Netgate SG-1000 microFirewall

Author Topic: ESPRESSOBin  (Read 4665 times)

0 Members and 3 Guests are viewing this topic.

Online jwt

  • Administrator
  • Sr. Member
  • *****
  • Posts: 369
  • Karma: +104/-34
    • View Profile
Re: ESPRESSOBin
« Reply #15 on: January 17, 2018, 04:10:23 pm »
You could check with FreeBSD, once that's in working order we can do pfSense  ;D

In this case, we were ahead of FreeBSD.



Offline johnkeates

  • Hero Member
  • *****
  • Posts: 840
  • Karma: +60/-1
    • View Profile
Re: ESPRESSOBin
« Reply #16 on: January 17, 2018, 06:08:38 pm »
I guess that makes pfSense pretty cool eh ;-)

Offline Rockford

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: ESPRESSOBin
« Reply #17 on: January 19, 2018, 11:22:47 am »
I guess that makes pfSense pretty cool eh ;-)

No, sorry, I have to disagree.

This makes pfSense EXTREMELY AWESOME! :)

Well done guys!

(I hope this will help getting pfSense on the MacchiatoBIN as well; and perhaps ClearFog Pro - but I'll be going for the MacchiatoBIN myself).

I'll get myself an EspressoBIN, perhaps two.
I will likely get this USB3 Gbit Ethernet (it's working with Armbian) - in order to ...
  • Fix the bridged LAN-WAN (yes, this can be corrected by uboot).
  • Keep the LAN speed at maximum (link-aggregation via the Topaz switch).

Note: The captcha says:
"V1 UNSUPPORTED
Please direct siteowner to g.co/recaptcha/upgrade"
« Last Edit: January 25, 2018, 11:08:43 pm by Rockford »

Online jwt

  • Administrator
  • Sr. Member
  • *****
  • Posts: 369
  • Karma: +104/-34
    • View Profile
Re: ESPRESSOBin
« Reply #18 on: January 19, 2018, 11:49:18 am »
espresso.bin needs a custom u-boot to run pfSense anyway.

machiatto.bin is a different thing altogether, and is a target platform for our next-gen product “TNSR”.

PfSense for the SG-3100 was initially developed on a Solid-Run ClearFog.
« Last Edit: January 19, 2018, 11:52:34 am by jwt »

Online jwt

  • Administrator
  • Sr. Member
  • *****
  • Posts: 369
  • Karma: +104/-34
    • View Profile
Re: ESPRESSOBin
« Reply #19 on: January 19, 2018, 12:53:12 pm »

Note: The captcha says:
"V1 UNSUPPORTED
Please direct siteowner to g.co/recaptcha/upgrade"

I'm told this should be fixed now.  Thanks for reporting.

Offline cohomology

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: ESPRESSOBin
« Reply #20 on: January 21, 2018, 09:14:59 pm »
looks interesting! how does it perform? is it ready for production?

You could check with FreeBSD, once that's in working order we can do pfSense  ;D

In this case, we were ahead of FreeBSD.


Edit: Removed quoted giant image.
« Last Edit: February 15, 2018, 05:42:53 pm by stephenw10 »

Offline Rockford

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: ESPRESSOBin
« Reply #21 on: February 11, 2018, 06:43:14 pm »
"V1 UNSUPPORTED"

I'm told this should be fixed now.  Thanks for reporting.

Thanks for fixing this. :)

I have one request for pfSense on EspressoBIN:
I'd very much like support for an external Gbit Ethernet via USB3.0 - like the Ugreen one mentioned earlier.
The reason I mentioned Ugreen's is that ...
  • It works with Armbian (as proof-of-concept; the driver sources can thus be used for reference)
  • It's not extremely expensive
  • There are variants that include a USB3.0 hub, thus might allow increasing the speed by adding a few extra ports.

Though I've been looking very much at the hardware schematic and hoped that the CPU was connected to the Topaz switch via the 2.5Gbit SerDes interface, this might not be the case.
People are reporting maximum throughput of 1Gbit/sec (some less, depending on what O/S they're running), but noone reports anything exceeding 1.4Gbit (I suspect that this number is a misunderstanding anyway).
If the CPU and Topaz are indeed interconnected via the SerDes, then there must be some hardware register that allows to switch the SerDes to 2.5Gbit/sec instead of using 1Gbit/sec.
Some people say that the Topaz switch is causing the slowdown (I don't know exactly what they mean, because I'm pretty sure it would speed up data sent from LAN-to-LAN).

My plans were initially to use the Gbit Ethernet connected via USB3 for WAN and then the 3 ports on the switch for LAN.
However, that might not be a good idea if the total throughput on the switch is limited to 1Gbit (then there's no idea in connecting the extra ports to the switch, except for 'redundancy' - but cables usually don't break if you leave them alone).

Instead, I think it would make more sense to connect several Gbit Ethernet ports via USB3 (the first one could be a USB3-hub + GbE, the next two (or 3) could be the cheaper adapters without USB3-hub.
If that would work, then those ports would be connected to my switch as LAN and the ports on the Topaz would be connected to WAN.
That'd separate WAN from LAN physically plus give the fastest downlink speed, allowing me to take advantage of a Gbit internet connection if/when an upgrade becomes available.
Regardless, the LAN speed is what's important (in my case and most other cases).

I currently know of no recommendable Mini-PCIe GbE cards. I've seen a few, though, but I have no confirmation that they will work with the EspressoBIN. I've seen two models; one single-port and one dual-port card. One is a very tiny card (too tiny for mounting on the EspressoBIN), the other is the size that can be tightened with screws to the EspressoBIN board.

I'll be happy to try out pfSense on the EspressoBIN. I have two 2GB versions arriving one of the next couple of days. :)
-I'll also get one of those Ugreen GbE adapters with built-in USB3 hub; if I can get that to work with Armbian, I'll order a few of the simpler ones too. (I'm told that Armbian gets confused if using more than 3 devices on the USB ports, but I believe that USB3 would be close to saturated with a total of 3 GbE interfaces anyway).

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 840
  • Karma: +60/-1
    • View Profile
Re: ESPRESSOBin
« Reply #22 on: February 11, 2018, 06:55:52 pm »
The problem with USB is that it's not an interface suitable for advanced network traffic. While it might be enough for basic home or prosumer usage, it's even worse than Realtek PCIe interfaces.

Offline VAMike

  • Sr. Member
  • ****
  • Posts: 429
  • Karma: +65/-11
    • View Profile
Re: ESPRESSOBin
« Reply #23 on: February 12, 2018, 06:24:17 am »
The problem with USB is that it's not an interface suitable for advanced network traffic. While it might be enough for basic home or prosumer usage, it's even worse than Realtek PCIe interfaces.
Exactly. Everyone who's buying a $50 piece of network gear would basically be pissed if they could plug a USB gigabit adapter in and find that it works, because it's not "advanced" enough for the truly discerning.

Offline strigona

  • Newbie
  • *
  • Posts: 11
  • Karma: +2/-0
    • View Profile
Re: ESPRESSOBin
« Reply #24 on: February 13, 2018, 11:34:45 am »

Offline Rockford

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: ESPRESSOBin
« Reply #25 on: February 21, 2018, 09:45:10 am »
I found the most recent official driver source code for Linux.

The problem with USB is that it's not an interface suitable for advanced network traffic. While it might be enough for basic home or prosumer usage, it's even worse than Realtek PCIe interfaces.


There are a few things to consider.
1: Performance. Since the EspressoBIN appears to allow only 1Gbit transfers, this means that if transferring data in both directions between a computer on LAN and the WAN, we'll get a maximum throughput of 500 Mbit in each direction.
If adding an USB3.0 GbE interface that can handle at least 500Mbit/sec in each direction, then we'd already get a faster transfer rate in each direction.

2: Security. If somehow the router is rebooted and crashes before U-Boot can change the LAN-WAN bridging, then attackers can freely inject spambots and other nice stuff into the LAN. This will definitely not be possible if a driver is required in order to get data through the WAN port.

... I for one would not be angry if I could add a USB3.0 device and get an extra GbE port.
Though, I really would prefer having a GbE WAN plus a 2.5Gbit Topaz switch instead of having a 1Gbit switch an USB3.0 port (but mainstream probably likes USB3 better than I). I can probably still add up to 4 GbE ports on Mini-PCIe, but the chance of pfSense supporting exactly those cards I pick is pretty slim.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 840
  • Karma: +60/-1
    • View Profile
Re: ESPRESSOBin
« Reply #26 on: February 21, 2018, 09:48:07 am »
I found the most recent official driver source code for Linux.

The problem with USB is that it's not an interface suitable for advanced network traffic. While it might be enough for basic home or prosumer usage, it's even worse than Realtek PCIe interfaces.


There are a few things to consider.
1: Performance. Since the EspressoBIN appears to allow only 1Gbit transfers, this means that if transferring data in both directions between a computer on LAN and the WAN, we'll get a maximum throughput of 500 Mbit in each direction.
If adding an USB3.0 GbE interface that can handle at least 500Mbit/sec in each direction, then we'd already get a faster transfer rate in each direction.

2: Security. If somehow the router is rebooted and crashes before U-Boot can change the LAN-WAN bridging, then attackers can freely inject spambots and other nice stuff into the LAN. This will definitely not be possible if a driver is required in order to get data through the WAN port.

... I for one would not be angry if I could add a USB3.0 device and get an extra GbE port.
Though, I really would prefer having a GbE WAN plus a 2.5Gbit Topaz switch instead of having a 1Gbit switch an USB3.0 port (but mainstream probably likes USB3 better than I). I can probably still add up to 4 GbE ports on Mini-PCIe, but the chance of pfSense supporting exactly those cards I pick is pretty slim.

I don't think anyone would be angry if USB network adapters had the same features and performance as PCIe adapters. Most of the issues stem from the limitations of USB as a bus (i.e. USB traffic costs CPU to get to RAM, PCIe has DMA), and from the manufacturers trying to segment the market, removing certain hardware features (well, mostly turning them off) or limiting stuff in their driver code (i.e. no hardware VLANs or a very small number of queues or queue entries, small buffers in the firmware etc.).

Offline Rockford

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: ESPRESSOBin
« Reply #27 on: Today at 08:25:58 am »
I don't think anyone would be angry if USB network adapters had the same features and performance as PCIe adapters. Most of the issues stem from the limitations of USB as a bus (i.e. USB traffic costs CPU to get to RAM, PCIe has DMA), and from the manufacturers trying to segment the market, removing certain hardware features (well, mostly turning them off) or limiting stuff in their driver code (i.e. no hardware VLANs or a very small number of queues or queue entries, small buffers in the firmware etc.).

Now I understand what @VAMike is saying. ;)
Sure I hate USB - anything USB.
It should never have been "invented".
-But since I now have a board that has this USB3 port, I'd like to exploit it.

If, on the other hand, you think that Mini-PCIe is the way to go with pfSense, I will certainly not stand in your way!
(I just hoped to use Mini-PCIe for an extra 4-port SATA interface).
... However, thinking about it, it's pretty silly having several GbE ports via USB3 and then a total of 11 Gbit SATA available.
The USB3.0 plus the built-in GbE ports wouldn't be able to utilize those speeds anyway.
The built-in SATA can give me 600000000 Bytes per second, where Mini-PCIe can maximum (ideally) give me 500000000 Bytes per second.
So if using one of the GbE ports plus 4 GbE ports on the Mini-PCIe, I think the throughput would be as balanced as it could get.
-Then USB3 could be used for a few (slower) spare harddisks.

Anyway, for my pfSense box, I intend to only run pfSense and a single harddisk (for O/S); no NAS and as little "junk" as possible; stability and performance is much more wanted than a lot of features.
So a bunch of GbE interfaces via Mini-PCIe would still be very appealing to me (even if a Mini-PCIe-to-PCIe breakout cable is necessary).