Re: [Soekris] soekris 4801 and pfsense 2.x

2013-09-10 Thread Nikola Gyurov 
Sorry, wrong box. It's:
$ sysctl | grep deg
hw.sensors.cpu0.temp0=71.00 degC
hw.sensors.cpu1.temp0=71.00 degC
Best regards,
Nikola Gyurov


On Tue, Sep 10, 2013 at 10:03 PM, Nikola Gyurov  wrote:
> Actually, OpenBSD is slightly changing syntax over time, but the
> changes from a version to another are trivial and easy to implement.
> The bigest one I can remember was introduced in 4.7 with the changing
> of the redirection etc.
>
> As for the configuration generation on pfSense - while most of the
> things on OpenBSD just work, working with another config rarely
> happens :)
> What I meant was that he can generate his config on pfSense so he'd
> have a general idea of what does he need, then rewrite it to work on
> OpenBSD - could be tricky, but not impossible.
> A good guide to PF (if not the best) is Peter Hansteen's 'The Book of
> PF', 2nd edition --> http://nostarch.com/pf2.htm
>
> @Chris, are you actually running on 127 degC? NS (now TI) do produce
> some tough hw!
>
> These are my temp stats on the 6501-50 with two WD HDDs in the box:
> $ sysctl | grep deg
> hw.sensors.cpu0.temp0=34.00 degC
> hw.sensors.cpu1.temp0=34.00 degC
> hw.sensors.acpitz0.temp0=43.00 degC (zone temperature)
> hw.sensors.acpitz1.temp0=43.00 degC (zone temperature)
>
> Best regards,
> Nikola Gyurov
>
>
> On Tue, Sep 10, 2013 at 9:17 PM, Christopher Hilton  
> wrote:
>>
>> On Sep 10, 2013, at 1:17 PM, Nikola Gyurov  wrote:
>>
>>> Hi,
>>>
>>> If you don't reqiure custom modifications all the time, no different
>>> user access to the interface etc. you could just create the pf.conf
>>> and use it on an OpenBSD installation (this is what I use, other BSDs
>>> may be fine too). It wouldn't need as much RAM as pfSense.
>>>
>>> However, this wouldn't help with the throughput limits.
>>>
>>
>> OpenBSD may or may not be a big help here. The OpenBSD team has done a lot 
>> of work on pf since the version that's in pfsense was released. Some of the 
>> work was performances based and that may be enough to get the job done on 
>> net4801 hardware for you. More on that later. One big change was a pf.conf 
>> syntax change regarding how NAT is handled which happened with OpenBSD 4.5. 
>> If you are using NAT, I would _not_ count on a pfsense generated 
>> configuration to work in OpenBSD 4.5+
>>
>> Otherwise, the news if very good. If my research is correct the OpenBSD team 
>> has gained big performance increases in both their network stack and pf many 
>> of which aren't reflected in pfsense. According to this talk:
>>
>>  youtube.com/watch?v=VNyBAcO2pIg [20:15]
>>
>> they roughly doubled the throughput of pf and their network stack from 
>> 28Mbit / sec to 56Mbit / sec on "low end Soekris" hardware. They don't 
>> specify the hardware beyond "low end Soekris" but when they say low end I 
>> assume that they mean a 45xx or a 48xx. I myself have tested 55xx and 65xx 
>> hardware and find that you can achieve 80 ~ 90 Mbit/sec with OpenBSD on the 
>> net5501 with the standard 100Mbit/s vr interfaces. To go faster you'll need 
>> to install a good Gigabit NIC in the net5501's PCI slot. The net5501 will 
>> keep up with the traffic but in this configuration, with a dual intel em PCI 
>> NICs I get lot's of heat. If the high heat bothers you, save yourself some 
>> time and opt for the net6501 or go for a rack mount chassis and plan on 
>> adding a fan.
>>
>>  $ sysctl -a | grep deg
>>  hw.sensors.nsclpcsio0.temp0=92.00 degC (Remote)
>>  hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote)
>>  hw.sensors.nsclpcsio0.temp2=70.00 degC (Local)
>>
>> Hope this helps,
>>
>> -- Chris
>>
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] soekris 4801 and pfsense 2.x

2013-09-10 Thread Nikola Gyurov 
Actually, OpenBSD is slightly changing syntax over time, but the
changes from a version to another are trivial and easy to implement.
The bigest one I can remember was introduced in 4.7 with the changing
of the redirection etc.

As for the configuration generation on pfSense - while most of the
things on OpenBSD just work, working with another config rarely
happens :)
What I meant was that he can generate his config on pfSense so he'd
have a general idea of what does he need, then rewrite it to work on
OpenBSD - could be tricky, but not impossible.
A good guide to PF (if not the best) is Peter Hansteen's 'The Book of
PF', 2nd edition --> http://nostarch.com/pf2.htm

@Chris, are you actually running on 127 degC? NS (now TI) do produce
some tough hw!

These are my temp stats on the 6501-50 with two WD HDDs in the box:
$ sysctl | grep deg
hw.sensors.cpu0.temp0=34.00 degC
hw.sensors.cpu1.temp0=34.00 degC
hw.sensors.acpitz0.temp0=43.00 degC (zone temperature)
hw.sensors.acpitz1.temp0=43.00 degC (zone temperature)

Best regards,
Nikola Gyurov


On Tue, Sep 10, 2013 at 9:17 PM, Christopher Hilton  wrote:
>
> On Sep 10, 2013, at 1:17 PM, Nikola Gyurov  wrote:
>
>> Hi,
>>
>> If you don't reqiure custom modifications all the time, no different
>> user access to the interface etc. you could just create the pf.conf
>> and use it on an OpenBSD installation (this is what I use, other BSDs
>> may be fine too). It wouldn't need as much RAM as pfSense.
>>
>> However, this wouldn't help with the throughput limits.
>>
>
> OpenBSD may or may not be a big help here. The OpenBSD team has done a lot of 
> work on pf since the version that's in pfsense was released. Some of the work 
> was performances based and that may be enough to get the job done on net4801 
> hardware for you. More on that later. One big change was a pf.conf syntax 
> change regarding how NAT is handled which happened with OpenBSD 4.5. If you 
> are using NAT, I would _not_ count on a pfsense generated configuration to 
> work in OpenBSD 4.5+
>
> Otherwise, the news if very good. If my research is correct the OpenBSD team 
> has gained big performance increases in both their network stack and pf many 
> of which aren't reflected in pfsense. According to this talk:
>
>  youtube.com/watch?v=VNyBAcO2pIg [20:15]
>
> they roughly doubled the throughput of pf and their network stack from 28Mbit 
> / sec to 56Mbit / sec on "low end Soekris" hardware. They don't specify the 
> hardware beyond "low end Soekris" but when they say low end I assume that 
> they mean a 45xx or a 48xx. I myself have tested 55xx and 65xx hardware and 
> find that you can achieve 80 ~ 90 Mbit/sec with OpenBSD on the net5501 with 
> the standard 100Mbit/s vr interfaces. To go faster you'll need to install a 
> good Gigabit NIC in the net5501's PCI slot. The net5501 will keep up with the 
> traffic but in this configuration, with a dual intel em PCI NICs I get lot's 
> of heat. If the high heat bothers you, save yourself some time and opt for 
> the net6501 or go for a rack mount chassis and plan on adding a fan.
>
>  $ sysctl -a | grep deg
>  hw.sensors.nsclpcsio0.temp0=92.00 degC (Remote)
>  hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote)
>  hw.sensors.nsclpcsio0.temp2=70.00 degC (Local)
>
> Hope this helps,
>
> -- Chris
>
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] soekris 4801 and pfsense 2.x

2013-09-10 Thread Christopher Hilton 

On Sep 10, 2013, at 1:17 PM, Nikola Gyurov  wrote:

> Hi,
> 
> If you don't reqiure custom modifications all the time, no different
> user access to the interface etc. you could just create the pf.conf
> and use it on an OpenBSD installation (this is what I use, other BSDs
> may be fine too). It wouldn't need as much RAM as pfSense.
> 
> However, this wouldn't help with the throughput limits.
> 

OpenBSD may or may not be a big help here. The OpenBSD team has done a lot of 
work on pf since the version that's in pfsense was released. Some of the work 
was performances based and that may be enough to get the job done on net4801 
hardware for you. More on that later. One big change was a pf.conf syntax 
change regarding how NAT is handled which happened with OpenBSD 4.5. If you are 
using NAT, I would _not_ count on a pfsense generated configuration to work in 
OpenBSD 4.5+ 

Otherwise, the news if very good. If my research is correct the OpenBSD team 
has gained big performance increases in both their network stack and pf many of 
which aren't reflected in pfsense. According to this talk:

 youtube.com/watch?v=VNyBAcO2pIg [20:15] 

they roughly doubled the throughput of pf and their network stack from 28Mbit / 
sec to 56Mbit / sec on "low end Soekris" hardware. They don't specify the 
hardware beyond "low end Soekris" but when they say low end I assume that they 
mean a 45xx or a 48xx. I myself have tested 55xx and 65xx hardware and find 
that you can achieve 80 ~ 90 Mbit/sec with OpenBSD on the net5501 with the 
standard 100Mbit/s vr interfaces. To go faster you'll need to install a good 
Gigabit NIC in the net5501's PCI slot. The net5501 will keep up with the 
traffic but in this configuration, with a dual intel em PCI NICs I get lot's of 
heat. If the high heat bothers you, save yourself some time and opt for the 
net6501 or go for a rack mount chassis and plan on adding a fan.

 $ sysctl -a | grep deg
 hw.sensors.nsclpcsio0.temp0=92.00 degC (Remote)
 hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote)
 hw.sensors.nsclpcsio0.temp2=70.00 degC (Local)

Hope this helps,

-- Chris



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] soekris 4801 and pfsense 2.x

2013-09-10 Thread Nikola Gyurov 
Hi,

If you don't reqiure custom modifications all the time, no different
user access to the interface etc. you could just create the pf.conf
and use it on an OpenBSD installation (this is what I use, other BSDs
may be fine too). It wouldn't need as much RAM as pfSense.

However, this wouldn't help with the throughput limits.

Sent from my Samsung Galaxy S4 LTE

On Sep 10, 2013 1:47 PM, "chahid ouarzoun"  wrote:
>
> hi
>
> so the 4801 can be use only for monowall or small firewall ;)
>
> a+
>
>
> 2013/9/10 Eric Boudrand 
>>
>> Hi,
>>
>> > > does the soekris
>> > > 4801
>> +case_lan1621_board
>> > > will
>> > > support all this traffic ?
>> >
>> > The 4801 is very limited and realistically scales up to 4kpps
>> > to 10kpps depending on the OS.
>> >
>> > The pfsense web interface is very heavy and modern versions
>> > don't even run on boxes like the 4801 due to RAM limitations.
>> >
>> > You are better off with a 5501 or 6501 box.
>>
>> I have been using pfSense on a 5501 and a 6501 with load balancing over
>> 2 ADSL lines. It works quite good. Web access to pfsense interface is
>> quicker on 6501 device. If you have a lot of connected computer on you
>> lan, you should use a device with high CPU. It increases WAN access
>> speed.
>>
>> I had an issue with the net6501 that deals with faulty SSD drive. Use as
>> much as possible nanoBSD version and redirect syslog events to an
>> internal syslog server.
>>
>> Regards.
>>
>> Éric Boudrand
>>
>> ___
>> Soekris-tech mailing list
>> Soekris-tech@lists.soekris.com
>> http://lists.soekris.com/mailman/listinfo/soekris-tech
>
>
>
>
> --
> Chahid Ouarzoun
>
> skype: visptelco
> tel fr: +33 1 77 69 57 12
> tel ma: +212 5 24 29 18 95
> gsm ma: +212  650 47 77 79
>
> ___
> Soekris-tech mailing list
> Soekris-tech@lists.soekris.com
> http://lists.soekris.com/mailman/listinfo/soekris-tech
>
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] soekris 4801 and pfsense 2.x

2013-09-10 Thread chahid ouarzoun 
hi

so the 4801 can be use only for monowall or small firewall ;)

a+


2013/9/10 Eric Boudrand 

> Hi,
>
> > > does the soekris
> > > 4801
> +case_lan1621_board<
> http://soekris.eu/shop/net4801/net4801_48_board_and_case_lan1621_board_en.html
> >
> > > will
> > > support all this traffic ?
> >
> > The 4801 is very limited and realistically scales up to 4kpps
> > to 10kpps depending on the OS.
> >
> > The pfsense web interface is very heavy and modern versions
> > don't even run on boxes like the 4801 due to RAM limitations.
> >
> > You are better off with a 5501 or 6501 box.
>
> I have been using pfSense on a 5501 and a 6501 with load balancing over
> 2 ADSL lines. It works quite good. Web access to pfsense interface is
> quicker on 6501 device. If you have a lot of connected computer on you
> lan, you should use a device with high CPU. It increases WAN access
> speed.
>
> I had an issue with the net6501 that deals with faulty SSD drive. Use as
> much as possible nanoBSD version and redirect syslog events to an
> internal syslog server.
>
> Regards.
>
> Éric Boudrand
>
> ___
> Soekris-tech mailing list
> Soekris-tech@lists.soekris.com
> http://lists.soekris.com/mailman/listinfo/soekris-tech
>



-- 
Chahid Ouarzoun

skype: visptelco
tel fr: +33 1 77 69 57 12
tel ma: +212 5 24 29 18 95
gsm ma: +212  650 47 77 79
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] soekris 4801 and pfsense 2.x

2013-09-10 Thread Eric Boudrand 
Hi,

> > does the soekris
> > 4801
+case_lan1621_board
> > will
> > support all this traffic ?
> 
> The 4801 is very limited and realistically scales up to 4kpps
> to 10kpps depending on the OS. 
> 
> The pfsense web interface is very heavy and modern versions
> don't even run on boxes like the 4801 due to RAM limitations.
> 
> You are better off with a 5501 or 6501 box. 

I have been using pfSense on a 5501 and a 6501 with load balancing over
2 ADSL lines. It works quite good. Web access to pfsense interface is
quicker on 6501 device. If you have a lot of connected computer on you
lan, you should use a device with high CPU. It increases WAN access
speed.

I had an issue with the net6501 that deals with faulty SSD drive. Use as
much as possible nanoBSD version and redirect syslog events to an
internal syslog server.

Regards.

Éric Boudrand

___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] soekris 4801 and pfsense 2.x

2013-09-09 Thread chahid ouarzoun 
Thanks a lot for this response

regards


2013/9/9 Chris Cappuccio 

> chahid ouarzoun [chahid.ouarz...@gmail.com] wrote:
> > Hello guys,
> >
> > can some one give me benchmark or share experience with an installation
> of
> > soekris 4801 using pfsense 2.x.
> >
> > i planned use it for 30 pc and 30 ip phones + 3 wan connection using load
> > balancing.
> >
> > does the soekris
> > 4801+case_lan1621_board<
> http://soekris.eu/shop/net4801/net4801_48_board_and_case_lan1621_board_en.html
> >
> > will
> > support all this traffic ?
>
> The 4801 is very limited and realistically scales up to 4kpps
> to 10kpps depending on the OS.
>
> The pfsense web interface is very heavy and modern versions
> don't even run on boxes like the 4801 due to RAM limitations.
>
> You are better off with a 5501 or 6501 box.
>



-- 
Chahid Ouarzoun

skype: visptelco
tel fr: +33 1 77 69 57 12
tel ma: +212 5 24 29 18 95
gsm ma: +212  650 47 77 79
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] soekris 4801 and pfsense 2.x

2013-09-08 Thread Chris Cappuccio 
chahid ouarzoun [chahid.ouarz...@gmail.com] wrote:
> Hello guys,
> 
> can some one give me benchmark or share experience with an installation of
> soekris 4801 using pfsense 2.x.
> 
> i planned use it for 30 pc and 30 ip phones + 3 wan connection using load
> balancing.
> 
> does the soekris
> 4801+case_lan1621_board
> will
> support all this traffic ?

The 4801 is very limited and realistically scales up to 4kpps
to 10kpps depending on the OS. 

The pfsense web interface is very heavy and modern versions
don't even run on boxes like the 4801 due to RAM limitations.

You are better off with a 5501 or 6501 box. 
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech