Challenge: A SFF 6x GbE port machine for a firewall costing under US$300.

RimBlock

Member
Sep 18, 2011
788
8
18
Singapore
Hi,

With the release of the Cisco RV320 (a dual wan vpn small business router) at around US$238, finding a secure affordable router that can handle two internet connections with failover has never been cheaper.

But.....

The very valid point has been made by mrkrad that most of these units just run Linux with custom tools there are very good free software alternatives. All that is needed to use these free versions is a box that will run Linux.

With this in mind, here is the challenge.

To build (spec out or physically build) a small linux machine for under US$300 using new or used parts (not your own stock) to meet the following criteria;
  • 6x full speed gigabit ports (minimum). Putting a PCI-X quad nic in a PCI slot is not valid.
  • Small form factor (mitx type size).
  • Able to run one of the free firewall solutions (your choice which one but a product rather than just Linux with the firewall turned on).
  • Not a unit build for this purpose that someone is selling off cheaply. It is a build from parts not a buy old models cheaply competition. The idea is to try and make the builds repeatable for anyone who may wish to try them out.

Feel free to comment on other peoples designs and be prepared to have them comment on yours.

This is meant to be a fun technical challenge so enjoy. Go serious, go crazy, build a Raspberry Pi cluster if that meets the specs for the price.

RB
 
Last edited:

zer0sum

Active Member
Mar 8, 2013
389
144
43
This is a great challenge, and I look forward to hearing of some other solutions.
Closest I can think of is a unit from Lanner like the FW-6436 which should cost around $300 with memory, hdd and an extra NIC. It's a little over the budget but also a little over spec as you can give it more ports.

The VIA cpu is weak but it will manage basic firewalling easily enough.
If you need high throughput for IPS, VPN, web proxy, etc. then you will need something with a better CPU

  • VIA C7 1.5 GHz on board
  • 1 x SODIMM slot
  • 1 x 2.5" slot for SSD/HDD
  • 1 x Type II CompactFlash
  • 4x Realtek RTL8111E ports built in
  • 2 x PCI slots for expanding network ports
  • Å’1 x Mini-PCI Slot



Another similar option is the Nexcom 1120 which is under $300

  • Atom D525
  • 1 x SODIMM
  • 1 x 2.5" slot for SSD/HDD
  • 1 x Type II CompactFlash
  • 4 x Intel 82583V ports
  • 1 x LAN Bypass pair
  • Å’1 x PCI Slot
  • Å’1 x Mini-PCI Slot
 
Last edited:

Aluminum

Active Member
Sep 7, 2012
431
45
28
modify the challenge imo, you've already set it up to fail

To build (spec out or physically build) a small linux machine for under US$260 using new or used parts (not your own stock) to meet the following criteria;
  • 6x full speed gigabit ports (minimum). Putting a PCI-X quad nic in a PCI slot is not valid.
  • Small form factor (mitx type size).
  • Able to run one of the free firewall solutions (your choice which one but a product rather than just Linux with the firewall turned on).
  • Not a unit build for this purpose that someone is selling off cheaply. It is a build from parts not a buy old models cheaply competition.

Feel free to comment on other peoples designs and be prepared to have them comment on yours.

This is meant to be a fun technical challenge so enjoy. Go serious, go crazy, build a Raspberry Pi cluster if that meets the specs for the price.

RB
At that price point, the routing power is going to suck, sorry to say. At least you upped it to 260 though.

I still wouldn't buy the RV320 if you want to be serious about dual WAN.

Also why 6 ports? The RV320 is NOT a 6 port router, it is at best a 3 port router with a 4 port switch on the LAN side. (would not surprise me if they fake the dual wans somehow)
An 8 port gigabit switch has fallen to nearly $20 these days, so if you are building a router only real ports should count.

FWIW my pcap box is a true 6 port device with 2 onboard and 4 from an i350, ITX in a half height case with a DC power brick, but it ain't cheap, the cpu alone cost more. There are good 6 port pci-e nics with intel chipsets on ebay (3 x 82571EB) but they are full height which bloats the case.

(seven if you count the AR9280 wireless minicard I'm not using yet)

Its VPN performance is in the multi-gigabit range though, for reference the RV320 is a few orders of magnitude less:

Code:
NAT throughput 900 Mbps
IPsec VPN throughput 100 Mbps
SSL VPN throughput 20 Mbps
Concurrent connections 20,000
No OpenVPN support from what I can tell = hell no.

If you don't need extreme VPN speed, a 2.6 Ghz ivy bridge dual core w/o AES-NI is $35 at microcenter and is amazing routing horsepower for the buck. For any DIY router that cares about performance at all, start building from there, ignore all the atom based crap. Atoms suck.
Also I consider devices with onboard realtek chips as not worth getting either, for a DIY x86 router, only intel NIC ports count in my book.

I can envision a micro ATX build for around that price off the top of my head that would run circles around the cisco and be functionally equivalent with 3 actual router ports. The good news is extra ports only cost $30 in pairs and you could probably go up to 9 and stay cheap.
ITX will not happen, the price premium on the boards, cases, powersupply etc is too high. Good quad nics cost a lot more than two duals as well.

Here is a starting point:

Microcenter - in stock prices at one nearest me
$35 Celeron G1610
$90 Intel uATX DH77EB w/ onboard 82579V

Ebay
$30 each Dual Port Intel 82571EB w/ low profile bracket (many dozens for sale at any given moment, these are the "M1015" or "LSI2008" of the lan world)

Remaining parts to find cheap:
$? 2GB DDR3 (or more if its a real good deal)
$? Cheap PSU that won't catch on fire (I am a bit of a powersupply snob, but for good reason)
$? uATX case that isn't hideous
$? Hard drive or thumb drive, depends what you want to do. pfSense can be very happy with a 4GB stick if not doing proxy duty.
 
Last edited:

RimBlock

Member
Sep 18, 2011
788
8
18
Singapore
I will tackle this one first as it would certianly seem to be the most passionate.

At that price point, the routing power is going to suck, sorry to say. At least you upped it to 260 though.
The EBay price, after a quick search, was US$260. I get straight from the distributor locally and there is no SRP hence the difference in pricing from the RV320 thread.

I think we also need to understand the context of the challenge. It is not to find the most cost effective router regardless of cost but to find the best setup at a particular price point, in this case upper desktop / lower small business.

I appreciate there are better solutions available for maybe a bit more but that is not the idea of this challenge. There is no reason it could not be the subject of another challenge though in the future.

I still wouldn't buy the RV320 if you want to be serious about dual WAN.
Sure, so what would you buy at that price point to satisfy the criteria ?.

Also why 6 ports? The RV320 is NOT a 6 port router, it is at best a 3 port router with a 4 port switch on the LAN side. (would not surprise me if they fake the dual wans somehow)
The RV320 is a router that has 6 GbE ports. I made no distinction on whether all six ports were independantly routed, only that it had 6 GbE ports.

A solution with 3 routed ports and a 5 port switch (one routed port would have to go to the switch internally) would be equally valid for this challenge.

FWIW my pcap box is a true 6 port device with 2 onboard and 4 from an i350, ITX in a half height case with a DC power brick, but it ain't cheap, the cpu alone cost more. There are good 6 port pci-e nics with intel chipsets on ebay (3 x 82571EB) but they are full height which bloats the case.
Sure. Maybe we should have a "show us your network device build" thread so everyone can showcase their own builds. I am sure lots of people would be interested and it could generate some great discussions.

Its VPN performance is in the multi-gigabit range though, for the RV320 is a few orders of magnitude less
But they are different products at different price ranges. Hardly a fair comparison.

I can envision a micro ATX build for around that price.
Ok, fair enough. How about we open it up to mITX or MATX with a limit of US$300 to give a bit more breathing room.

To be clear, I am not saying the Cisco RV320 is the best there is at this price point. What I am saying is that it comes at a good price point that people could start looking at DIY builds and which still remains appealing to home users and small businesses alike.

What alternatives can we come up with...

RB
 

RimBlock

Member
Sep 18, 2011
788
8
18
Singapore
silicom 6 port gigabit cards go for like $50-99 used. :) they rock!
Good call. I temember Patricks review a while back on the main site (PEG6I review). I would also imagine this is the one Aluminum was talking about when mentioning a 6 port nic.

This is a great challenge, and I look forward to hearing of some other solutions.
Closest I can think of is a unit from Lanner like the FW-6436 which should cost around $300 with memory, hdd and an extra NIC. It's a little over the budget but also a little over spec as you can give it more ports.

The VIA cpu is weak but it will manage basic firewalling easily enough.
If you need high throughput for IPS, VPN, web proxy, etc. then you will need something with a better CPU

  • VIA C7 1.5 GHz on board
  • 1 x SODIMM slot
  • 1 x 2.5" slot for SSD/HDD
  • 1 x Type II CompactFlash
  • 4x Realtek RTL8111E ports built in
  • 2 x PCI slots for expanding network ports
  • Å’1 x Mini-PCI Slot



Another similar option is the Nexcom 1120 which is under $300

  • Atom D525
  • 1 x SODIMM
  • 1 x 2.5" slot for SSD/HDD
  • 1 x Type II CompactFlash
  • 4 x Intel 82583V ports
  • 1 x LAN Bypass pair
  • Å’1 x PCI Slot
  • Å’1 x Mini-PCI Slot
Good suggestions. Thanks for contributing.

RB
 

BlueLineSwinger

Active Member
Mar 11, 2013
162
61
28
Another direction:

EdgeRouter PoE (~$175)
Yeah, it falls one port short. And the GUI is weak, but that's not so bad if you're OK with a CLI. It's basically a Vyatta branch running on top of Linux. The user community is decent. Not sure how good its VPN performance is. The PoE is a nice bonus.

Or...

EdgeRouter Lite (~$100)
Only 3 ports, but if you already have a VLAN-capable switch it should still be fine in most small installations.
 

Mike

Member
May 29, 2012
482
16
18
EU
Mikrotik is not an unheard of brand in this segment. I like some of their wireless products, but don't have a real use for them.
 

PigLover

Moderator
Jan 26, 2011
2,969
1,280
113
Mikrotik makes really good little routerboards. In fact I use them quite extensively. Their strength is their "routeros" OS and the feature-rich flexability it offers coupled with some of their special-purpose router hardware (little, low power boards with lots of options for WiFi, etc).

However - and even though I love their products - I don't think they really meet the requirements laid out here. Most of their boxes are very limited by their processor and use lower performance NIC chips. They really struggle with handing any significant PPS load. Even their top-of-the-line RB1100 struggles mightily with packet throughput (though their recently announced CCR1036 solves this for them...but the $1,100 price point takes it back out of this game).