhub3 port 1 configuration 1 interface 0 "ATEN International product
0x2419" rev 1.10/1.00 addr 6
uhidev1: iclass 3/1
ukbd1 at uhidev1: 8 variable keys, 6 key codes
wskbd1 at ukbd1 mux 1
wskbd1: connecting to wsdisplay0
uhidev2 at uhub3 port 1 configuration 1 interface 1 "ATEN International product
0x2419" rev 1.10/1.00 addr 6
uhidev2: iclass 3/1
ums0 at uhidev2: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (368a700b0f3fc47b.a) swap on sd0b dump on sd0b
