I want to filter out all the Microsoft telemetry traffic and Chinese & Russian scanning my router. I have just came across to this (pic related) on Amazon and was wondering a quad core Arm is strong enough to run things like Snort, and Linux router distribution. I don't feel like spending $200 for god only knows what's in it from Netgear or something.
Quad-Core 64-bit ARMv8 Cortex-A53 CPU with NEON and Crypto Extensions Penta-Core ARM Mali-450 MP3 GPU with OpenGL ES 2.0 @ 750MHz 2GB of DDR3-2133 SDRAM on 32-bit Bus for up to 69Gb/s Unified Memory Bandwidth Multi-Plane Multi-Format 2.5D Programmable Pipeline Display Engine with HDMI 2.0 Output 4K Ultra-HD High Dynamic Range Video Engine with Hardware Accelerated Decoder for VP9, H.265, H.264 Form Factor and GPIO Compatibility with Raspberry Pi 3 for Maximum Re-usability
I tried it with Thinkpad E560, I have to add USB 3.0 dongle ethernet (1 Gbits), but it was awfully slow compared to my $80 Netgear router (which is a crap). The average through rate for Thinkpad pfsense was around 400 mbits/s whereas I can get 950 mbits/s on $80 router.
Jace Ramirez
>One network port You'd either need a separate switch and VLANs, or a USB dongle (which is shit)
Oliver Williams
just use openwrt, you're not going to get very far in terms of performance without the hardware acceleration these router chips provide
Adam Brooks
If your goal is to just install a plain vanilla Linux distro and build your router system from scratch, then I wouldn't fuck around with anything ARM. All the RPi clones have annoying problems and limitations that you just won't face on x86 desktop hardware. Even if that desktop hardware is very cheap and low-powered stuff.
also tiny ARM boards only save you a few watts when the system is mostly idle. If you can afford to own the thing at all, the extra power an x86 system will use doing router tasks is trivial.
Adam Cooper
Use OpenBSD and make sure that thing can get gigabit ethernet
Hunter Diaz
I did this project recently and I used a MintBoxMini2, which is $300 and a preconfigured fitlet2. It's a little overkill and too expensive but I have a good job and no kids.
Something built around an APU2D4 pcengines.ch/apu2d4.htm . You'd also need to pick a case, a power adapter a usb to serial adapter so you can putty to the console.
Marvell Armada Cortex-A53 dual-core 1GB or 2GB RAM 1 SATA interface (has 12V header for connecting a 3.5-inch drive) 2 Gigabit Ethernet ports 1 Topaz Network Switch 1 USB 3.0 1 USB 2.0
>want to run snort just setup port mirroring and send same traffic to a big ass switch for all your devices and then the same traffic to 1 fucking port that has your machine that runs snort on it and read all the data. this way if that machine falls behind it doesn't make your network slower. also this is the best answer in the thread really, other than something x86 related only issue is it doesn't auto power when it loses power. get a fucking battery backup
Carson Wood
>Banana Pi
They're notorious for not working at all. Go on any embedded SoC board discussion site (e.g Armbian, CNX Software), and the comments are full of complaints about Banana Pi boards not doing a single fucking thing it has promised to do, and the manufacturer not having a single person who can write back an e-mail response in understandable English.
Wyatt Butler
>arm >overpriced meme pie garbage
Don't fall for that marketing scam OP. Buy a PC Engines APU and slap OpenBSD on that baby.
banana pi work great, I have 7 of the original ones running for the past 2-3 years 24/7 no issues at all. orange pi is the ones that are fucking garbage
Ethan Cruz
Not the guy you are answering to, but I own a BPI R2 and it is awful. The hardware would be more than acceptable, but the software is just a piece of shit - it being advertised as a "networking board" does not mean it actually works at all. The Wifi interface did not work up until recently, and AP mode leaves a lot to be desired, furthermore the only really networking-oriented software that it has support for, openwrt, uses a ramdisk as a storage solution and therefore any settings you might have set will be reset once rebooted. All the actually redeeming features come from the community's efforts to create something resembling an actually good product. All in all, I'm never buying bananapi again, but maybe other boards are better from them - did not have the possibility to try them out.
Sidenote: orange pis are fucking great if value is something you're looking for as the huge support from their government allows them to sell device's well below their BOM cost. This does not mean they're very good, but nice to have if you just want to experiment with sbcs.
Landon Fisher
yea, with banana pi, orange pi, and several others of the chinese the software is literally "good fucking luck" that's why raspberry pi stays relevant, they actually give a fuck about their software.
Joseph Sullivan
256MB is more than enough for a router
Jack Johnson
The current recommendation (RFC3439) for buffer capacity is RTT*C/sqrt(N) per link, RTT being round-trip time, C being the capacity of the link (speed, so to say) and N the number of links. This means that a gigabit connection will require around a gigabit buffer space for each s in RTT - which is easily reachable if the circumstances are worst-case. That means that 128MiB is used up by buffer space alone. The other 128MiB to run a full fledged operating system is less than ideal.
Jace Turner
the mobo sitting there looks like a dog. the chips being the eyes and nose and the usb's being the front paws.
Blake Robinson
Most of orange Pis — popular ones, at least — have Armbian build, what more do you need?
Lucas Barnes
yea, "good fucking luck" on software, someone else does it for them. And half the shit doesn't work. Where was I saying anything otherwise? Orange pi Zero isn't even usable lol
Jonathan King
My router has 50mb of ram lol
Jordan Wright
This. I ran an OpenBSD box for a year and a half off of an old QuadCore AMD system I had lying around using the built NIC, an add-on PCI express NIC (both RealTek chipsets). 7200 rpm SATA drive and 8 gigs of ram.
the box never touched more than 1 gig of ram for its running processes and I had a decently complex PF setup with several anchors in the rule set. Also ran DHCP and DNS for my house off it. Had a Mumble server for Vidya Game friends running the whole time with port forwarding, they never noticed when I swapped this router in for the DD-WRT box I had previously.
the OpenBSD man pages and FAQ are obviously preferred in terms of seeing best practices and rock bottom basics, but these 2 sites were helpful in getting me clued in on some finer points that the FAQ leaves out:
>I want to filter out all the Microsoft telemetry traffic and Chinese & Russian scanning my router good luck with SSL deep packet inspection
Henry Perez
>was wondering a quad core Arm is strong enough to run things like Snort, and Linux router distribution depends on your bandwidth. but then again this thing has probably a shitty meme usb 100mbit ethernet adapter so go on and waste your time and money