Any comments on CentOS 5 on Intel Atom CPUs?
I need to build a couple of inexpensive systems that will be used primarily as gateway/firewall systems with OpenVPN, and need recommendations in reliable hardware platforms. These will need two NICs.
Bill
Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
I need to build a couple of inexpensive systems that will be used primarily as gateway/firewall systems with OpenVPN, and need recommendations in reliable hardware platforms. These will need two NICs.
Go with Soekris, they are built for that purpose. You can even get an SSL accelerator card for them. Mine has a ~500Mhz AMD Geode CPU, 512MB ram, I added a 1GB CF card, it has 4x100Mbit NICs, it has a slot for a PCI device, I put a bracket with another serial port on there to hook to a UPS, has a USB port, and a serial port for console access, draws a tiny amount of power.
I don't consider linux a good platform for firewall or VPN devices myself, I use OpenBSD, with pf. I have an OpenVPN from my soekris box at home to my co-located server(runs Debian), have had it hooked up for almost a year now, works great. I don't need the SSL acceleration card as my commit rate at the colo is only 1Mbit, so I don't want to push a lot of traffic.
http://www.soekris.com/net5501.htm
These things are designed from the ground up to be firewall/VPN appliances(low end mind you, your not gonna be pushing gigabits of traffic through them). The CPU on mine doesn't even have a heat sink.
nate
I had some of them, too, running for years. The only problem I incurred was with a Flash memory that degraded after a while, so I would really recommend some of thoses "industrial grade" flash memories. The hardware is superb.
Peter
nate wrote:
Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
I need to build a couple of inexpensive systems that will be used primarily as gateway/firewall systems with OpenVPN, and need recommendations in reliable hardware platforms. These will need two NICs.
Go with Soekris, they are built for that purpose. You can even get an SSL accelerator card for them. Mine has a ~500Mhz AMD Geode CPU, 512MB ram, I added a 1GB CF card, it has 4x100Mbit NICs, it has a slot for a PCI device, I put a bracket with another serial port on there to hook to a UPS, has a USB port, and a serial port for console access, draws a tiny amount of power.
I don't consider linux a good platform for firewall or VPN devices myself, I use OpenBSD, with pf. I have an OpenVPN from my soekris box at home to my co-located server(runs Debian), have had it hooked up for almost a year now, works great. I don't need the SSL acceleration card as my commit rate at the colo is only 1Mbit, so I don't want to push a lot of traffic.
http://www.soekris.com/net5501.htm
These things are designed from the ground up to be firewall/VPN appliances(low end mind you, your not gonna be pushing gigabits of traffic through them). The CPU on mine doesn't even have a heat sink.
nate
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, 2009-05-25 at 16:22 +0200, Peter Hopfgartner wrote:
I had some of them, too, running for years. The only problem I incurred was with a Flash memory that degraded after a while, so I would really recommend some of thoses "industrial grade" flash memories. The hardware is superb.
Peter
nate wrote:
Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
I need to build a couple of inexpensive systems that will be used primarily as gateway/firewall systems with OpenVPN, and need recommendations in reliable hardware platforms. These will need two NICs.
Go with Soekris, they are built for that purpose. You can even get an SSL accelerator card for them. Mine has a ~500Mhz AMD Geode CPU, 512MB ram, I added a 1GB CF card, it has 4x100Mbit NICs, it has a slot for a PCI device, I put a bracket with another serial port on there to hook to a UPS, has a USB port, and a serial port for console access, draws a tiny amount of power.
I don't consider linux a good platform for firewall or VPN devices myself, I use OpenBSD, with pf. I have an OpenVPN from my soekris box at home to my co-located server(runs Debian), have had it hooked up for almost a year now, works great. I don't need the SSL acceleration card as my commit rate at the colo is only 1Mbit, so I don't want to push a lot of traffic.
http://www.soekris.com/net5501.htm
These things are designed from the ground up to be firewall/VPN appliances(low end mind you, your not gonna be pushing gigabits of traffic through them). The CPU on mine doesn't even have a heat sink.
nate
Or even a WRAP/ALIX system - http://pcengines.ch/alix.htm
WRAP's are old, but I've still got one powering my firewall/VPN device, years later(WAN/LAN and DMZ), and the ALIX is a drop in replacement, and I have one of those in a NAS.
Granted, you ain't gonna get multi GB throughput, same as soekris, but by goodness they are stable and reliable, zero moving parts, and as for ALIX/WRAP series, pretty neglible power requirements.
Also agree with Nate, I'd choose a version of BSD for a firewall/gateway device over Linux, either FreeBSD or OpenBSD.
Regards AM
On 05/23/2009 06:22 PM, Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
You will find some of the Via offerings to be more 'potent' and come with h/w random and ssl accelerator support. CentOS4 and 5 work fine out of the box on anything that has cmov ( and via stuff made in the last few years all seems to do so ).
Soekris is a waste of time these days, they had their reasons to exist and seem to have lost the plot recently.
Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
I need to build a couple of inexpensive systems that will be used primarily as gateway/firewall systems with OpenVPN, and need recommendations in reliable hardware platforms. These will need two NICs.
I haven't tried it, but I thought you could run openvpn on many of the small routers like the Linksys WRT54G that allow re-flashing with replacement firmware. They are probably more reliable than anything with a disk.
On Sat, May 23, 2009, Les Mikesell wrote:
Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
I need to build a couple of inexpensive systems that will be used primarily as gateway/firewall systems with OpenVPN, and need recommendations in reliable hardware platforms. These will need two NICs.
I haven't tried it, but I thought you could run openvpn on many of the small routers like the Linksys WRT54G that allow re-flashing with replacement firmware. They are probably more reliable than anything with a disk.
I haven't tried the WRT54Gs, but have used quite a few BEFVP41 LinkSys VPN boxes. I would not call them particularly reliable, as we have had most fail within 2 years.
I know about soekris as well, but feel far more comfortable with CentOS as that's what I work with all the time, and I like to standardize our systems as much as possible.
Bill
Hi Bill,
On 05/23/2009 08:37 PM, Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
Something I totally left out in my last email - atleast 2 people have reported success using C5 on Atom. I've looked at one of the original intel reference platform kits, and things worked pretty much out of the box.
btw, how many openvpn clients are you expecting to host per machine ?
On Sat, May 23, 2009, Karanbir Singh wrote:
Hi Bill,
On 05/23/2009 08:37 PM, Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
Something I totally left out in my last email - atleast 2 people have reported success using C5 on Atom. I've looked at one of the original intel reference platform kits, and things worked pretty much out of the box.
btw, how many openvpn clients are you expecting to host per machine ?
Not many. Probably fewer than 5 per box as they will be linking branch offices.
Bill
Karanbir Singh wrote:
Hi Bill,
On 05/23/2009 08:37 PM, Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
Something I totally left out in my last email - atleast 2 people have reported success using C5 on Atom. I've looked at one of the original intel reference platform kits, and things worked pretty much out of the box.
I have a mail server running with an atom 230 processor (intel original board), I installed it about a year ago and had to install the nic driver 8101 manually
One of our customers has around 20 kiosks with the atom 330 processors (intel original board) runs out of the box with centos 5.3
technically there are just old celeron (pentium4 based) processors with low energy consumption, so for the operating system it makes no real difference, for your electricity bill it does
Tosh wrote:
Karanbir Singh wrote:
Hi Bill,
On 05/23/2009 08:37 PM, Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
Something I totally left out in my last email - atleast 2 people have reported success using C5 on Atom. I've looked at one of the original intel reference platform kits, and things worked pretty much out of the box.
I have a mail server running with an atom 230 processor (intel original board), I installed it about a year ago and had to install the nic driver 8101 manually
One of our customers has around 20 kiosks with the atom 330 processors (intel original board) runs out of the box with centos 5.3
technically there are just old celeron (pentium4 based) processors with low energy consumption, so for the operating system it makes no real difference, for your electricity bill it does
intel atoms are not celerons..they are in order processors..the celerons are out of order superscalar processors. http://www.anandtech.com/cpuchipsets/showdoc.aspx?i=3276&p=6 read the rest of the artiucle for full details
on 5-25-2009 9:26 AM William Warren spake the following:
Tosh wrote:
Karanbir Singh wrote:
Hi Bill,
On 05/23/2009 08:37 PM, Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
Something I totally left out in my last email - atleast 2 people have reported success using C5 on Atom. I've looked at one of the original intel reference platform kits, and things worked pretty much out of the box.
I have a mail server running with an atom 230 processor (intel original board), I installed it about a year ago and had to install the nic driver 8101 manually
One of our customers has around 20 kiosks with the atom 330 processors (intel original board) runs out of the box with centos 5.3
technically there are just old celeron (pentium4 based) processors with low energy consumption, so for the operating system it makes no real difference, for your electricity bill it does
intel atoms are not celerons..they are in order processors..the celerons are out of order superscalar processors. http://www.anandtech.com/cpuchipsets/showdoc.aspx?i=3276&p=6 read the rest of the artiucle for full details
So they are pentium classics? ;-)
On Sat, 23 May 2009, Bill Campbell wrote:
On Sat, May 23, 2009, Les Mikesell wrote:
Bill Campbell wrote:
Any comments on CentOS 5 on Intel Atom CPUs?
I need to build a couple of inexpensive systems that will be used primarily as gateway/firewall systems with OpenVPN, and need recommendations in reliable hardware platforms. These will need two NICs.
I haven't tried it, but I thought you could run openvpn on many of the small routers like the Linksys WRT54G that allow re-flashing with replacement firmware. They are probably more reliable than anything with a disk.
I haven't tried the WRT54Gs, but have used quite a few BEFVP41 LinkSys VPN boxes. I would not call them particularly reliable, as we have had most fail within 2 years.
I have about 10 wrt54g's distributed at friends and family and haven't had a single failure in about 5 years time. One of them was reported to be broken and was put a few months outside as garbage when I recovered it from my nephew, reflashed and it is still working fine.
The syslinux firmware is not as good as dd-wrt (which I prefer) and openwrt. But the fact that you can replace them easily, and backup and restore the configuration makes them perfect black boxes with little maintenance required.
I have 2 spare wrt54g's that I used for updating the firmware. Keep the old one and restore the config on a new one, swap and leave the old one for a week or two that when in case of a firmware problem, you can just swap the old one again. This technique was useful once with a buggy dd-wrt release. The other wrt54g I use for conferences :)
And you can't beat the price. I don't know how well it can handle 5 parallel openvpn connections though, so you might want to look into that first.
On Sun, 24 May 2009, Dag Wieers wrote:
The syslinux firmware is not as good as dd-wrt (which I prefer) and
s/syslinux/LinkSys/
But I guess you'd figured that out before I did :)
-
Angus MacGyver -
Bill Campbell -
Dag Wieers -
Karanbir Singh -
Les Mikesell -
nate -
Peter Hopfgartner -
Scott Silva -
Tosh -
William Warren