What's new

OpenSNB Core - a general discussion

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sfx2000

Part of the Furniture
There's been a couple of threads about open and free platforms, but mostly based in the past...

Since the SNB community basically wraps around a few basic discussions, and platforms from the OEM/ODM space, and most of the issues - capabilities, security, sustainability over a product lifecycle, etc...

I'm proposing that we define the OpenSNB core platform - a basic hardware/software architecture design that can be expanded into platform specific roles. It's at a high-level, to avoid vendor specifics, but generally defines how a home GW/Router/AP/NAS could be designed with a target of recognizing old issues, and building a platform that is suited to today's needs, and tomorrow's requirements.

Tim has hosted this site, and we have many great engineers, developers, and enthusiasts, and I think we would be successful at a platform definition document.. if there is a way we can pay it back to SNB, this is one great way to do it...

sfx

my background - I've done this before, in the corp space, with customer reqs captured into a design document, and had a strong hand in delivering products meeting those requirements.
 
I'm seeing this as a lego kit so to speak...

1) ARMv7/i686 as a minimum in 32-bit land, with strong emphasis on 64 bit - ARMv8/X86_64

2) Base is 512MB RAM/8GB NAND (eMMC for example)

3) SW baseline - Debian 8 (Jessie) or NetBSD for the GPL adverse as an example - these are platforms that have long history, and sustainable across multiple releases.

4) Internal connectivity fabric is PCI-e/DMA/RG-MII outside of the CPU core - I prefer PCI-e as this gives us more flexibility and bandwidth as we go into 10GigE

5) Services shall have privilege separation, apps shall be either containerized, or within CHROOT jails - updates shall be sustainable without major service interruption.

just to kick things off...
 
SFX: What's the goal of this spec? Kickstarter project?
 
SFX: What's the goal of this spec? Kickstarter project?

I hadn't really considered that - more of a reference document for HW/SW and how one would go about things - if it were to go to something down that path, the Project name would have to be changed as to not trade on the good name of SNB...
 
You can leave the name for now. See how participation goes.

I've done lots of project proposals, too. I suggest starting at a higher level of abstraction and state the project goals. The EFF spec Merlin linked is a good example.
 
Right now, it's throwing a strawman out to gauge interest - it really started with a discussion on another thread with regards to current state of security, and the challenges to do it "right"....
 
I would like to see router's sticking to standard OS utilities for networking and source code instead of developing translational and custom software to do the same job. I admit they have advantages but then other source code has to be continually customized to work with them.

Ex:
ubus
procd
firewall3

It would be good if the standard file structures of the base OS could be retain and that monolithic core operation binaries (DD-WRT I think is like this) can be avoided.
 
Seems like OpenWRT and OpenElec already cover the embedded space pretty well. Not sure what another contender would add.

There's not a whole lot to it. Myself I'm planning a Xen VM running CentOS 7.1 Minimal 64bit with Shorewall as firewall and to masquerade between the wifi interface/LAN and WAN. This will run on my main server machine. I also plan some kind of IDS like Suricata and Snorby, ELSA and Squert.
 
Well - OpenSNB is welcome to things like ShoreWall - ShoreWall isn't that much different that UFW, it's a front-end for iptables..

openWRT is the main reason behind the thoughts for OpenSNB as a concept - WRT has hit a dead end from a security and scalability perspective...

sfx
 
Seems like OpenWRT and OpenElec already cover the embedded space pretty well. Not sure what another contender would add.

There's not a whole lot to it. Myself I'm planning a Xen VM running CentOS 7.1 Minimal 64bit with Shorewall as firewall and to masquerade between the wifi interface/LAN and WAN. This will run on my main server machine. I also plan some kind of IDS like Suricata and Snorby, ELSA and Squert.

I welcome you to share thoughts and concerns, and if you have some ideas on where this can go, please share... be constructive and positive, it's not that something is bad, it's that something is better...
 
Well, I have shared my thoughts, above. That's how I'm doing it, FWIW. I'd rather have a Xen VM than another piece of hardware, myself.
 
Just to follow up - Quantum` has some good ideas, we differ perhaps on some aspects, but generally he's on a good path - he's deleted a few posts that would be helpful, the main value being links for the PCI-e expansion card, along with some candidate Mini-PCIe cards - I'll add these below:

Routerboard RB14e - http://routerboard.com/RB14e

However, this one also looks interesting for the USB breakouts and 3G/4G WAN card support

Routerboard RB14eU - http://routerboard.com/RB14eU

As for WiFI radios - Doodle Laps -

http://www.doodlelabs.com/products/wi-fi-band-radio-transceivers/

Good news with those devices is that they have reasonable support - at least for the atheros based devices, for HostAPD

Just wanted to capture this info, as he's done a fair amount of research - while at the same time rage-quitting because some folks may offer advice that is not aligned with his perspective...
 
Quantum` proposed running Centos 7.1 with Xen - I'm assuming that the Centos would also be dom0, with Shorewall running his firewall - there were a couple of other applications in his posted (since deleted), which that could all work... since he's climbed the learning curve of Xen, and already has a standing install, it's a perfectly valid approach...

Alternately, one could do similar with Centos/Debian8 with KVM perhaps, and get similar results... likewise, one could run FreeBSD with Jails, and drop in OpnSense (pfSense fork) and FreeNAS, with perhaps FreeRadius for auth and OpenLDAP for directory services... Or run OpnSense and FreeNAS as Xen guests, runnning OpenLDAP/FreeRadius on dom0

There's many ways to skit the cat here...

And then for a HW base - perhaps something like the Asrock Rack G2750D4I - specs below;

  1. Intel Avoton C2750 Octa-Core Processor
  2. DDR3 1600/1333 Dual-channel Max. 64GB UDIMM
  3. 2 SATA3 6.0Gbps, 4 SATA2 3.0Gbps by C2750
  4. 4 x SATA3 6.0 Gb/s by Marvell SE9230, 2 x SATA3 6.0 Gb/s by Marvell SE9172
  5. Dual Intel i210 Gigabit LAN ports (with Teaming function)
  6. 3 x USB 2.0 ports (2 rear ports + 1 via headers or 1 rear ports + 2 via headers controlled by USB_SEL1 and USB_SEL2 jumper)
  7. 1 x PCI-E x8 slot

So one could put this into a Small ATX chassis, like the Silverstone DS380 (if one wanted to do a NAS build), or any small mini-ITX chassis...
 
this does sound like fun, are you proposing of making your own hardware or firmware?

Tilera also sells development platforms if you're interested in the higher end or really high performance. PCIe x8 or x16, option for multiple CPUs (they sell up to 288 combined cores) 1RU form factor. They also have an SDK and compiler and you will need to make the firmware/OS. Their PCIe boards and rackmounts also have the capability to change the RAM. Facebook does use them for firewalls and webservers to compliment their x86 servers and handle lots more traffic.

Im hoping to see an upgradeable router in a sense of RAM, PCIe ports, storage and CPU if possible.
 
Last edited:
Quantum` proposed running Centos 7.1 with Xen - I'm assuming that the Centos would also be dom0, with Shorewall running his firewall - there were a couple of other applications in his posted (since deleted), which that could all work... since he's climbed the learning curve of Xen, and already has a standing install, it's a perfectly valid approach...

Alternately, one could do similar with Centos/Debian8 with KVM perhaps, and get similar results... likewise, one could run FreeBSD with Jails, and drop in OpnSense (pfSense fork) and FreeNAS, with perhaps FreeRadius for auth and OpenLDAP for directory services... Or run OpnSense and FreeNAS as Xen guests, runnning OpenLDAP/FreeRadius on dom0

There's many ways to skit the cat here...

And then for a HW base - perhaps something like the Asrock Rack G2750D4I - specs below;

  1. Intel Avoton C2750 Octa-Core Processor
  2. DDR3 1600/1333 Dual-channel Max. 64GB UDIMM
  3. 2 SATA3 6.0Gbps, 4 SATA2 3.0Gbps by C2750
  4. 4 x SATA3 6.0 Gb/s by Marvell SE9230, 2 x SATA3 6.0 Gb/s by Marvell SE9172
  5. Dual Intel i210 Gigabit LAN ports (with Teaming function)
  6. 3 x USB 2.0 ports (2 rear ports + 1 via headers or 1 rear ports + 2 via headers controlled by USB_SEL1 and USB_SEL2 jumper)
  7. 1 x PCI-E x8 slot

So one could put this into a Small ATX chassis, like the Silverstone DS380 (if one wanted to do a NAS build), or any small mini-ITX chassis...
Interesting choice of hardware (I like it) but isn't it a little overkill for a router? This look like an expensive platform. With this hardware why not just run a good Linux Server distro . Users can install and configure whatever they like.

This reminds me of the old days when a Compact low profile case running Red Hat with one Ethernet port and one Lucent wireless adapter was sold as a first generation wireless router ;)
 
one thing none of you have looked at is using the IGP of intel/AMD to perform routing. This has been done before using 2 discrete nvidia GTX 480 to achieve 100Gb/s of routing capacity. It was done using CUDA and modifying the linux network stack to be more efficient. The report is easily searchable on google and you could achieve the same thing using openCL using the IGPs as an accelerator. The intel IGP actually performs well in compute. Overclocking options would also help a lot.

Some GPUs can communicate with other devices directly such as the NIC without going through the CPU.
 
Interesting choice of hardware (I like it) but isn't it a little overkill for a router? This look like an expensive platform. With this hardware why not just run a good Linux Server distro . Users can install and configure whatever they like.

This reminds me of the old days when a Compact low profile case running Red Hat with one Ethernet port and one Lucent wireless adapter was sold as a first generation wireless router ;)

We ran an entire lab on a monowall with a 486 PC... and that was over 100 PC's running automation scripts and logging for a Wimax base station load tester...

So yes, I agree, this is something on the higher end of the proposed spec... and perhaps better with dedicated AP's, rather than put the wireless into the box, so perhaps either a small managed or unmanaged switch on the LAN side...

And depending on needs - run Centos/Debian on DOM0 on one disk, with PFSense in one domain, dedicate a second domain for Apps (Samba, Radius, OpenLDAP, perhaps some kind of media server along with OpenVPN/L2TP/PPTP for VPN services), and the rest of the disks as a storage array...

Xen would be one way, the other would be to run PFSense and then jail out the rest of the servers - again, lots of ways to skin the cat here...

The main thing here - running a full featured OS rather than an embedded linux variant... and security updates/bug fixes/feature additions would be much less painful than what was has right now with embedded linux variants where it's mostly an image drop rather than just fix/add the component that needs fixing..

Some people would take exception to running Firewall/Routing on the same physical box with other servers from a security perspective... and I would agree with those comments... but this is no different than what we have now on the higher end SOHO AP/Routers such as the Asus RT-66 (and above), Linksys WRT/EA series, or the Netgear/DLInk similar models...

Most of the security issues with a layout like this need to be sorted on the design side before building it out, and then verified in a sandbox before rolling into production...

So eth0 would be the WAN port, all internal networking for the apps would be via Open vSwitch, and the hardware eth1 port would be the LAN facing side..

On the lower end, with some selective feature reduction, and perhaps getting closer to the HW instead of running PFSense, one could do this on a Rasp PI 2 board - FreeBSD is supported there as well...

(BTW - pretty easy to make Rasp PI/PI2 into an Access Point, it's a five minute job with the right parts)

sfx
 
one thing none of you have looked at is using the IGP of intel/AMD to perform routing. This has been done before using 2 discrete nvidia GTX 480 to achieve 100Gb/s of routing capacity. It was done using CUDA and modifying the linux network stack to be more efficient. The report is easily searchable on google and you could achieve the same thing using openCL using the IGPs as an accelerator. The intel IGP actually performs well in compute. Overclocking options would also help a lot.

Some GPUs can communicate with other devices directly such as the NIC without going through the CPU.

Interesting... while perhaps not directly related, do you have a link to this?

I'm just worried we could take this thread down a black hole, so feel free to PM it to me...
 
Would the Silverstone case imped wireless signal? Would it need modification to add external antennas?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top