[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Firewalling with an embedded PC?
On Mon, 2 Sep 2002, Teemu Rinta-aho wrote:
> Now, the question is, can anyone recommend me
> an embedded (single board) PC which would have an
> adequate processor and memory to run OpenBSD and
> two ethernet ports? The filesystem would probably be
> on a flash rom card.
nexcom ebc1563
soekris net4501
use high quality flash - sandisk and lexar are good.
> Does anyone have any experience installing OpenBSD
> on such hardware? I have found the Soekris Engineering
> PC, but I was just wondering if there are any good
> alternatives.
see the mail archives. i know people around here have
tossed around the names of their preferred sbc vendors,
and i know this was discussed on soekris-tech in the
"second source" thread.
see the mail archives. i know people around here have
tossed around their preferred method of squishing things
into flash, either by means of crunch, or just making a
filesystem. both misc@openbsd and soekris-tech will have
pointers. offhand i can think of such things being done
by chris cappucio, sam leffler, "s rao", picobsd, embsd,
mikrotik, thewall, bifrost, leaf, ... and of course, me.
done both. i'm hacking at a crunch-style distro for the
soekris, which with a less stingy kernel would probably
run on all flavors of the nexcom as well. the kernel is
3.0MB, which means that it would fit very nicely onto a
4MB compactflash, and leave you 1MB for persistent storage
(like ssh keys, vpn configs, /dev/urandom backups, passwd)
the soekris boxen are very cool (thermally) - i've left
mine buried under a pile of papers on my desk, blasting
packets all over the place and running 'openssl speed'
and at the end of the day, the box was only a little bit
warm. even with the hifn chip onboard, the openssl numbers
are nothing exciting. with no tuning at all, i was able to
sustain about 4MB/s bridging though the soekris, and do
ssh at about 1MB/s. proper benchmarks may follow later.
the nexcoms are much faster and much hotter. i've named
my nexcom "poptart" since it's a cute little box and the
case tends to be as hot as something fresh out of the
toaster oven. having an ibm travelstar drive in there does
not help the heat any. the nexcom machines are available
with intel nics. i don't remember offhand what the nexcom
is capable of.
"openssl speed" on the soekris
==============================================================
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 92.17k 195.28k 269.97k 298.17k 308.57k
mdc2 121.47k 139.18k 146.01k 147.03k 147.88k
md4 758.83k 2560.76k 6666.29k 10942.30k 12814.41k
md5 512.79k 1525.24k 3643.31k 5423.32k 6234.41k
hmac(md5) 311.42k 1068.33k 2895.58k 5004.23k 6233.96k
sha1 401.72k 681.55k 1551.08k 2259.46k 2595.57k
rmd160 382.53k 1003.45k 1919.83k 2516.92k 2758.98k
rc4 3892.77k 4241.32k 4343.38k 4351.93k 4300.52k
des cbc 870.93k 924.76k 946.07k 943.04k 925.70k
des ede3 341.82k 348.79k 351.17k 350.77k 348.62k
idea cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 632.50k 659.52k 664.81k 665.21k 664.55k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 1481.36k 1631.91k 1673.64k 1687.21k 1641.13k
cast cbc 1395.03k 1530.90k 1567.15k 1574.23k 1530.65k
aes-128 cbc 1126.45k 1166.92k 1176.58k 1179.99k 1146.37k
aes-192 cbc 989.70k 1024.66k 1030.36k 1039.65k 1007.72k
aes-256 cbc 886.24k 911.65k 917.50k 917.84k 901.12k
sign verify sign/s verify/s
rsa 512 bits 0.0509s 0.0058s 19.6 172.0
rsa 1024 bits 0.2955s 0.0177s 3.4 56.6
rsa 2048 bits 1.9219s 0.0606s 0.5 16.5
rsa 4096 bits 13.1953s 0.2198s 0.1 4.6
sign verify sign/s verify/s
dsa 512 bits 0.0474s 0.0589s 21.1 17.0
dsa 1024 bits 0.1583s 0.1950s 6.3 5.1
dsa 2048 bits 0.5506s 0.6870s 1.8 1.5
"openssl speed" on the nexcom
==============================================================
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 377.95k 821.90k 1162.11k 1293.06k 1339.24k
mdc2 539.32k 573.99k 585.48k 588.29k 589.48k
md4 4148.79k 13717.99k 35638.95k 58750.91k 72566.35k
md5 2945.47k 9048.18k 20735.35k 30770.25k 35768.70k
hmac(md5) 1747.70k 5923.50k 15923.72k 27644.62k 35196.74k
sha1 2630.50k 6387.48k 11564.29k 14499.29k 15666.00k
rmd160 2426.65k 6310.51k 12197.27k 15925.93k 17374.85k
rc4 17501.80k 18661.67k 18876.83k 19044.25k 19078.63k
des cbc 2603.09k 2693.38k 2710.47k 2709.39k 2718.13k
des ede3 1083.54k 1094.10k 1101.09k 1102.03k 1100.19k
idea cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 3579.22k 3726.81k 3777.85k 3788.15k 3784.11k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 7271.15k 7822.59k 7944.88k 8007.31k 8023.65k
cast cbc 5908.07k 6279.66k 6373.93k 6400.40k 6411.29k
aes-128 cbc 4724.75k 4855.47k 4879.38k 4897.67k 4889.73k
aes-192 cbc 4149.66k 4234.33k 4261.37k 4255.43k 4267.84k
aes-256 cbc 3687.62k 3744.40k 3774.62k 3769.17k 3780.32k
sign verify sign/s verify/s
rsa 512 bits 0.0062s 0.0006s 162.2 1723.0
rsa 1024 bits 0.0368s 0.0020s 27.2 499.3
rsa 2048 bits 0.2433s 0.0071s 4.1 139.9
rsa 4096 bits 1.6875s 0.0259s 0.6 38.6
sign verify sign/s verify/s
dsa 512 bits 0.0060s 0.0073s 167.4 136.4
dsa 1024 bits 0.0200s 0.0247s 49.9 40.5
dsa 2048 bits 0.0704s 0.0857s 14.2 11.7
--
Chris Kuethe, GCIA CISSP: Secure Systems Specialist - U of A CNS
office: 157 General Services Bldg. +1.780.492.8135
chris.kuethe@[pyxis.cns.]ualberta.ca
No trees were destroyed in the sending of this contaminant free message; we
do concede a significant number of electrons may have been inconvenienced.