I haven't surveyed the field lately to see whether any of the wealth of low cost single board computers we've seen released in the last year or two are well suited for use as a router.
This would mean: -at least two Ethernet ports, if not also an integrated switch (w/VLAN support). -enough CPU and RAM to comfortably handle a firewall with 50+ Mbps throughput, a web admin UI, and run intrusion detection probes. (Consumer router hardware falls short on the last item.) -compatibility with *BSD, which seems to be a preferred platform for firewalls. (Again, something the consumer routers won't do.) -it does not need to easily facilitate wireless. A separate access point (or repurposed consumer router) can provide that. A few years ago you could find hardware that did this (like pcengines.ch or ubnt.com), but after case and power supply, costs were near $150, and that was without wireless and the performance wasn't much better than an ASUS RT-N16 consumer router. Just a bit more RAM and *BSD compatibility. Plus, the available software was not very turn-key. Taking another look at those traditional suppliers, it seems prices may have come down some. Ubiquiti Networks will be releasing in June an "EdgeRouter Lite" with case and power supply for $100: http://www.microcom.us/erlite3.html http://www.ubnt.com/edgemax But it still uses a 500 MHz MIPS64 CPU (although dual-core, and supposedly with hardware acceleration for packet processing), which is not all that different from products from a few years back, and still only has 512 MB of RAM. It seems like all the high performance ARM boards we've seen come onto the market with 1+ GHz CPUs and upwards of 1 GB RAM should give these older designs a run for their money. More importantly, if the ARM boards are ubiquitous, chances are good that sizable communities will form around supporting a wide range of open source software that will run on them. The size of the community is quite important when it comes to open source and security. What motivates my interest in non-consumer hardware is the waning confidence I have in existing open source firmware for consumer routers. The nature of their communities does not seem well poised to deal with security (nor does it seem to be of much concern to the users). Projects like Tomato, which started out with lots of promise, have forked into 3 or 4 branches, with each branch having essentially a single developer running the show. Not only are you then dependent on that one developer for future features, you're also dependent on them for security fixes. It seems like too much for one person. Compare that to Debian, where they have a big enough community that there is a whole team that just deals with security issues. (More often than not, security fixes in Ubuntu are simply patches passed through from the Debian security team.) (Then add to that the inability to properly implement intrusion detection, without adding additional hardware, as a backup for bugs in the security design.) In that light, the dressed up Debian version Ubiquiti Networks is bundling with their hardware actually sounds quite appealing. A foundation of a distribution with a good security reputation, a turn-key GUI layered on-top to get you setup quickly, and full command line access to do more advanced things, like install intrusion detection probes. How effective this is will largely come down to how good a job Ubiquiti Networks does at passing on the security fixes from Debian. Will that be sustainable, if you only pay them $100 every 3 to 5 years? (I don't know what their past reputation is like.) Is *BSD worth the additional effort? Has it been objectively proven to be more secure? Does simply having a TCP/IP stack that is in the minority put you in slightly better position to avoid a zero-day attack against the kernel? (Is there a router-oriented distribution built on *BSD with a web GUI?) -Tom _______________________________________________ Hardwarehacking mailing list Hardwarehacking@blu.org http://lists.blu.org/mailman/listinfo/hardwarehacking
