[lug] Building Linux Routers versus Existing Routers

Quentin Hartman qhartman at gmail.com
Wed Nov 25 09:08:47 MST 2015 

Sometimes there is hardware accel for VPN (via encryption accel, usually
AES) but more often than not it's simply a software change to allow to
differentiate products. A great example of this sort of thing was a few
years ago there were some entry-level Canon DSLRs that could be hacked to
enable features that were supposed to only be available on models costing
twice as much. Aside from some slightly downgraded optics, it made the
cheaper cameras almost indistinguishable from the more expensive ones.
Market segmentation by software. It happens in just about every section of
the electronics industry.

QH

On Tue, Nov 24, 2015 at 6:31 PM, <stimits at comcast.net> wrote:

> I'm wondering why more expensive routers advertise VPN support? Is there
> some sort of hardware acceleration, or protocol support that cheaper
> routers don't have? Very likely OpenVPN will be going in, but I am first
> trying to build my own router to see what I can do.
>
> FYI, sorry for "top posting", my ISP web mail does not support any other
> style...I have to manually format every line to do otherwise...the larger
> the email the harder that gets. :P
>
> ----- Original Message -----
> From: Lee Woodworth <blug-mail at duboulder.com>
> To: Boulder (Colorado) Linux Users Group -- General Mailing List <
> lug at lug.boulder.co.us>
> Sent: Mon, 23 Nov 2015 09:35:49 -0000 (UTC)
> Subject: Re: [lug] Building Linux Routers versus Existing Routers
> As far as future VPN use goes, OpenVPN may be of interest.
> We use it between locations. It has been reliable and
> doesn't appear to add easily mesurable latency:
> tunnel-end-point RTT virtual net RTT
> time=26.7 ms time=27.3 ms
> time=27.0 ms time=26.7 ms
> time=26.9 ms time=26.8 ms
> time=26.8 ms time=26.8 ms
> Its pretty tolerant too. We didn't need to restart the
> OpenVPN daemons when when one end changed ISPs and went
> from a static to a DHCP assigned address.
> On 11/22/2015 06:42 PM, stimits at comcast.net wrote:
> > So far as hardware goes and power consumption, I'd probably be basing
> the router on the nVidia Jetson TK1:
> > https://developer.nvidia.com/embedded/buy/jetson-tk1-devkit
> >
> > I already have a couple of these along with mini-PCIe gigabit NIC. This
> NIC plus the integrated gigabit could probably do the job. I would rely on
> the ability for it to dish out DHCP through a gigabit switch on a single
> NIC while forwarding through the other NIC. Size is 5"x5", power normally
> uses about 5W under normal operation, 10W during average loads, and about
> 15W at peak. It does have a tiny fan, but this is rather quiet. I could
> actually get rid of the fan and add more passive heat sink for complete
> silence. It runs a full Ubuntu distribution, but if there is an ARMv7 port
> of pfSense, I could probably use that (or try to port just for the
> education).
> >
> > Or...I have an old (generation 1) pentium that still works...I used to
> use that for a bridge with firewall and snort.
> >
> > I'll take a close look at pfSense and see what I have that will work
> with it. I guess the big question is if you needed more than 2 NICs for
> anything other than data throughput and efficiency? Would you be able to do
> the same thing you do now with only 2 NICs if performance were not an issue?
> >
> > ----- Original Message -----From: Maxwell Spangler <
> maxlists at maxwellspangler.com>To: Boulder (Colorado) Linux Users Group --
> General Mailing List <lug at lug.boulder.co.us>Sent: Sun, 22 Nov 2015
> 23:46:30 -0000 (UTC)Subject: Re: [lug] Building Linux Routers versus
> Existing Routers
> >
> > On Sun, 2015-11-22 at 22:54 +0000, stimits at comcast.net wrote:
> >
> > Hi,
> > The situation is that I'm thinking about a router for a wired network
> where I want to assign addresses on an otherwise private gigabit network,
> and have the router make the outside world available by another gigabit
> network which runs on a cable modem in bridging mode.
> >
> >
> >
> > What else would I need to know about to choose between a home-brew linux
> router and a commercial router?
> >
> >
> >
> > Power consumption, Noise, and physical space are three factors you
> didn't mention.
> >
> > Using commodity parts, especially if they are donated, is the cheapest
> way to go and gives you the most control over your solution. Using an
> opensource firewall like pfSense gives you a nice GUI on top so you don't
> have to do all the management and monitoring via command line.
> >
> > I have a site where we operate two firewalls running pfSense with one
> onboard NIC and two inexpensive PCIe NICs. It's very reliable, satisfying
> and meets our needs.
> >
> > But they take up the size of 2x small-form-factor PCs, use a reasonable
> amount of power (50-100W) and produce a certain amount of noise.
> >
> > We'd prefer an embedded appliance using a low power ARM chip and 2-3
> gigabit NICs, but those appear to cost between $200-300+. So for us, like
> you, spare parts have worked out nicely.
> >
> > FWIW, It's amazing how much data old CPUs can push. When you operate old
> PCs interactively they never seem fast. Partly due to large apps and partly
> due to old video cards. But when you only have them push bits on a wire,
> they can be very satisfying. My x86 based Linux NAS pushes large files to
> me at gigabit speed using an Intel Core2 Duo E7300 chip from 2008 and it's
> got plenty of CPU to spare.
> >
> >
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20151125/467e84a3/attachment.html>

More information about the LUG mailing list