Re: Which product is the best and/or requirements.



Hello,

I am looking for something similar, I stumbled upon www.embeddedarm.com saw an add for it in linuxjournal.com :-) their boards seems reasonable, linux supported and low power.

However I haven't been able to get any response regarding casing, or international ac adapters or regarding RoHS / shipping to .eu.

Don't know if there is any .eu distributors or similar companies outthere ? will check the urls in your mail thanks :)

best regards
lars

Paul wrote:
Okay to begun, me and a friend are looking into building a few of these
embedded router/gateway/firewall devices, mainly because most of the
consumer level routers don't provide us with the level of control that we
want over our routing, plus we're also doing this for fun, as a
learning/educational project. And so far we've done excessive amount of
researching and searching for suitable products but we're not certain what
would best fit our needs/requirement for a such device so...

Anyway here's a list of minimum requirement that are strongly wanted to be
meet for the embedded device.

* It needs to be able to sustain at minimum 10 Mbps throughput from WAN to
LAN on the router with the following below features included, however the
faster it is the better, but at minimum 10 Mbps.
* At minimum 2 ports, but more ports are welcomed, one port for WAN, one
port for LAN, then if a product has more than 2 port such as 3+, the 3rd
one would probably be used for DMZ, and/or separate subnet for certain
types of devices, but its not required to have more than 2 ports.

* Firewall ruleset of approximately 50 to maybe 150 rules, plus hopefully
connection tracking for helping speed up the firewall processing, in other
word, the initial packet probably will have to go though a lots of rules,
but then hopefully it'll be added into an connection tracking table and
future packet could take a shortcut though connection tracking. (Probably
Iptables or pf filter)
* QoS scheduling/queuing for priority traffic that require low latency
connection such as ssh, probably will have approximately 3-5 queues for
such items such as: bulk traffic (torrents/large downloads), latency
sensive traffic (Ssh, video relay, VoIP), and others, its also used to
ensure all device/computers on the network gets a fair share the network
connection, aka webpages/e-mail/etc are pirorized over bulk traffic such
as torrents.
* Masquerading/NAT, including a few port forwarding to a few
device/computer on the network, this will be for approximately 10+
computer and/or devices, such as WAP, console games, video relay device,
VoIP devices.
* DNS Masquerading, to speed up most of the most commonly used dns queries
to make the network appear faster to the users.
* Static DHCP IP address, based on mac address, plus a separate subnet of
dynamic assigned IP address for wireless devices on the WAP accesspoint.
* Low powered, preferably 25 watt or under, but if necessary to implement
all of the above features and the optional features, willing to accept up
to 50 watt or so.
* Most of the traffic will be mainly web browsering, e-mails, IM from
majority of the computer, but there will be one computer doing very light
to moderate torrenting, as in 5ish or so torrents running, also there will
be console games playing games online, and also there is the Video relay
and/or VoIP.


Now these features below would be nice to have, but its not mandatory, if
its not possible to do in an embedded device or low powered device, I and
my friend probably can offload most of these to an second computer on the
DMZ that is dedicated to processing those kind of stuff, aka a server.

* Hopefully implement some form of port knocking to open up a port to
allow ssh to connect to this router or/and VPN of some form, maybe IPsec,
or what so not to connect to this router, or be forwarded to an DMZ server
on the LAN.
* Would be nice to be able to do packet logging with it forwarding the
logs to a log server, possible a bit of packet sniffing and IDS, but that
probably would be too much for a low powered embedded processor, so maybe
forwarding those packets to an DMZ server on the LAN for IDS processing
and what so not.
* Want to see if its possible to break up the network into several subnet,
such as 192.168.1.* for computers, then 192.168.2.* for console games,
then other subnet for DMZ, WAP and so forth.
* Also it would be nice to be able to support at least one encrypted VPN
link from outside world, linking to the private LAN, or an encrypted VPN
from the wireless for more security. If its too much for a embedded
system to handle, it could maybe unloaded to an encryption accelerator, or
an DMZ computer on the LAN that is generated/sustainable for that kind of
work.

Anyway before we decided to post on this newsgroup me and my roommate did
a lots of researching, but we can't really find any good benchmark and
what so not which will explain how much memory, how much processing power
it would take to do the above requirement/wants. But anyway we're also
not clear on the difference on CPU speed/Archinure. We've heard that an
AMD geode 266 MHz processor would be equivalent to 100 MHz Pentium
processor, and that an 1 GHz VIA Nehemiah would be equivalent to 400-500
MHz Pentium processor. But were not sure how accurate these comparison
are, plus we found a few products using ARM Archinure, and MIPS Archinure
which were also not sure how they compare up to the competitions.

But anyway without additional ados here's a few products that we have been
looking at and considering.

* VIA mini-itx with one motherboard Ethernet and maybe a Ethernet card to
supply 1 or 2 more Ethernet ports. Advange of these platform is it has
relatively strong processor and some of the later VIA CPU has encryption
accelerator inside the CPU itself. But however they also have ton of
excess and un-needed crap on them, such as mpeg accelerator, VGA ports,
sound cards and so forth, so were not sure how much excess power draw will
be wasted on these items which we won't even use. (Approx 500 MHz to 1.5
GHz VIA processors available) - http://mini-itx.com/store/
* Next one we've considered is an processor based off the Intel xscale
processor which as far as we know is an ARM processor, and were not sure
how good the support are for these, but this processor we found is
approximately 533 MHz, and the board itself is attractive, but one
negative is the flash is soldered onto the board... would prefer a
solution with removable compact flash. Also were not sure how a 500 MHz
xscale processor would stack up vs the competitions. -
http://www.adiengineering.com/php-bin/ecomm4/productDisplay.php?category_id=27&product_id=79
* Another product is the soekris board, which has an 266 AMD geode
processor, and it certainly looks like an attractive board, but just how
powerful is the processor, and can it support the demands that we want to
place on it, also I've heard that hardware encryption that soekris offer
aren't that great, as in the producer of the hfin chipset has closed their
document and there is currently an pretty severe bug in the code that
probably won't get fixed due to hfin closing their document. -
http://soekris.com/net4801.htm
* An competitor product to the soekris board are the WRAP board, which
seems mostly similar in many forms to the soekris boards -
http://www.pcengines.ch/wrap.htm
* Another option we are considering is maybe an mini-itx motherboard that
supports the Pentium mobile processor, then we can stick in an ultra low
volt Pentium mobile processor, but that solution probably will consume
more power, as in 50 watt and up. -
http://www.cappuccinopc.com/default.asp
* Another AMD geode processor, this one at 1.4 GHz, but we're not sure how
much power it would consume and if it would be suitable for our
application -
http://www.gearxs.com/gearxs/product_info.php?cPath=145&products_id=4900
* Then a firewall product based off a 400 MHz Cceleron based off i believe
the Pentium mobile Arnchiure, but we're not familiar with the company and
if they're reliable, plus how much power would it draw, but this one looks
nice also. - http://www.acrosser.com/firewall/product/1666.htm
* Similar to the above one - http://www.acrosser.com/products/ar-b1720.htm
* Then we found an embedded board using an 400 MHz MIPS 32 4Kc CPU, but
how powerful is this CPU, we don't have any clue how MIPS and ARM compare
to the other offering, so no real way to determinate how powerful this
product is - http://www.routerboard.com/rb500.html


If wanted and/or needed we can provide more products links, but anyway I
guess what we are looking for is a good guideline on minimum memory
requirement, and minimum processor speed to be able to at least do most of
the items listed in the required list, and it would also be nice to get an
idea of how much processing power would be required to do almost
everything in the above list.
.