nanog mailing list archives

Re: Low end, cool CPE.

From: Eugen Leitl <eugen () leitl org>
Date: Fri, 12 Nov 2010 10:24:47 +0100

On Thu, Nov 11, 2010 at 05:41:00PM -0800, Leo Bicknell wrote:


I've run into a number of low end CPE situations lately where I
haven't found anything that does what I want, but I have to believe
it is out there.  I'm hoping NANOG can help.


An ALIX with pfSense 2.0 (BETA4 at the moment) would fit most
of the above. IPv6 support is coming (is mostly there in the
kernel, but interface only alpha).

If you want to run the snort package I'd however pick a
Supermicro Atom system with 2 onboard NICs and add a dual-port
Intel NIC, and run pfSense from a small SSD or an USB stick.
Albeit a rackmount, the system would be quiet enough for SOHO.

There are multiple recommended hardware vendors
http://www.pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50
and also commercial support
http://www.pfsense.org/index.php?option=com_content&task=view&id=62&Itemid=73

Basically think about a sophisticated home user, or a 1-5 person
small office.  Think DSL, Cable Modem, maybe Cell Card or ISDN as
backups.  Looking for an "appliance", very much fire and forget. I
probably won't get all the features that I want, but in no particular
order:

- Able to load balance over 2 links (probably via NAT).


Check.

- IPv6 support, native or tunnel to tunnelbroker.net type thing.


Requires hacking at the moment, but is coming fast.

- Able to deal with "backup" connectivity, eg. Cell Cards which you
  only want to use if the primary is down.
- User friendly features, e.g. UPNP, NAT-PMP, etc.
- Good manageability.  ssh to a cli would be a huge bonus, at least
  the ability to backup a config.


Very well supported. http(s) and ssh both.

- Able to handle decent througput, probably 20Mbps/sec min, 50 would
  be nice.


ALIX does about 70 MBit/s, an dual-core Atom can probably handle 500 MBit/s.

_ Nice firewall features.
- IDS features are cool.

WiFi is not strictly required, but would be cool. Things like "guest"
WiFi would be an added bonus.

Something a NANOGer might want at home would be a good baseline.
I realize the exact product may differ depending on DSL/Cable/Cell/ISDN,
that's ok, let's get some various good solutions going here.

What is the state of the art, and who has it?


I run pfSense both at home (6/100 MBit/s DOCSIS 3.0 cable modem)
and in the colo (GBit Ethernet, failover cluster). Very happy.


-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/



-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Current thread:

Re: Low end, cool CPE., (continued)
- Re: Low end, cool CPE. Matthew Kaufman (Nov 11)
  - Re: Low end, cool CPE. Matthew Kaufman (Nov 11)
  - Re: Low end, cool CPE. Owen DeLong (Nov 11)
- Re: Low end, cool CPE. Adam Leff (Nov 11)
  - Re: Low end, cool CPE. Tim Jackson (Nov 11)
- Re: Low end, cool CPE. Jason Bertoch (Nov 11)
- Re: Low end, cool CPE. Michael Loftis (Nov 11)
  - Re: Low end, cool CPE. Matthew Kaufman (Nov 12)
    - Re: Low end, cool CPE. Michael Loftis (Nov 16)
- Re: Low end, cool CPE. Marco Hogewoning (Nov 12)
- Re: Low end, cool CPE. Eugen Leitl (Nov 12)
  - Re: Low end, cool CPE. Francois Menard (Nov 12)
    - Re: Low end, cool CPE. Marco Hogewoning (Nov 12)
  - Re: Low end, cool CPE. Charles N Wyble (Nov 12)
- Re: Low end, cool CPE. Bjørn Mork (Nov 12)
  - Message not available
    - Re: Low end, cool CPE. Tim Chown (Nov 12)
- RE: Low end, cool CPE. Wallace Keith (Nov 12)
- Re: Low end, cool CPE. Jason Lewis (Nov 12)
  - Re: Low end, cool CPE. Eugen Leitl (Nov 12)
    - Re: Low end, cool CPE. Joel Jaeggli (Nov 16)
- RE: Low end, cool CPE. Martin Hotze (Nov 12)