DIY routers: Challenge to SNB

[__Miguel_]

Hello there, guys.

I'm an avid SmallNetBuilder Portuguese reader for at least three to four years, now, and I really appreciate all the things SNB has been doing over the years, from the tutorials to the reviews.

I just registered to the forums because I have one subject I'd like to be focused on by SNB (or any other user, for that matter), so I figured it would be best if I put it out there, and let you guys think about it.

For a few years now I have been finding myself drawn AWAY from consumer-grade all-in-one routers. They’re either dirt-cheap and lousy, or rather expensive and still lacking on some areas (like the dreadful NAS performance, or lack of support for printers, just to name a few), typical of most “all-in-one” products (which somehow always seem to come up very short in terms of computing performance for multitasking...). Which is why I still try to separate the Wireless Access Point from the switch and router.

Also, and I’m sure as do many of SNB’s readers, I do have “higher than the average guy” needs from my network, such as advanced firewall, NAS, VPN, VoIP, Webserver, etc.. So a dedicated machine is usually always on besides the (usually c****y) router.

So here is my challenge to SNB, since I lack the funds, time and decent Internet connections (both require c****y routers, one for TV-over-DSL, the other for the phone line connection, and one of them has SEVERE traffic shaping issues) to do it, not to mention you guys have standardized review methods: make a DIY router review, with different hardware and software choices (like a series, there is A LOT to explore there).

Some ideas that come to my mind:
- Alix vs. Geode vs. VIA vs. Atom vs. regular CPUs vs. consumer routers routing performance (number of connections, throughput), power consumption, size and cost;
- *nix vs. Windows (XP, 7, WHS) routing capabilities (number of connections, throughput, firewall efficiency and capabilities, add-ons available and usability, etc.);
- “Multitasking performance hit” (how much you lose over simple routing by adding VPNs, NAS and VoIP functions, and/or by having other servers installed, like Web, FTP or Torrent);
- How easy can it be to install, maintain and add features (for instance, Windows might need RDPing to the box to do most of the things, creating a useable site-to-site VPN, even with W2K3/W2K8, is next to impossible, and *nix is, well, *nix);
- How easy it is to make the router “network-friendly” (to have it play nice with WHS, game consoles or any services you might want to run on the network, which means UPnP might need to work);
- How do different NICs behave on the router.

Personally, I’d like to see how hard it is to build a high-performance, preferably low-power, router capable of handling 200Mbps+ speeds on the WAN port (we have those available here in Portugal, with something like 20Mbps upload speeds, so it can really pack quite a punch handling all that juice) while still having advanced firewall capabilities (SPI, proxy, AntiVirus), at least one site-to-site VPN link that works as it should (meaning you should be able to access any PC on any of the connected sites from any PC on the network), light FTP/Web server services, automatic Dynamic DNS updates, a print server, a basic NAS server (for heavy duty consumer stuff WHS is rather nice) and a single external analog line VoIP server on as small of a budget, power consumption and footprint as possible.

So, what do you say to this challenge?

Keep up the great work!

Miguel


P.S.: I debated on which forum to post this thread in. Since I'm talking about primarily a wired router, this section does seem more appropriate. But feel free to move it, if deemed best.

 

[YeOldeStonecat]

As a longtime fan of trying out various *nix firewall distros....I'd love to see this too.

But as an experienced SMB network consultant, and having quite a bit of experience in building and trying out new distros, and after spending lots of time in the various forums of these *nix distros....I can see how difficult it would be for any techsite to go and run benchmarks.

With retail "off the shelf" routers, it's manageable for a techsite to run and publish benchmarks. Generally speaking, the results are always reproducible. If Tim does testing of some "make/model" firewall...one can safely assume that people who read that article, and go out and purchase that model..will also experience the same performance and results. Save for subtle changes resulting from new firmware releases. But the hardware usually remains the same throughout the production run of that make/model. Also vendors will ship Tim samples for review....so much of the "cost" of a review is basically lots of his time, and a slightly higher electric bill.

*nix firewalls...the hardware that we install and run them on, it's...a huge list, with variables all of the place. And as I'm sure you know..the performance of the distro is greatly...greatly influenced by the specific network cards used. Especially the traffic shaping/QoS features, and other UTM features. These features lean very heavily on the network cards...and only network cards that are well supported by the distro and most importantly...are good hardware controller based cards, will perform well. Such as Intel or 3COM cards. And NICs that are more software controller based, like cheapo realteks...don't performance as well. The differences in performance can be huge...even though the processor and RAM and other hardware on the platform remains the same.

It would be a bear of a project due to so many different configurations of hardware available out there, and people would say "Well..I run it on //this// hardware platform, and it does //blah blah performance//...why did you test it on that platform? Not to mention the expense.

That said, in about a month I'm getting this dual core Atom setup for my home firewall
http://www.newegg.com/Product/Produ...32&cm_re=supermicro_1u-_-16-101-332-_-Product

 

[thiggins]

Hi Miguel,

As Stonecat notes, such a project would be a huge time sink and of interest to a relatively small audience. I know this because the reviews of off-the-shelf business-grade routers get a much smaller number of page views than those of "consumer" grade products.

Stonecat has shared his knowledge in this area once. Perhaps he might do it again when he sets up his new home firewall setup.

 

[__Miguel_]

As Stonecat notes, such a project would be a huge time sink and of interest to a relatively small audience.

I already had a (rather lengthy) reply to Stonecat ready when I noticed a new reply to the thread.

Bummer, I guess that's a no-go

Stonecat has shared his knowledge in this area once. Perhaps he might do it again when he sets up his new home firewall setup.

Better than nothing! At least we have a baseline... Please do test more than one OS, Stonecat.

OK, now a couple of tidbids from my reply, I think they still apply.

And as I'm sure you know..the performance of the distro is greatly...greatly influenced by the specific network cards used. Especially the traffic shaping/QoS features, and other UTM features. These features lean very heavily on the network cards...and only network cards that are well supported by the distro and most importantly...are good hardware controller based cards, will perform well.

Yes, I do know that. In fact, I expect that to be one of the biggest performance differentiators, not the rest of the hardware. Maybe we can have a "NIC performance shootout", instead? To see how different chips manage different workloads, even if it's not on routing duties?

Do keep in mind, though, that I was considering software-based layer 7 QoS on my post, much like what you get using cFosSpeed. That completely bypasses the NIC hardware abilities (besides, there aren't that many consumers with QoS-enabled switches...), except probably checksum offloading (which will, itself, contribute to performance differences).

Not to mention the expense.

Yes, that might be a problem. Especially since SNB has never reviewed motherboards before...

That said, in about a month I'm getting this dual core Atom setup for my home firewall
http://www.newegg.com/Product/Produ...32&cm_re=supermicro_1u-_-16-101-332-_-Product

Lucky dog!

Oh, well, it was worth a shot. Maybe you can still pick a couple of things from my original post to do articles about. There is so much data I'd like to get my eyes on about networking it's not even funny... lol

Cheers.

Miguel

 

[YeOldeStonecat]

If you export one of those 200 meg internet connections across the Atlantic to my house! And a big pot of Caldeirada Da Marisco

I have a list going on over on our SG boards with a list of distros I've been gathering....I'm sure there are more I'm not aware of.
http://forums.speedguide.net/showthread.php?t=235860

 

[__Miguel_]

Believe me, you DON'T want that 200Mbps connection. Nor any by that ISP, for that matter...

First up, you need a specific router to make it work (OEM-supplied, of course). That router is, in and of itself, a rather large PAIN, since it's an "all-in-one" router, which includes wireless N, wired (100Mbps ports only, so there is NO way you'll get 200Mbps downstream speeds on a single machine) AND POTS connections.

If that wasn't bad enough, you'd be dealing with a cable ISP (meaning shared bandwidth with your neighbors). And, to make matters even worse, that particular ISP is not only known for abusing traffic shaping but also has high downtime/problem rates AND probably the worst customer support I've come across in my whole life.

So, yeah, I think you would be better off with a 100Mbps FTTH "routerless" connection from the main competing ISP in Portugal. You plug your RJ-45 cable to the FTTH terminator and you're good to go, without traffic shaping (they do use it, but only as a "last resort", in old/saturated areas), and a passable customer support (they don't really know too much of what they're talking about, but at least they're nice and try to work with you around the problem).

And "Caldeirada de Marisco" ("de" is, in this instance, something akin to the "possessive case", so you can't use the gender-specific versions; besides, "marisco" is masculine, "da" refers to feminine nouns - and yes, I'm a little of a grammar nazi... lol)? Really? Of all the great traditional Portuguese dishes, you end up wanting caldeirada, essentially bread and water mixed with whatever supplement you choose? "Cozido à Portuguesa" would be a much better choice, IMHO, though if you're picky on what you eat, it might not be for you... lol

Cheers, and thanks for the input! You guys are nice! I wish I registered earlier!

Miguel

 

[YeOldeStonecat]

Oops..my bad...regarding the "de" instead of "da"....
The town I grew up in was mostly a local fishing village, large Portuguese population..and one of my favorites from a restaurant down there was that dish..basically seafood stew. Or the French version....Bouillabaisse

Above computers, my favorite hobby is cooking..especially hotter Caribbean varieties, such as with Jamaican Jerk spices.

 

[__Miguel_]

Mixing up "de", "da", "do" and similar terms is rather common for English-speaking people. I don't even take much notice (or rant too much about it), Portuguese has plenty of minutia that are a MAJOR pain for just about any non-native (and many natives, too... lol) to handle. Besides oriental languages, and along with Russian (and similar), Portuguese is probably one of the hardest languages to get a decent grip on...

OK, cooking "above" computers is just wrong... Especially if "spicy" is in the mix... Ts, ts, ts...

OK, I think we're steering "a little" into OT territory. What do you guys think would be feasible from the data I provided?

Cheers.

Miguel