[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Re[3]: The future
 Date:  Wed, 12 Oct 2005 22:46:48 -0400
On 10/12/05, Pavel A. Grodek <m0n0wall at abletools dot com> wrote:
> Yet, Moore's law is still at work, and especially so for embedded
> devices.

Where?  The Soekris product line hasn't changed much in years, the
fastest is still 266 MHz, and 4501's still selling at 133 MHz.  Ditto
for WRAP, at 266 also.  That comprises a large portion of the existing
install base now and into probably at least the next year at the same

> On the other hand, I just can't see network speed keeping up,

there are two common situations here, one is not true, one is debatable.

1) where you have a wireless card in your box, an AP off a 3rd
interface on your box, or a second LAN or DMZ off the third interface
in the box.   If you're doing 802.11g wireless off a WRAP or Soekris
(today with an AP), you're in pretty good shape as is now.  You can
get about ~25 Mb out of a .11g AP, and a 4501 can push 17+ Mb right
now.  A WRAP or 4801 more like 40-45 Mb right now.  If you cut down
throughput in half (which we're already basically stuck with), even a
WRAP and 4801 can't handle the full bandwidth of a .11g AP or wireless
interface anymore.

2) you have just LAN and WAN, in which case, yes, I don't see common
broadband speeds increasing past the  throughput capabilities of the
266 MHz hardware any time in the near future.  The 133 MHz 4501's are
another story, 5.3 was so bad it couldn't handle my 6 Mb cable modem,
especially with things that pushed tons of packets like BitTorrent as
a prime example.  Granted none of the options on the table right now
are that slow, and any of them could handle 6 Mb through a 4501
(though some not much more than that).

> especially in the places where embedded devices handle the traffic. So
> I wouldn't be surprised if in a year or two (by the time the next m0n0
> gets stable, polished and ready for public release) OpenBSD's
> performance just won't matter anymore.

so to the thousands of existing 4501, 4801, and WRAP users, they're
just out of luck?  For what, an OS that has nearly no benefits (and
many drawbacks) over the other, faster options?  Chances are, for at
least the next 6 months to a year, the existing Soekris and WRAP lines
will continue to be the most popular m0n0wall platform.

> And, of course, hardware
> support keeps getting better across the board, so the real question is
> not what's available now but what would be available by the release
> date.

If this was a new project, sure, you could say that.  When you have
15,000+ installs, you can't ignore the existing install base's
hardware without leaving a good portion of the existing install base
feeling alienated.  Not a good thing to do.

FreeBSD 4 goes out of maintenance in January 2007, IIRC.  We could
maintain a 4.11-based release until that time for the existing
hardware, but adding another year isn't going to help since 1.2 will
likely be the stable release for the next year anyway.

Firewalls are expected to have a much longer lifetime than your
typical PC and server.  Firewalls typically don't get replaced until
they die, easily a 5+ year lifetime.  It's not unreasonable to expect
that kind of life out of the hardware either, unless there are highly
compelling reasons to upgrade.  That'd include greatly increased
throughput requirements, very compelling new features.  The same L3-4
firewalling doesn't qualify.

> It would be very interesting if someone would actually measure some
> real-world numbers for various OSes on today's top-end (!) embedded
> hardware and check out if the performance is acceptable there

One of the pfsense devs tested a WRAP and 4801 with latest Open vs.
Free 6.  I don't recall the exact numbers offhand, but 4.x can get
about 45 Mb, 6.x around 30 Mb, Open around 20 Mb, IIRC.

I have a couple 4501's, a 4801, a couple WRAP's, and some other misc
hardware and have run numerous benchmarks in the past.  I'll probably
end up doing so again soon.

The other reasons are enough to eliminate Open, especially if we want
to continue wireless support.  OpenBSD will never use Atheros binary
drivers, so will never end up with a highly reliable ath driver.

That's another good reason to avoid Open, their
political/philosophical beliefs punish the user base.  They could have
good Atheros support today, but because it isn't "free" as in open
source, their users don't get very functional ath support.  There are
other recent examples.  Many view their efforts as worthwhile and with
good intent and occasionally good results.  But me and probably 99% of
m0n0wall users couldn't give a shit less if our drivers are truly
"free" or not, as long as they work and work well.