A number of cheap SBCs that run limux have multiple gigabit lan ports. They all are very energy efficient, and have GPIOs and have basic connectivity options. But the rest vary a lot.
Do any stand out for good wired networking capabilities when used as a software router/switch?
I dont know much about how the various CPUs perform in that usage scenario.
Presumably they all have GPIOs and UART that can be used with a NMEA speaking device (GPS) and its one pulse per second source for accurate timekeeping?
I don't know much about the many new SBC HW platforms.
Presumably even OSs like FreeBSD might be fairly straightforward to compile on a new hardware platform.. If one had a complete Linux for it.
How many ethernet ports do you want?
If it's more than just a couple then it's hard to go past something designed specifically for the purpose, such as the $99 Mikrotik RB450Gx4 with quad core 716 MHz ARM cpu, 1 GB RAM, and 5 gigE ports. Industrial quality at close to hobbyist prices.
https://mikrotik.com/product/rb450gx4
For the MikroTik products, do take a look at the
Results tab in the product page. Typical real-world performance is somewhat less, but should give a rough idea of the capabilities.
I'm using an
RBM33G as a 4G/LTE router/firewall myself.
The MediaTek's MTK MT7622 SoCs look interesting ...
FreeBSD
On Atom, Geode, and x86-compatible SoC.
I have a Geode based HP thin client. But I would need to use a USB NIC and it only has USB2, not USB3
What do you think about firewalling performance?
The Mikrotic is designed for hat kind of application but closed source and they hav had security issues in the past, but youre right, it does look like a hell of a value and four ports is pretty good, plus the list of features in the OS is quite respectable.
Thanks, this is a good suggestion. One thats pretty hard to beat, even now with all the new SBCs out there.
How many ethernet ports do you want?
If it's more than just a couple then it's hard to go past something designed specifically for the purpose, such as the $99 Mikrotik RB450Gx4 with quad core 716 MHz ARM cpu, 1 GB RAM, and 5 gigE ports. Industrial quality at close to hobbyist prices.
https://mikrotik.com/product/rb450gx4
Four ports would be ideal. Two gigabit ports would be adequate.
https://www.amazon.com/Open-Source-Compatible-Raspberry-Quad-core-Cortex-A7/dp/B07JZ8LM6Q[/quote]
This board looks much more flexible but it is too expensive for me right now. .
Around a year ago I saw a two port Banana Pi that was super cheap, (under $30)
Now I cant find it.
Banana Pi BPI-R2 is also an option, but at only $10 less than the Mikrotik I'd go for the Mikrotik every time based on known quality and support.
If I could install some well respected firewall distro. that would be ideal. I would love to find a hardware platform that I could install any x86_64 image onto. A small energy efficient server
Actually, I just remembered I have seen a number of RPI ComputeModule4 expansion boards that have multiple -GBEs I forget their prices.
Buut I dont think super expensive.
Don't waste your time reinventing the wheel.
Just use Mikrotik.
As for "...and they hav had security issues in the past, ...." comment, by that token, nobody should use ANTHING made by Cisco EVER...
I just bought a PC Engines APU2 with 4 x Intel i211AT Gigabit Ethernet ports for that application, and they have ECC RAM as well.
The Mikrotic is designed for hat kind of application but closed source
I run OpenWRT on my
RBM33G.
RB450gx4 is fully supported by
robimarko's OpenWRT branch.
The only closed source part running is the routerboot boot loader, which I personally accept gladly, because it makes these things unbrickable (at least via normal upgrade mechanisms), and is perfectly happy booting OpenWRT. You could replace that with u-boot, but it just isn't worth it in my opinion.
I like OpenWRT, but I would recommend it only to developers and to people who both have skills and strong motivation.
I have a Geode based HP thin client. But I would need to use a USB NIC and it only has USB2, not USB3
You mentioned FreeBSD, my answer was only related to the best supported architecture
- FreeBSD on x86 is Tier class 1 -> Fully-Supported Architectures)
- FreeBSD on ARM is Tier class 2 -> Developmental and Niche Architectures
Tier class 2Tier class 2 platforms are functional, but less mature FreeBSD platforms. They are not supported by the security officer, release engineering, and port management teams.
I can highly recommend pfSense:
https://www.pfsense.org/products/Originally ran it on a PC Engines Geode with tiny compact flash, but now it's running on some firewall box which is basically a PC in a firewall-looking case. I've run it in a VM (saves on hardware), installed to clients, paid a bounty to get a feature incorporated, etc. I looked at OpenWRT but that sucks dogs in comparison, IMO.
Netgate sponsors them now (they used to be entirely commercial-free), so the site wants you to buy Netgate stuff. Ignore all that, and the pfSense Plus (unless you need that kind of support, of course). However, that product page does have a handy table of CPU power appropriate to various sustained throughputs, which might be useful in your choice of hardware.
Yes, PFSense looks like a keeper. I realoly want to have fine grained control. I really need it actually, thanks..
Originally ran it on a PC Engines Geode with tiny compact flash, but now it's running on some firewall box which is basically a PC in a firewall-looking case. I've run it in a VM (saves on hardware), installed to clients, paid a bounty to get a feature incorporated, etc. I looked at OpenWRT but that sucks dogs in comparison, IMO.
I am trying to go the other way. I have been running M0n0wall and pfSense at various times on PC hardware for but picked up a PC Engines APU2 a couple months ago to use instead.
I have been experimenting with OPNsense because it supports more of what I want to do but problems may leave me switching back to pfSense.
I have been experimenting with OPNsense because it supports more of what I want to do but problems may leave me switching back to pfSense.
What kind of problems?
I keep meaning to take a look at it (particularly since it seems many bad remarks were made by the pfSense people), but I rely on pfBlockerNG-devel quite heavily to protect my servers (email hack attempts are annoying, but also provide an unending list of IP ranges to blacklist).
I have been experimenting with OPNsense because it supports more of what I want to do but problems may leave me switching back to pfSense.
What kind of problems?
I have not been able to get DNS working properly with any configuration of DNS.
That's not a small problem!
I can highly recommend pfSense:
OPNsense is step ahead of pfSense, you'll be better off. MIT licenced too.
www.opnsense.org
It's the pfBlockerNG-devel plug-in that would give me pause for thought, possibly terminally. Pretty much essential for my setup.
OPNSense uses "unbound" as its DNS which is fairly well documented. But there are some gotchas.
If you could post any log messages. there is a small program to check your configuration's well formedness.
Also a program to fetch trust anchor file. There are a bunch of files actually to get the DNS server bootstrpped with the Internet's root DNS servers for the various TLDs and so on.
At the beginning it fetches and caches a lot of data.
I have been experimenting with OPNsense because it supports more of what I want to do but problems may leave me switching back to pfSense.
What kind of problems?
I have not been able to get DNS working properly with any configuration of DNS.
I have been experimenting with OPNsense because it supports more of what I want to do but problems may leave me switching back to pfSense.
What kind of problems?
I keep meaning to take a look at it (particularly since it seems many bad remarks were made by the pfSense people), but I rely on pfBlockerNG-devel quite heavily to protect my servers (email hack attempts are annoying, but also provide an unending list of IP ranges to blacklist).
similar to Suricata, Snort, etc, or something better?