On Thu, Nov 14, 2013 at 12:32:24AM -0800, Chris Schafer wrote: > I have friend who used a lot of those boxes running pfense and had lots or > performance problems with any applications that required encryption or > decryption. Also had a high failure rate. Which wouldn't have been a > problem except they would fail in interesting ways. Several couldn't push > 10Mbe on one of their interfaces. Wasn't a configuration because identical > models running identical code was fine. Makes you look really bad when it > really is not the cable companies fault that you can't push a solid 3 Mbe > link.
I run two Alixes (Ali?) as firewalls at two sites, both running a stripped-down version of the CentOS 5 distro, and connected to each other, my outside servers, and road warriors with OpenVPN. I have not seen the failures Chris talks about, though I keep a third ALIX ready as a spare, just in case. I don't really know about performance. They move unencrypted bits through the FIOS link just fine (15Mbps upload, 5Mbps download, as advertised), and rsync backups over the VPN from a server in California are just a little slower. The AMD Geode that drives these machines has an encryption engine that OpenVPN is not currently using. Perhaps that can help with speed, if someone tells me how to engage it. Also, in both cases I shove all the logging bits (unencrypted) to local servers, so I do few writes to the compact flash card I use as main storage. If I did more local read/writes, I imagine the ALIX would be a lot slower and less reliable. I am using "x133" CF cards. 8GB cards are $10 from Newegg, and I only use about 1.2GB of that. Are faster cards worth it? While I do not need Yet Another Spare, it would be good to prove the usability of these machines, so that more local users would have them, and more people could teach me to do it right. So if anyone can suggest some easy measurements, or do them in their own lab, perhaps we can demonstrate the quality and speed of these little machines, either to convince others to join us, or to find a better alternative. Either way, we should use what PTP uses, and leverage from their experience. If I upgrade from an Alix, I would like something small, X86, solid state, low power (4 watts or less), and inexpensive. I don't know of anything better in that class. Keith -- Keith Lofstrom [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
